Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't remove rdsrv


  • This topic is locked This topic is locked
2 replies to this topic

#1 jane27

jane27

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 15 April 2015 - 07:38 AM

hey there,

4 days ago my laptop got this virus ..which redirects and inject ads on websites..it redirect to rdsrv and injects some videos on different website..where they shouldn't be..-

I ran through every scanner but nothings helping..I flush my dns too..but nothing's helping...I have my scans here..please review these ..
this is FRST.txt scan

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015
Ran by **** (administrator) on SPARKLE on 15-04-2015 17:15:27
Running from C:\
Loaded Profiles: **** (Available profiles: ****)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.6.3\NST.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.6.3\NST.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Tonec Inc.) E:\Internet Download Manager\IDMan.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-09-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-10-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2990784 2012-08-10] (Symantec Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-06] ()
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112856 2014-10-29] (VMware, Inc.)
HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253960 2014-10-14] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\Run: [uTorrent] => C:\Users\****\AppData\Roaming\uTorrent\uTorrent.exe [1443920 2015-04-09] (BitTorrent Inc.)
HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\Run: [IDMan] => E:\Internet Download Manager\IDMan.exe [3540416 2014-03-19] (Tonec Inc.)
HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\Run: [NokiaSuite.exe] => E:\Nokia\Nokia Suite\NokiaSuite.exe [1086376 2012-08-03] (Nokia)
HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\Run: [PC Suite Tray] => E:\Nokia\Nokia PC Suite 7\PCSuite.exe [1483264 2010-12-21] (Nokia)
HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\MountPoints2: {7989b213-38fb-11e4-bf0d-d4fdbb3f1b5e} - "G:\Setup.exe" /Auto
HKU\S-1-5-21-342642988-3338087968-1028205921-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => E:\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> E:\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\java\jre1.8.0_40\bin\ssv.dll [2015-04-10] (Oracle Corporation)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.6.3\coIEPlg.dll [2014-02-07] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-10] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> E:\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.6.3\coIEPlg.dll [2014-02-07] (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2015-04-10] (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.6.3\coIEPlg.dll [2014-02-07] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.6.3\coIEPlg.dll [2014-02-07] (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{1C0FF582-6702-49CE-8766-914F6B30DD1B}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{8B8D1B4A-5E2B-472E-9DC0-6714847732B1}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{F81E6CE6-A2D1-462C-B162-A6039EE235A5}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default
FF SelectedSearchEngine: Yahoo!
FF NetworkProxy: "backup.ftp", "127.0.0.1"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "127.0.0.1"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "127.0.0.1"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> E:\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> E:\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> E:\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-342642988-3338087968-1028205921-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\****\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\searchplugins\enigma-group-search.xml [2015-04-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pandasecuritytb.xml [2014-09-22]
FF Extension: Advanced Cookie Manager - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\cookiemgr@jayapal.com [2014-12-18]
FF Extension: FoxyProxy Basic - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\foxyproxy@eric.h.jung [2015-04-11]
FF Extension: Просмотр HTTP заголовков - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2014-11-10]
FF Extension: Cookies Manager+ - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2014-10-22]
FF Extension: Acunetix Web Scanner - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\acunetixwebscanner@attila.gerendi.xpi [2014-09-01]
FF Extension: Firebug - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\firebug@software.joehewitt.com.xpi [2014-05-05]
FF Extension: FirePHP - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\FirePHPExtension-Build@firephp.org.xpi [2014-07-18]
FF Extension: Firefox Plug-n-Hack - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\jid1-CZ1BeoFM9Mmlzg@jetpack.xpi [2015-04-15]
FF Extension: Website Informer Addon - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\page-informer@web.informer.com.xpi [2014-06-08]
FF Extension: SQL Inject Me - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\sqlime@security.compass.xpi [2014-08-19]
FF Extension: switchproxytype - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\switchproxy@siju.mathew.xpi [2014-06-08]
FF Extension: XSS Me - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\xssme@security.compass.xpi [2014-08-19]
FF Extension: Netcraft Anti-Phishing Toolbar - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\{0e10f3d7-07f6-4f12-97b9-9b27e07139a5}.xpi [2015-04-04]
FF Extension: Session Manager - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-10-26]
FF Extension: Leet Key - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\{3335F91D-2AEF-4097-B831-C96C60349822}.xpi [2015-03-29]
FF Extension: Tamper Data - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2014-06-06]
FF Extension: Modify Headers - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2015-01-10]
FF Extension: Web Developer - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-12-27]
FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-07]
FF Extension: Greasemonkey - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-09-10]
FF Extension: User Agent Switcher - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2014-08-18]
FF Extension: Edit Cookies - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi [2014-10-27]
FF Extension: HackBar - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ppico2do.default\Extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi [2014-08-19]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-02-12]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-02-12]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.6.3\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.6.3\coFFPlgn [2015-04-15]
FF HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\****\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\****\AppData\Roaming\IDM\idmmzcc5 [2015-04-15]
FF HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\****\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR Profile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Live HTTP Headers) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiioopjkcekapmldfgbebdclcnpgnlo [2015-04-15]
CHR Extension: (Modify Headers for Google Chrome™) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\innpjfdalfhpcoinfnehdnbkglpmogdi [2015-04-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (HTTP Headers) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhbpoeinkhpajikalhfpjjafpfgjnmgk [2015-04-15]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-13]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - E:\Internet Download Manager\IDMGCExt.crx [2015-03-12]
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - E:\Internet Download Manager\IDMGCExt.crx [2015-03-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 AIPS; E:\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows ® Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-02-13] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S4 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37384 2014-10-14] (CHENGDU YIWO Tech Development Co., Ltd)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S4 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-06] () [File not signed] <==== ATTENTION
S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-02-10] (Ellora Assets Corp.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-09-29] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-09-29] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.6.3\NST.exe [130104 2014-02-07] (Symantec Corporation)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [623784 2012-10-18] (Sony Corporation)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-08-10] (Symantec Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation) [File not signed]
S4 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-10-29] ()
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-07] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-12-02] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
S3 BthMtpEnum; C:\Windows\system32\DRIVERS\BthMtpEnum.sys [62976 2013-08-22] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00D\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE06060.003\ccSetx64.sys [162392 2013-09-28] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48136 2014-10-14] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 PORTMON; F:\SysinternalsSuite\PORTMSYS.SYS [28656 2015-04-14] (Systems Internals) [File not signed]
R3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2015-03-23] ()
S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-24] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-15] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 ztemtusbser; C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2012-04-05] (ZTEMT Incorporated)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
U4 vsserv; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== Three Months Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-15 17:15 - 2015-04-15 17:15 - 00030396 _____ () C:\FRST.txt
2015-04-15 17:13 - 2015-04-15 17:04 - 02097152 _____ (Farbar) C:\FRST64.exe
2015-04-15 17:08 - 2015-04-15 17:09 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-15 17:08 - 2015-04-15 17:08 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-04-15 17:04 - 2015-04-15 17:15 - 00000000 ____D () C:\FRST
2015-04-15 17:00 - 2015-04-15 17:02 - 00006903 _____ () C:\Users\****\x.log
2015-04-15 17:00 - 2015-04-15 17:00 - 00030601 _____ () C:\Users\****\x.exe
2015-04-15 16:02 - 2015-04-15 16:02 - 00042400 _____ () C:\Users\****\Desktop\scan
2015-04-15 13:16 - 2015-04-15 13:17 - 00000041 _____ () C:\Users\****\Desktop\ipadd.html
2015-04-15 12:52 - 2015-04-15 12:52 - 00000105 _____ () C:\Users\****\Desktop\ipadd.php
2015-04-15 10:19 - 2015-03-14 14:24 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 10:19 - 2015-03-14 07:26 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 10:19 - 2015-03-14 07:26 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 10:19 - 2015-03-14 07:21 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 10:19 - 2015-03-14 07:07 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 10:19 - 2015-03-14 06:44 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 10:19 - 2015-03-14 05:52 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 10:19 - 2015-03-14 05:42 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 10:19 - 2015-03-14 05:42 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 10:19 - 2015-03-14 05:39 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 10:19 - 2015-03-14 05:38 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 10:19 - 2015-03-14 05:38 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 10:19 - 2015-03-14 05:36 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 10:19 - 2015-03-14 05:36 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 10:19 - 2015-03-14 05:32 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 10:19 - 2015-03-14 05:32 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 10:19 - 2015-03-14 05:29 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 10:19 - 2015-03-14 05:29 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 10:10 - 2015-04-15 16:14 - 00000539 _____ () C:\WINDOWS\setupact.log
2015-04-15 10:10 - 2015-04-15 10:10 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-15 09:57 - 2015-03-24 03:29 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 09:57 - 2015-03-24 03:29 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 09:57 - 2015-03-24 03:29 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 09:57 - 2015-03-24 03:28 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 09:57 - 2015-03-24 03:15 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 09:57 - 2015-03-20 09:42 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 09:57 - 2015-03-20 09:40 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 09:57 - 2015-03-20 09:40 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 09:57 - 2015-03-20 08:47 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 09:57 - 2015-03-20 08:11 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 09:57 - 2015-03-20 08:10 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 09:57 - 2015-03-20 07:46 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 09:57 - 2015-03-13 08:28 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 09:57 - 2015-03-13 08:07 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 09:55 - 2015-03-13 10:02 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 09:55 - 2015-03-13 09:38 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 09:55 - 2015-03-13 09:37 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 09:55 - 2015-03-13 09:23 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 09:55 - 2015-03-13 09:20 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 09:55 - 2015-03-13 09:12 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 09:55 - 2015-03-13 08:58 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 09:55 - 2015-03-13 08:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 09:55 - 2015-03-13 08:52 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 09:55 - 2015-03-13 08:47 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 09:55 - 2015-03-13 08:46 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 09:55 - 2015-03-13 08:38 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 09:55 - 2015-03-13 08:37 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 09:55 - 2015-03-13 08:30 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 09:55 - 2015-03-13 08:20 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 09:55 - 2015-03-13 08:19 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 09:55 - 2015-03-13 08:15 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 09:55 - 2015-03-13 08:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 09:55 - 2015-03-13 08:04 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 09:55 - 2015-03-13 08:03 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 09:55 - 2015-03-13 07:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 09:55 - 2015-03-13 07:50 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 09:55 - 2015-03-13 07:46 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 09:55 - 2015-03-13 07:44 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 09:52 - 2015-03-04 15:55 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 09:52 - 2015-03-04 08:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 09:52 - 2015-03-04 07:49 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 09:52 - 2015-02-24 14:02 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-14 18:57 - 2015-04-15 16:14 - 00000000 ____D () C:\AdwCleaner
2015-04-14 18:51 - 2015-04-14 19:05 - 00000579 _____ () C:\WINDOWS\Tasks\RegCure Pro_sch_35EC1A2E-E2A9-11E4-BFA3-0019DE1156B4.job
2015-04-14 18:51 - 2015-04-14 18:51 - 00003990 _____ () C:\WINDOWS\System32\Tasks\RegCure Pro_sch_35EC1A2E-E2A9-11E4-BFA3-0019DE1156B4
2015-04-14 18:41 - 2015-04-14 18:41 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-14 18:41 - 2015-04-14 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-14 16:48 - 2015-04-14 18:41 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2015-04-14 13:07 - 2015-04-14 13:07 - 00287304 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\TrufosAlt.sys
2015-04-14 11:49 - 2015-04-14 11:49 - 00000688 _____ () C:\Users\****\Documents\Desktop - Shortcut.lnk
2015-04-14 11:23 - 2015-04-14 11:23 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-04-14 08:13 - 2015-04-15 14:15 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C1FC2B96-C7D9-4E36-BD97-26CBEC696494}
2015-04-14 08:07 - 2015-04-14 08:07 - 00000085 _____ () C:\WINDOWS\wininit.ini
2015-04-13 19:34 - 2015-04-13 19:34 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2015-04-13 19:33 - 2015-04-14 17:27 - 00000000 ____D () C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2015-04-13 17:05 - 2015-04-13 17:05 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2015-04-13 17:04 - 2015-04-14 08:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-13 13:33 - 2015-03-05 22:21 - 00066740 ____N () C:\barefoot.720p.BluRay.x264.YIFY.srt
2015-04-13 11:03 - 2015-04-13 11:03 - 00000000 _____ () C:\autoexec.bat
2015-04-12 13:32 - 2015-04-12 13:32 - 00000000 ____D () C:\Users\****\Desktop\New folder
2015-04-12 12:42 - 2015-04-12 12:42 - 00000000 ____D () C:\Users\****\Documents\Freedom Fighters
2015-04-12 10:56 - 2015-04-12 11:20 - 00000000 ____D () C:\Users\****\AppData\Roaming\Audacity
2015-04-12 10:56 - 2015-04-12 10:56 - 00000565 _____ () C:\Users\Public\Desktop\Audacity.lnk
2015-04-12 10:56 - 2015-04-12 10:56 - 00000565 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-04-12 09:15 - 2015-04-12 09:23 - 00001088 _____ () C:\Users\****\Desktop\java.htm
2015-04-11 20:23 - 1997-06-06 15:52 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SPORDER.DLL
2015-04-11 08:43 - 2015-04-11 08:47 - 00000000 ____D () C:\ProgramData\Max Secure
2015-04-10 19:16 - 2015-04-10 19:16 - 00000000 ____D () C:\Users\****\AppData\Roaming\.maltego
2015-04-10 19:16 - 2015-04-10 19:16 - 00000000 ____D () C:\Users\****\.netbeans
2015-04-10 19:06 - 2015-04-10 19:06 - 00000000 ____D () C:\Users\****\dsc
2015-04-10 18:58 - 2015-04-12 19:39 - 00000827 _____ () C:\Users\****\Desktop\Sam Spade 1.14.lnk
2015-04-10 18:58 - 2015-04-10 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blighty Design
2015-04-10 18:53 - 2015-04-10 19:06 - 00000000 ____D () C:\Users\****\vw
2015-04-10 18:53 - 2015-04-10 18:53 - 00000000 ____D () C:\Users\****\eMailTrackerPro
2015-04-10 18:53 - 2015-04-10 18:53 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JufSoft
2015-04-10 18:53 - 2015-04-10 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JufSoft
2015-04-10 18:52 - 2015-04-10 18:53 - 00005640 _____ () C:\WINDOWS\SysWOW64\UNWISE.INI
2015-04-10 18:52 - 2000-12-12 12:12 - 00149504 _____ () C:\WINDOWS\SysWOW64\UNWISE.EXE
2015-04-10 18:50 - 2015-04-10 18:50 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paterva
2015-04-10 18:50 - 2015-04-10 18:49 - 00411368 _____ (Sun Microsystems, Inc.) C:\WINDOWS\SysWOW64\deployJava1.dll
2015-04-10 18:50 - 2015-04-10 18:49 - 00153376 _____ (Sun Microsystems, Inc.) C:\WINDOWS\SysWOW64\javaws.exe
2015-04-10 18:50 - 2015-04-10 18:49 - 00145184 _____ (Sun Microsystems, Inc.) C:\WINDOWS\SysWOW64\javaw.exe
2015-04-10 18:50 - 2015-04-10 18:49 - 00145184 _____ (Sun Microsystems, Inc.) C:\WINDOWS\SysWOW64\java.exe
2015-04-10 18:49 - 2015-04-10 18:49 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-10 18:47 - 2015-04-10 18:47 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Domain Research Tool
2015-04-10 18:47 - 2015-04-10 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Domain Research Tool
2015-04-10 18:44 - 2015-04-10 18:44 - 00000000 ____D () C:\Users\****\Documents\Domain Name Analyzer v6
2015-04-10 18:42 - 2015-04-10 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Domain Name Analyzer v6
2015-04-10 18:40 - 2015-04-10 18:40 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-04-10 18:40 - 2015-04-10 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-10 18:30 - 2015-04-10 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftByte Labs
2015-04-10 16:37 - 2015-04-10 16:37 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NeoTrace Pro
2015-04-10 16:37 - 2015-04-10 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoTrace Pro
2015-04-10 16:35 - 2015-04-10 16:35 - 01645434 _____ () C:\Users\****\Downloads\neotrace-pro [1].exe
2015-04-09 13:28 - 2014-11-23 13:13 - 00100439 _____ () C:\Predestination.2014.720p.BluRay.x264.YIFY.srt
2015-04-09 08:49 - 2015-04-09 08:49 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-09 07:49 - 2015-03-23 04:15 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-09 07:49 - 2015-03-23 03:39 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-09 07:49 - 2015-03-23 03:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-09 07:49 - 2015-03-23 03:39 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-09 07:49 - 2015-03-23 03:39 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-09 07:49 - 2015-03-23 03:39 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-09 07:49 - 2015-03-23 03:39 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-09 07:49 - 2014-12-03 04:39 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-09 07:29 - 2015-03-14 13:50 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-09 07:29 - 2015-03-14 13:43 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-09 07:29 - 2015-02-21 05:19 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-05 19:29 - 2015-04-14 17:07 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2015-04-05 13:32 - 2015-04-05 13:32 - 00001943 _____ () C:\Users\Public\Desktop\DOSBox 0.74.lnk
2015-04-05 13:32 - 2015-04-05 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2015-04-05 13:32 - 2015-04-05 13:32 - 00000000 ____D () C:\Program Files (x86)\DOSBox-0.74
2015-04-04 16:48 - 2015-04-04 16:48 - 00089461 _____ () C:\Users\****\Downloads\[kickass.to]hacker.s.ebooks.black.hat.edited.part.1.torrent
2015-04-04 07:36 - 2015-04-04 07:38 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-04 07:36 - 2015-04-04 07:36 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-03 19:12 - 2015-04-03 19:12 - 00001555 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2015-04-03 13:26 - 2015-04-03 13:26 - 00011971 _____ () C:\Users\****\Downloads\Linux1_64 (1).o
2015-04-03 12:01 - 2015-04-03 12:01 - 00008182 _____ () C:\Users\****\Downloads\Predestination (2014) [720p] YIFY - YTS.torrent
2015-04-02 20:06 - 2015-04-02 20:13 - 21553700 _____ () C:\Users\****\Downloads\NuMegaSmartCheck6.2.rar
2015-04-02 19:13 - 2015-04-02 19:13 - 00000495 _____ () C:\Users\****\Desktop\Hex Editor Neo.lnk
2015-04-02 19:13 - 2015-04-02 19:13 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HHD Hex Editor Neo
2015-04-02 12:41 - 2015-04-02 09:10 - 00069766 _____ () C:\The Mothman Prophecies (2002) [DVDRip.DivX3LM-DiAMOND].srt
2015-04-01 18:08 - 2015-04-01 18:14 - 00105417 _____ () C:\Users\****\Downloads\setup-x86_64.exe
2015-04-01 14:22 - 2014-09-09 03:36 - 00051184 _____ () C:\The.Mechanic.2011.1080p-720p.BluRay.x264.YIFY.Eng.srt
2015-04-01 10:07 - 2015-04-01 10:14 - 08706281 _____ () C:\CISSP-Powerpoints.zip
2015-03-31 17:21 - 2011-12-11 15:53 - 00000000 ____D () C:\john179
2015-03-28 17:45 - 2015-03-28 17:46 - 00000113 _____ () C:\Users\****\Documents\steel.php
2015-03-28 16:48 - 2015-03-28 16:48 - 00523823 _____ () C:\Users\****\Downloads\PHP_LFI.pptx
2015-03-28 11:47 - 2015-03-28 11:47 - 00000000 _____ () C:\Users\****\Downloads\yahoo_contacts.vcf
2015-03-28 11:47 - 2015-03-28 11:47 - 00000000 _____ () C:\Users\****\Downloads\yahoo_contacts (1).vcf
2015-03-28 11:44 - 2015-03-28 11:44 - 00000679 _____ () C:\Users\****\Downloads\yahoo_contacts (4).csv
2015-03-28 11:44 - 2015-03-28 11:44 - 00000679 _____ () C:\Users\****\Downloads\yahoo_contacts (3).csv
2015-03-28 11:41 - 2015-03-28 11:41 - 00000679 _____ () C:\Users\****\Downloads\yahoo_contacts (2).csv
2015-03-28 11:41 - 2015-03-28 11:41 - 00000679 _____ () C:\Users\****\Downloads\yahoo_contacts (1).csv
2015-03-28 11:34 - 2015-03-28 11:35 - 00000679 _____ () C:\Users\****\Downloads\yahoo_contacts.csv
2015-03-25 18:36 - 2015-03-25 18:36 - 00037874 _____ () C:\Users\****\Downloads\index (1).html
2015-03-24 12:51 - 2015-03-24 12:51 - 00055208 _____ () C:\Users\****\Downloads\Log in.html
2015-03-23 16:20 - 2015-03-23 16:20 - 00003128 _____ () C:\WINDOWS\System32\Tasks\USER_ESRV_SVC
2015-03-23 16:19 - 2015-03-23 16:19 - 00002073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care (Desktop).lnk
2015-03-23 16:19 - 2015-03-23 16:19 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2015-03-23 16:12 - 2014-06-17 16:44 - 00873688 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2015-03-23 16:12 - 2014-06-17 16:44 - 00073800 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2015-03-20 18:10 - 2014-10-29 15:01 - 00931032 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll
2015-03-20 18:10 - 2014-10-29 15:01 - 00437976 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
2015-03-20 18:10 - 2014-10-29 15:01 - 00359128 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
2015-03-20 18:10 - 2014-10-29 15:01 - 00031448 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetuserif.sys
2015-03-20 17:06 - 2015-03-20 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2015-03-20 16:51 - 2015-04-15 16:26 - 00000000 ____D () C:\Users\****\OWASP ZAP
2015-03-20 16:50 - 2015-03-20 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OWASP
2015-03-18 12:55 - 2015-03-18 12:55 - 00040250 _____ () C:\Users\****\Downloads\10k most common.zip
2015-03-17 13:22 - 2015-03-17 13:22 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-03-15 13:59 - 2015-03-15 13:59 - 00047873 _____ () C:\Users\****\Documents\the-ghost-writer-english-yify-1962.zip
2015-03-15 13:59 - 2013-12-03 01:18 - 00123088 ____N () C:\Users\****\Documents\the-ghost-writer-yify-english.srt
2015-03-15 11:57 - 2015-03-15 11:58 - 00099025 _____ () C:\Users\****\Downloads\1_jewel_mania_halloween.apk
2015-03-13 11:14 - 2015-03-13 11:14 - 00014144 _____ () C:\Users\****\Downloads\[kickass.to]the.girl.who.played.with.fire.2009.720p.brrip.ali.baloch.silver.rg.torrent
2015-03-13 11:05 - 2015-03-13 11:05 - 00016074 _____ () C:\Users\****\Downloads\84B4D8A6DEB37703065DCB53A7019313D9858D21.torrent
2015-03-13 11:05 - 2015-03-13 11:05 - 00008215 _____ () C:\Users\****\Downloads\704C142E21D341CDD160144C77205911AA3FD8B5.torrent
2015-03-13 10:51 - 2015-03-13 10:52 - 00013956 _____ () C:\Users\****\Downloads\F2CD08296A3214FDB1A477AF36EAC66620310FE8.torrent
2015-03-13 10:50 - 2015-03-13 10:50 - 00017840 _____ () C:\Users\****\Downloads\A9C35F07BF9D650054D0EDE786C00A76560D6A02.torrent
2015-03-12 19:11 - 2015-03-12 19:12 - 02171904 _____ () C:\Users\****\Downloads\psj06johns-e.ppt
2015-03-12 19:11 - 2015-03-12 19:11 - 00493568 _____ () C:\Users\****\Downloads\UGF9900_Huff-UGF9900--top-10-web-security-vulnerabilities.ppt
2015-03-12 19:03 - 2015-03-12 19:03 - 00269312 _____ () C:\Users\****\Downloads\2_OWASP_Egypt_12_4_2014_Fady_Othman.ppt
2015-03-12 18:38 - 2015-03-13 10:18 - 00736937 _____ () C:\Users\****\Desktop\chhrist2.psd
2015-03-12 16:11 - 2015-03-12 16:11 - 00252653 _____ () C:\Users\****\Downloads\ncEE9GoRi-
2015-03-12 13:45 - 2015-03-12 13:54 - 00188352 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2015-03-12 13:00 - 2015-03-12 13:00 - 00000786 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2015-03-12 13:00 - 2015-03-12 13:00 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-03-12 12:59 - 2015-03-12 12:59 - 00000731 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2015-03-12 12:58 - 2015-03-12 12:58 - 00000756 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2015-03-12 12:57 - 2015-03-12 12:57 - 00000703 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2015-03-12 12:51 - 2015-03-12 12:51 - 00000851 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2015-03-12 12:50 - 2015-03-12 12:50 - 00001552 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2015-03-12 12:48 - 2015-03-12 13:00 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-03-11 18:33 - 2015-02-04 05:28 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-11 18:33 - 2015-02-04 05:28 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-11 18:33 - 2015-02-04 05:28 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-11 18:25 - 2015-02-06 01:54 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-11 18:25 - 2015-01-30 08:31 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-11 18:25 - 2015-01-30 08:30 - 00167424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-03-10 19:14 - 2015-03-12 11:03 - 00520281 _____ () C:\Users\****\Downloads\ROLE OF ETHICS IN SPORTS (1).pptx
2015-03-10 19:14 - 2015-03-10 19:14 - 00545523 _____ () C:\Users\****\Downloads\ROLE OF ETHICS IN SPORTS.pptx
2015-03-09 20:10 - 2015-03-09 20:10 - 00070688 _____ () C:\Users\****\Downloads\Drive increaser.rar
2015-03-09 18:51 - 2015-03-09 18:51 - 00002558 _____ () C:\Users\****\Documents\d3fAc3 protected.pfx
2015-03-09 12:44 - 2015-03-09 12:44 - 00000513 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-09 12:13 - 2015-03-09 12:13 - 00000000 ____D () C:\ProgramData\HTC
2015-03-09 09:00 - 2015-03-09 09:00 - 00009242 _____ () C:\Users\****\Downloads\[kickass.to]birdman.2014.720p.brrip.x264.yify.torrent
2015-03-09 08:36 - 2015-03-09 08:36 - 00247296 _____ () C:\Users\****\Downloads\ModuleDLesson3.ppt
2015-03-09 08:36 - 2015-03-09 08:36 - 00105472 _____ () C:\Users\****\Downloads\IHSA-Ethical_Considerations_in_Training_and_Competition.ppt
2015-03-09 08:23 - 2015-03-09 08:25 - 03366912 _____ () C:\Users\****\Downloads\Sports Ethics.ppt
2015-03-08 22:55 - 2015-03-08 22:55 - 00015904 _____ () C:\Users\****\Downloads\7A108736D5793B8CD6CF8195DAF0002E7F0E26FD.torrent
2015-03-08 22:53 - 2015-03-08 22:53 - 00016052 _____ () C:\Users\****\Downloads\7E1922F7084FB8E5D33297E5C06B94C4CE1B1B52.torrent
2015-03-08 10:31 - 2015-03-03 06:09 - 00000000 ____D () C:\Users\****\Downloads\wpscanteam-wpscan-aed74e0
2015-03-08 09:28 - 2015-03-08 09:28 - 00809212 _____ () C:\Users\****\Downloads\wpscanteam-wpscan-2.6-54-gaed74e0.zip
2015-03-06 19:53 - 2015-03-06 19:54 - 00006493 _____ () C:\Users\****\Downloads\htpasswd.tgz
2015-03-06 19:51 - 2015-03-06 19:51 - 00000026 _____ () C:\Users\****\Downloads\htpasswd
2015-03-05 19:53 - 2015-03-05 19:53 - 00000924 _____ () C:\Users\****\Downloads\18126 (1).txt
2015-03-05 19:50 - 2015-03-05 19:50 - 00000924 _____ () C:\Users\****\Downloads\18126.txt
2015-03-04 13:29 - 2015-03-04 13:29 - 00000074 _____ () C:\Users\****\Downloads\download
2015-03-04 12:09 - 2015-03-04 12:09 - 00002733 _____ () C:\Users\****\Downloads\jokerGirl.html
2015-03-02 13:23 - 2015-03-02 13:23 - 00005958 _____ () C:\Users\****\Desktop\1258095767.txt
2015-03-01 19:07 - 2015-03-01 19:07 - 00000591 _____ () C:\Users\****\Downloads\error_log
2015-03-01 18:59 - 2015-03-01 18:59 - 00000028 _____ () C:\Users\****\Downloads\index (1).php
2015-03-01 12:36 - 2015-03-01 12:36 - 00439591 _____ () C:\Users\****\Downloads\Beautiful_Bastard.epub
2015-02-27 20:33 - 2015-02-27 20:33 - 00000268 _____ () C:\Users\****\Downloads\user-edit.php
2015-02-27 20:32 - 2015-02-27 20:32 - 00000841 _____ () C:\Users\****\Downloads\admin.php
2015-02-27 20:30 - 2015-02-27 20:31 - 00033435 _____ () C:\Users\****\Downloads\wp-login.php
2015-02-27 16:49 - 2015-02-27 16:49 - 00386047 _____ () C:\Users\****\Downloads\TheCritiqueofPracticalReason by Immanuel Kant.txt
2015-02-27 08:55 - 2015-02-27 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2015-02-27 08:55 - 2015-02-27 08:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-02-26 22:44 - 2015-02-26 22:45 - 00431127 _____ () C:\Users\****\Downloads\Trust Me, I'm Lying - Mary Elizabeth Summer.epub
2015-02-26 22:21 - 2015-02-26 22:21 - 00188928 _____ () C:\Users\****\Downloads\EMAIL.xls
2015-02-25 17:36 - 2015-02-25 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnrealIRCd
2015-02-25 17:26 - 2015-02-25 17:27 - 01742219 _____ (UnrealIRCd Team ) C:\Users\****\Downloads\Unreal3.2.10.4.exe
2015-02-21 18:08 - 2015-02-21 18:08 - 00001685 _____ () C:\Users\****\Downloads\index.html
2015-02-20 10:37 - 2015-02-20 10:37 - 00000232 _____ () C:\Users\****\Downloads\backdoor (1).php
2015-02-19 18:42 - 2015-02-19 18:42 - 00001104 _____ () C:\Users\****\Downloads\download.txt
2015-02-19 11:44 - 2015-02-19 11:44 - 00708096 _____ () C:\Users\****\Downloads\Chandigarh 2012-IInd Group.xls
2015-02-19 11:43 - 2015-02-19 11:44 - 00174592 _____ () C:\Users\****\Downloads\CTS_hyderabad_data.xls
2015-02-19 11:43 - 2015-02-19 11:44 - 00152064 _____ () C:\Users\****\Downloads\infosys_nellore.xls
2015-02-19 10:57 - 2015-02-19 10:57 - 00001933 _____ () C:\Users\Public\Desktop\Email Extractor.lnk
2015-02-19 10:57 - 2015-02-19 10:57 - 00000000 ____D () C:\Users\****\AppData\Roaming\WebProSoftware
2015-02-19 10:57 - 2015-02-19 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Email Extractor
2015-02-19 10:56 - 2015-02-19 10:57 - 00000000 __HDC () C:\ProgramData\{D2F7B5EC-7B66-448E-8C55-04557B5D558E}
2015-02-19 08:31 - 2015-02-19 08:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uplink
2015-02-18 19:35 - 2015-02-18 19:35 - 00000246 _____ () C:\Users\****\Downloads\backdoor.php
2015-02-18 11:24 - 2015-02-18 11:26 - 06718759 _____ () C:\Users\****\Downloads\wordpress-4.1.zip
2015-02-17 10:58 - 2015-02-17 11:07 - 34324222 _____ () C:\Users\****\Downloads\torbrowser-install-4.0.3_en-US (1).exe
2015-02-16 21:00 - 2015-02-16 21:00 - 00025394 _____ () C:\Users\****\Downloads\hydra-4.6-palm.zip
2015-02-12 20:21 - 2015-02-12 20:21 - 00011563 _____ () C:\Users\****\Desktop\Technical Writer.xlsx
2015-02-12 20:19 - 2015-02-13 23:32 - 00011500 _____ () C:\Users\****\Desktop\Tech Lead Status.xlsx
2015-02-12 19:12 - 2015-02-12 19:47 - 00011119 _____ () C:\Users\****\Downloads\Relevant Candidate.xlsx
2015-02-11 08:52 - 2015-01-16 04:13 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 08:52 - 2015-01-16 04:13 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-09 20:13 - 2015-02-09 20:13 - 00001065 _____ () C:\Users\****\Downloads\7587.txt
2015-02-09 17:06 - 2015-02-09 17:06 - 00014336 _____ () C:\Users\****\Downloads\en-GB.ini
2015-02-07 17:01 - 2015-02-07 17:01 - 00008043 _____ () C:\Users\****\Downloads\download (1).htm
2015-02-06 16:28 - 2015-02-06 16:28 - 00011971 _____ () C:\Users\****\Downloads\Linux1_64.o
2015-02-03 20:47 - 2015-02-03 20:47 - 00000000 ____D () C:\Users\****\AppData\Local\Intel
2015-02-03 20:44 - 2015-02-03 20:44 - 00001195 _____ () C:\Users\Public\Desktop\Intel® Driver Update Utility 2.0.lnk
2015-02-03 20:44 - 2015-02-03 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-02-03 15:43 - 2014-10-29 09:29 - 00014144 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swenum.sys
2015-02-03 15:43 - 2014-10-29 09:28 - 00014528 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys
2015-02-03 15:43 - 2014-09-25 09:12 - 00373568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-02-03 15:42 - 2014-10-15 14:02 - 02025792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-02-03 15:41 - 2014-10-29 09:27 - 01552704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-02-03 15:41 - 2014-10-29 09:27 - 00389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-02-03 15:41 - 2014-10-07 12:14 - 00533824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2015-02-03 15:40 - 2014-10-29 09:29 - 00415040 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2015-02-03 15:40 - 2014-10-29 08:16 - 00559104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2015-02-03 15:40 - 2014-10-15 14:02 - 00337728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2015-02-03 15:40 - 2014-10-08 13:03 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2015-02-03 15:40 - 2014-10-08 13:02 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-02-03 15:40 - 2014-09-27 10:29 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-02-03 15:39 - 2014-10-29 08:16 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2015-02-03 15:39 - 2014-10-29 08:16 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2015-02-03 15:39 - 2014-10-29 08:15 - 01198080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-02-03 15:39 - 2014-10-08 14:54 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-02-03 15:39 - 2014-08-26 09:00 - 00354112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2015-02-03 15:38 - 2014-10-29 09:26 - 00089368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2015-02-03 15:38 - 2014-10-29 09:22 - 00100672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2015-02-03 15:38 - 2014-10-29 08:17 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys
2015-02-03 15:38 - 2014-10-29 08:16 - 00272384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-02-03 15:38 - 2014-10-29 08:15 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2015-02-03 15:38 - 2014-10-29 08:15 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2015-02-03 15:38 - 2014-10-29 08:15 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rassstp.sys
2015-02-03 15:38 - 2014-10-15 14:02 - 00921920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2015-02-03 15:38 - 2014-10-15 14:02 - 00088896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2015-02-03 15:38 - 2014-10-15 14:02 - 00061248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2015-02-03 15:38 - 2014-10-07 12:14 - 00102208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-02-03 15:37 - 2014-10-29 09:43 - 00021824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tbs.sys
2015-02-03 15:37 - 2014-10-29 09:39 - 00033600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-02-03 15:37 - 2014-10-29 09:27 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-02-03 15:37 - 2014-10-29 09:26 - 00097048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2015-02-03 15:37 - 2014-10-29 09:26 - 00061208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2015-02-03 15:37 - 2014-10-29 09:26 - 00049944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys
2015-02-03 15:37 - 2014-10-29 09:26 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-02-03 15:37 - 2014-10-29 08:17 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2015-02-03 15:37 - 2014-10-29 08:16 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc63.sys
2015-02-03 15:37 - 2014-10-29 08:16 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2015-02-03 15:37 - 2014-10-29 08:16 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2015-02-03 15:37 - 2014-10-29 08:15 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2015-02-03 15:37 - 2014-10-29 08:15 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2015-02-03 15:37 - 2014-10-29 08:15 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2015-02-03 15:37 - 2014-10-07 12:24 - 00324928 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-02-03 15:37 - 2014-10-07 12:24 - 00189248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2015-02-03 15:37 - 2014-10-07 12:14 - 00069952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2015-02-03 15:37 - 2014-06-21 13:03 - 00212736 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2015-02-03 15:36 - 2014-10-29 08:18 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys
2015-02-03 15:36 - 2014-10-29 08:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2015-02-03 15:36 - 2014-10-29 08:17 - 00098304 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcir.sys
2015-02-03 15:36 - 2014-10-29 08:17 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\qwavedrv.sys
2015-02-03 15:36 - 2014-10-29 08:16 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2015-02-03 15:36 - 2014-10-29 08:16 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-02-03 15:36 - 2014-10-29 08:16 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2015-02-03 15:36 - 2014-10-29 08:16 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiscap.sys
2015-02-03 15:36 - 2014-10-29 08:16 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2015-02-03 15:36 - 2014-10-29 08:16 - 00029696 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\TsUsbGD.sys
2015-02-03 15:36 - 2014-10-29 08:15 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-02-03 15:36 - 2014-10-29 08:15 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2015-02-03 15:36 - 2014-10-29 08:15 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mslldp.sys
2015-02-03 10:03 - 2015-02-03 10:03 - 00019603 _____ () C:\Users\****\Downloads\[kickass.so]duplicity.2009.1080p.brrip.x264.yify.torrent
2015-01-31 18:16 - 2015-01-31 18:16 - 00000658 _____ () C:\Users\****\dont marry.txt
2015-01-31 16:23 - 2015-01-31 17:41 - 00013957 _____ () C:\Users\****\Downloads\Book3.xlsx
2015-01-31 16:23 - 2015-01-31 17:39 - 00014967 _____ () C:\Users\****\Downloads\Book1.xlsx
2015-01-29 17:30 - 2015-02-02 17:28 - 00000000 ____D () C:\Users\****\Desktop\wp-config_files
2015-01-29 08:20 - 2015-01-29 08:20 - 00030240 _____ () C:\Users\****\Downloads\index.php
2015-01-29 08:18 - 2015-01-29 08:18 - 00002987 _____ () C:\Users\****\Downloads\8YXD.htm
2015-01-29 08:17 - 2015-01-29 08:17 - 00016629 _____ () C:\Users\****\Downloads\hell-yeah-rev-theory-mp3-download.html
2015-01-28 10:42 - 2015-01-28 10:43 - 00019038 _____ () C:\Users\****\Downloads\89A93628B9A8343203525D444AD7FFEDECA6DCFE.torrent
2015-01-27 22:19 - 2015-01-27 22:19 - 00011470 _____ () C:\Users\****\Desktop\Leave  Format.xlsx
2015-01-27 21:48 - 2015-01-27 22:18 - 00011472 _____ () C:\Users\****\Downloads\Leave Format.xlsx
2015-01-27 12:42 - 2015-01-27 12:42 - 00001328 _____ () C:\Users\****\cpanel.txt
2015-01-26 10:52 - 2015-01-26 10:52 - 00000053 _____ () C:\Users\****\Downloads\google810830897e7fa122 (2).html
2015-01-25 10:40 - 2015-01-25 10:41 - 00000246 _____ () C:\Users\****\Desktop\backdoor.php
2015-01-24 16:07 - 2015-01-24 16:07 - 00002792 _____ () C:\Users\****\Downloads\99811.torrent
2015-01-24 13:41 - 2015-01-24 13:41 - 00083578 _____ () C:\Users\****\Downloads\UplinkBoBCodeCard.7z
2015-01-23 21:06 - 2015-01-23 21:07 - 00000549 _____ () C:\Users\****\Downloads\oebs_list.htm
2015-01-23 19:59 - 2015-01-23 19:59 - 00257618 _____ () C:\Users\****\Downloads\social-media-auto-publish.1.3.2.zip
2015-01-23 19:13 - 2015-01-23 19:13 - 01281376 _____ () C:\Users\****\Downloads\social-media-share-widget.zip
2015-01-23 19:10 - 2015-01-23 19:11 - 02166259 _____ () C:\Users\****\Downloads\viral-social-media-buttons-by-up.zip
2015-01-23 19:05 - 2015-01-23 19:06 - 01119060 _____ () C:\Users\****\Downloads\squirrly-seo.zip
2015-01-23 19:00 - 2015-01-23 19:00 - 00618958 _____ () C:\Users\****\Downloads\network-publisher.6.0.zip
2015-01-23 18:58 - 2015-01-23 18:58 - 00871856 _____ () C:\Users\****\Downloads\share-this.zip
2015-01-23 18:36 - 2015-01-23 18:36 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-01-23 18:36 - 2015-01-23 18:36 - 00000847 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-23 18:36 - 2015-01-23 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-23 18:32 - 2015-01-23 18:32 - 00018124 _____ () C:\Users\****\Downloads\[kickass.so]the.prestige.2006.720p.bluray.x264.anoxmous.torrent
2015-01-22 16:35 - 2015-01-22 16:35 - 00726024 _____ () C:\Users\****\Downloads\sela-wpcom-1-0.zip
2015-01-22 16:18 - 2015-01-22 16:18 - 00018013 _____ () C:\Users\****\Downloads\feelingelite.wordpress.2015-01-22.xml
2015-01-22 11:07 - 2015-01-22 11:07 - 01244405 _____ () C:\Users\****\Desktop\cream.php
2015-01-22 10:02 - 2015-01-22 10:02 - 00000872 _____ () C:\Users\****\Desktop\µTorrent.lnk
2015-01-21 08:22 - 2015-01-21 08:24 - 00000000 ____D () C:\Users\****\AppData\Roaming\WiseUpdate
2015-01-21 07:01 - 2015-01-21 07:01 - 00681688 _____ (Inventec ) C:\WINDOWS\system32\Drivers\rtlh64.sys
2015-01-17 18:14 - 2015-04-14 17:10 - 00000358 _____ () C:\WINDOWS\Tasks\Wise Turbo Checker.job
2015-01-17 18:14 - 2015-04-14 09:57 - 00003008 _____ () C:\WINDOWS\System32\Tasks\Wise Turbo Checker
2015-01-16 20:40 - 2015-01-16 20:40 - 00000000 ____D () C:\Users\****\.areca
2015-01-15 20:10 - 2015-02-23 11:26 - 00000000 ____D () C:\Users\****\workspace
2015-01-15 20:10 - 2015-02-23 11:17 - 00000000 ____D () C:\Users\****\AppData\Local\Eclipse
2015-01-15 20:09 - 2015-02-23 11:16 - 00000000 ____D () C:\Users\****\Desktop\eclipse
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-15 17:05 - 2014-02-01 20:00 - 00000938 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-342642988-3338087968-1028205921-1002UA.job
2015-04-15 17:05 - 2013-12-13 18:29 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-342642988-3338087968-1028205921-1002
2015-04-15 17:00 - 2014-02-12 14:33 - 00000000 ____D () C:\Users\****
2015-04-15 16:58 - 2014-04-26 18:08 - 00000000 ____D () C:\Users\****\AppData\Roaming\VMware
2015-04-15 16:58 - 2014-04-26 18:08 - 00000000 ____D () C:\Users\****\AppData\Local\VMware
2015-04-15 16:57 - 2014-02-01 10:04 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-342642988-3338087968-1028205921-1002UA.job
2015-04-15 16:45 - 2014-11-12 07:13 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-15 16:32 - 2013-08-22 21:06 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-15 16:21 - 2013-11-14 12:59 - 00960840 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-15 16:17 - 2015-01-23 18:45 - 01659406 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-15 16:17 - 2014-09-10 17:32 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-15 16:17 - 2013-12-13 21:36 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-15 16:16 - 2014-03-04 17:58 - 00000000 ___DO () C:\Users\****\SkyDrive
2015-04-15 16:15 - 2014-10-20 22:24 - 00000438 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-04-15 16:15 - 2014-05-01 18:21 - 00000274 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2015-04-15 16:15 - 2014-04-26 18:01 - 00000000 ____D () C:\ProgramData\VMware
2015-04-15 16:15 - 2013-12-13 21:36 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-15 16:15 - 2013-08-22 20:15 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-15 16:02 - 2013-12-15 20:44 - 00000000 ____D () C:\Users\****\AppData\Roaming\DMCache
2015-04-15 16:02 - 2013-12-14 12:42 - 00000000 ____D () C:\Users\****\AppData\Roaming\uTorrent
2015-04-15 16:01 - 2013-12-16 21:28 - 00000000 ____D () C:\Users\****\AppData\Roaming\vlc
2015-04-15 11:50 - 2014-03-27 21:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 11:50 - 2013-12-21 12:07 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 11:49 - 2013-08-22 21:06 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-15 11:41 - 2013-08-22 18:55 - 00000167 _____ () C:\WINDOWS\win.ini
2015-04-15 11:41 - 2012-07-26 13:29 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-15 10:41 - 2014-03-22 18:01 - 00000000 ____D () C:\Users\****\AppData\Roaming\IDM
2015-04-15 10:01 - 2013-12-14 09:43 - 00000000 ____D () C:\Users\****\AppData\Local\CrashDumps
2015-04-14 23:53 - 2014-11-12 07:13 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-14 20:05 - 2014-02-01 20:00 - 00000916 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-342642988-3338087968-1028205921-1002Core.job
2015-04-14 19:41 - 2012-07-26 13:42 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-04-14 18:57 - 2014-02-01 10:04 - 00000866 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-342642988-3338087968-1028205921-1002Core.job
2015-04-14 17:11 - 2014-08-22 08:53 - 00000000 ____D () C:\Users\****\AppData\Roaming\Atheros
2015-04-14 17:07 - 2015-03-09 12:13 - 00000000 ____D () C:\Temp
2015-04-14 17:07 - 2015-01-30 20:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-14 17:07 - 2014-09-27 11:43 - 00000000 ____D () C:\Users\****\.VirtualBox
2015-04-14 17:07 - 2012-08-03 07:49 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-04-14 17:07 - 2012-08-03 07:47 - 00000000 ____D () C:\ProgramData\install_clap
2015-04-14 11:55 - 2013-12-13 18:29 - 00000000 ____D () C:\Users\****\Documents\Bluetooth Folder
2015-04-14 08:08 - 2014-08-24 14:20 - 00000000 ____D () C:\Program Files\SecurityKISS Tunnel
2015-04-13 20:25 - 2014-02-01 09:53 - 00000000 ____D () C:\Users\****\AppData\Local\cache
2015-04-13 13:29 - 2014-05-05 18:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-13 12:26 - 2013-08-22 21:06 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-11 14:56 - 2014-09-30 19:03 - 00000000 ____D () C:\Users\****\Desktop\tabphis
2015-04-11 14:37 - 2013-08-22 20:14 - 05125808 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-10 18:39 - 2014-04-21 18:49 - 00000000 ____D () C:\Program Files\java
2015-04-10 16:40 - 2013-08-22 21:06 - 00000000 ____D () C:\WINDOWS\System
2015-04-10 10:20 - 2014-02-16 12:06 - 00000000 ____D () C:\Users\****\Desktop\Bloggers
2015-04-10 10:14 - 2014-07-07 09:34 - 00000000 ___HD () C:\Users\****\Desktop\.picasaoriginals
2015-04-10 08:18 - 2013-08-22 21:06 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-09 13:29 - 2014-02-26 20:38 - 00000000 ____D () C:\WINDOWS\Minidump
2015-04-09 08:56 - 2014-09-15 20:24 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-04-09 08:52 - 2013-08-22 18:55 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-09 08:49 - 2015-02-03 16:17 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-06 18:27 - 2014-12-18 19:03 - 00000000 ____D () C:\Users\****\AppData\Local\CyberGhost
2015-04-05 12:51 - 2014-09-16 18:57 - 00002588 _____ () C:\Users\****\advanced_ip_scanner_MAC.bin
2015-04-03 23:29 - 2014-03-06 13:03 - 00000000 ____D () C:\Users\****\Desktop\JOBS APPLIED
2015-04-03 19:13 - 2014-09-19 11:32 - 00000000 ____D () C:\Program Files\Wireshark
2015-04-02 19:13 - 2014-08-09 10:58 - 00000000 __SHD () C:\Users\Public\DRM
2015-04-01 17:47 - 2013-08-22 21:06 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-04-01 11:16 - 2013-12-21 12:07 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-28 21:54 - 2013-12-20 10:59 - 00000000 ____D () C:\Users\****\Desktop\smu sample papers
2015-03-28 20:19 - 2014-04-21 18:34 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-28 11:48 - 2014-03-28 11:29 - 00000000 ____D () C:\Users\****\Documents\Outlook Files
2015-03-28 10:50 - 2014-08-16 11:09 - 00000000 ____D () C:\Users\****\.zenmap
2015-03-24 07:35 - 2013-12-15 22:22 - 00000000 ____D () C:\Update
2015-03-23 16:19 - 2012-07-26 08:41 - 00000000 ____D () C:\Program Files\Sony
2015-03-23 16:17 - 2014-07-24 22:04 - 00013792 _____ () C:\WINDOWS\system32\Drivers\semav6thermal64ro.sys
2015-03-23 16:13 - 2012-08-03 07:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-23 16:12 - 2012-08-03 07:21 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-03-17 13:22 - 2014-08-08 12:30 - 00000000 ____D () C:\Users\****\AppData\Roaming\Notepad++
 
==================== Files in the root of some directories =======
 
2014-10-22 18:50 - 2014-10-22 18:50 - 0000268 ___RH () C:\Users\****\AppData\Roaming\Fonts
2014-10-22 18:51 - 2014-10-22 18:51 - 0000268 ___RH () C:\Users\****\AppData\Roaming\Framework
2014-10-22 18:50 - 2014-10-22 18:50 - 0000268 ___RH () C:\Users\****\AppData\Roaming\Frameworks
2015-04-14 13:31 - 2015-04-14 18:52 - 0000115 _____ () C:\Users\****\AppData\Roaming\LogFile.txt
2014-10-29 22:56 - 2014-10-29 22:56 - 0000218 _____ () C:\Users\****\AppData\Local\recently-used.xbel
2014-03-24 21:43 - 2014-05-02 11:40 - 0007606 _____ () C:\Users\****\AppData\Local\Resmon.ResmonCfg
2013-12-14 09:29 - 2013-12-14 11:38 - 0001600 _____ () C:\ProgramData\1386993543.1308.bin
2013-12-14 09:29 - 2013-12-14 09:29 - 0015338 _____ () C:\ProgramData\1386993543.1688.bin
2013-12-14 09:29 - 2013-12-14 09:46 - 0006051 _____ () C:\ProgramData\1386993543.2036.bin
2013-12-14 09:29 - 2013-12-14 09:46 - 0133225 _____ () C:\ProgramData\1386993543.2316.bin
2013-12-14 09:29 - 2013-12-14 09:46 - 0003005 _____ () C:\ProgramData\1386993543.2584.bin
2013-12-14 09:29 - 2013-12-14 09:29 - 0007746 _____ () C:\ProgramData\1386993543.288.bin
2013-12-14 09:46 - 2013-12-14 09:46 - 0047862 _____ () C:\ProgramData\1386993543.3032.bin
2013-12-14 09:29 - 2013-12-14 09:46 - 0093069 _____ () C:\ProgramData\1386993543.3464.bin
2013-12-14 09:29 - 2013-12-14 09:46 - 0000991 _____ () C:\ProgramData\1386993543.4780.bin
2013-12-14 09:29 - 2013-12-14 11:38 - 0000739 _____ () C:\ProgramData\1386993543.6044.bin
2013-12-14 09:29 - 2013-12-14 11:38 - 0000738 _____ () C:\ProgramData\1386993543.916.bin
2013-12-14 12:50 - 2013-12-14 12:50 - 0665130 _____ () C:\ProgramData\1387003648.bdinstall.bin
2014-02-11 23:34 - 2014-02-11 23:34 - 0000502 _____ () C:\ProgramData\1392141847.bdinstall.bin
2014-02-15 20:48 - 2014-02-15 20:48 - 0266665 _____ () C:\ProgramData\1392477327.bdinstall.bin
2014-10-22 18:50 - 2014-10-22 18:50 - 0000268 ___RH () C:\ProgramData\Funk Animals
2014-10-22 18:51 - 2014-10-22 18:51 - 0000268 ___RH () C:\ProgramData\Galactic Static
2014-10-22 18:50 - 2014-10-22 18:50 - 0000268 ___RH () C:\ProgramData\Galaxy Swirl
2014-10-22 18:51 - 2014-10-22 18:51 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-10-22 18:50 - 2014-10-29 12:59 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-10-22 18:50 - 2014-10-22 18:50 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
 
Files to move or delete:
====================
C:\Users\****\.exe
C:\Users\****\x.exe
 
 
Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\dllnt_dump.dll
C:\Users\****\AppData\Local\Temp\Quarantine.exe
C:\Users\****\AppData\Local\Temp\sqlite3.dll
C:\Users\****\AppData\Local\Temp\Update.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\BDSandBoxUH.dll
C:\Windows\System32\BDSandBoxUISkin.dll
C:\Windows\System32\BDSandBoxUISkin32.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-15 11:36
 
==================== End Of Log ============================
 
And here's Additional.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015
Ran by **** at 2015-04-15 17:15:57
Running from C:\
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\uTorrent) (Version: 3.4.3.39944 - BitTorrent Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced IP Scanner 2.3 (HKLM-x32\...\{A02F51A7-1982-4B69-8BD3-7D2B86179752}) (Version: 2.3.2161 - Famatech)
ArcSoft Panorama Maker 6 (HKLM-x32\...\{41123708-D150-432C-9F15-EC80C079AB52}) (Version: 6.1.1.105 - ArcSoft)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
BlackWidow version 6.28 (HKLM-x32\...\{69A7A3D0-AE00-4C7E-83AC-61804FA9B7ED}_is1) (Version: 6.28 - Softbyte Labs, Inc.)
Cain & Abel v4.9.43 (HKLM-x32\...\Cain & Abel v4.9.43) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5728.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Domain Name Analyzer v6.010311 (HKLM-x32\...\Domain Name Analyzer v6_is1) (Version:  - Softnik Technologies)
EaseUS Todo Backup Free 7.5  (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 7.5 - CHENGDU YIWO Tech Development Co., Ltd)
Email Extractor (HKLM-x32\...\Email Extractor) (Version: 5.5 - WebPro Solutions)
Email Extractor (x32 Version: 5.5 - WebPro Solutions) Hidden
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - )
Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Freemake Video Converter version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.6.3 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
HHD Software Hex Editor Neo 6.10 (HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 6.10.5.5341 - HHD Software, Ltd.)
Hide IP Easy (HKLM-x32\...\HideIPEasy) (Version: 5.1.9.6 - )
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.3.1004 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java SE Development Kit 7 Update 55 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Jkain (HKLM-x32\...\{A2F1A7C7-DAD1-4C5D-811C-8B0B0E65756D}) (Version: 1.0.0 - Tim Jansson)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{D8D25854-D7F0-45C5-8702-D650A5A23E21}) (Version: 2.3.2208 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MySQL Server 5.0 (HKLM-x32\...\{3C830C70-16E8-4FDA-BDF2-3CE38518AF25}) (Version: 5.0.41 - MySQL AB)
MySQL Server 5.1 (HKLM-x32\...\{FE24DFB1-C67A-41A8-862A-581273D017B2}) (Version: 5.1.73 - Oracle Corporation)
MySQL Server 5.6 (HKLM-x32\...\{75DD19E9-BB93-4B9F-9077-FFA73306FC1B}) (Version: 5.6.17 - Oracle Corporation)
NeoTrace Pro 3.25 Trial (HKLM-x32\...\NeoTrace Pro 3.25 Trial) (Version:  - )
NetBeans IDE 8.0 (HKLM\...\nbi-nb-base-8.0.0.0.201403101706) (Version: 8.0 - NetBeans.org)
NetCut 2.1.4 (HKLM-x32\...\NetCut_is1) (Version:  - arcai.com)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.2 - Nikon)
Nmap 6.47 (HKLM-x32\...\Nmap) (Version:  - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.60.0 - Nokia)
Nokia PC Suite (x32 Version: 7.1.60.0 - Nokia) Hidden
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.6.6.3 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.49 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.13 - Symantec Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenVPN 2.3.6-I601  (HKLM\...\OpenVPN) (Version: 2.3.6-I601 - )
OWASP ZAP 2.3.1 (HKLM-x32\...\OWASP ZAP_is1) (Version:  - psiinon@gmail.com)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picture Control Utility 2 (HKLM\...\{D4893C47-704F-4B84-8486-9DE4974ACA6F}) (Version: 2.0.1 - Nikon)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python 3.4.0 (64-bit) (HKLM\...\{863162A8-ECC2-35EA-BDF7-E09AC456E164}) (Version: 3.4.150 - Python Software Foundation)
Python Tools 2.0 for Visual Studio 2013 (HKLM-x32\...\{C6194158-B96A-4EB4-A7E9-ED894DD3B989}) (Version: 2.0.11016.00 - Microsoft Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.28150 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
RegCure Pro (HKLM-x32\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.2.14.0 - ParetoLogic, Inc.) <==== ATTENTION!
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SharePoint Client Components (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.2 - Synaptics Incorporated)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
Technitium MAC Address Changer v6.0.5 (HKLM-x32\...\TMACv6.0) (Version: 6.0.5 - Technitium)
Turbo C++ 3.0 Windows 7 Windows 8 64Bit Version (HKLM-x32\...\Turbo C++ 3.0 Windows 7 Windows 8 64Bit Version) (Version: 00.03.00.01 - Techapple.Net)
TypingMaster Pro (HKLM-x32\...\{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1) (Version: 7.00 - TypingMaster Inc)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplink (HKLM-x32\...\Uplink) (Version:  - )
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.3.11280 - Sony Corporation)
VAIO Care (HKLM\...\{EF649526-0134-46A8-8DF3-D7F9309E48DB}) (Version: 8.4.2.12046 - Sony Corporation)
VAIO Care Hardware Diagnostics Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.11.1.11210 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.1.0.10300 - Sony Corporation)
VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation)
VAIO Easy Connect (x32 Version: 8.2.0.14170 - Sony Corporation) Hidden
VAIO Gate (HKLM-x32\...\{14AC95A2-7675-4988-A5BD-3F5B943AED08}) (Version: 3.0.0.08140 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.1.0.10240 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.1.0.10220 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.1.0.10220 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.0.00.08170 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.1.0.10220 - Sony Corporation)
VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.1.10170 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.0.00.10170 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.0.00.10170 - Sony Corporation) Hidden
VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VCCMMx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCMMx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Vega 1.0 (HKLM-x32\...\Vega) (Version: 1.0 - Subgraph)
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.10.2 - Nikon)
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.4 - VMware, Inc)
VMware Workstation (Version: 10.0.4 - VMware, Inc.) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WhereIsIP (HKLM-x32\...\WhereIsIP) (Version:  - )
Windows Driver Package - Nokia Modem  (06/09/2010 7.01.0.8) (HKLM\...\E5372C32E8562C76C24DBA6525002B1031495F34) (Version: 06/09/2010 7.01.0.8 - Nokia)
Windows Driver Package - Nokia Modem  (10/07/2010 4.6) (HKLM\...\6DA48AFDE796708D5A4C9121A83E7617A63A9A15) (Version: 10/07/2010 4.6 - Nokia)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net  (07/15/2013 10.0.0.260) (HKLM\...\FF9ECD00DD25FDB7D3208607214790302878ACBE) (Version: 07/15/2013 10.0.0.260 - Qualcomm Atheros Communications Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wireshark 1.12.4 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.4 - The Wireshark developer community, http://www.wireshark.org)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami)
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-342642988-3338087968-1028205921-1002_Classes\CLSID\{182FB546-8596-4CEF-9CB5-E9505BF7F628}\InprocServer32 -> E:\hex editor\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-342642988-3338087968-1028205921-1002_Classes\CLSID\{6DB27B2E-87AC-4354-927A-AD711A0ED77E}\InprocServer32 -> E:\hex editor\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-342642988-3338087968-1028205921-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-342642988-3338087968-1028205921-1002_Classes\CLSID\{A244CEC5-DB63-4ED9-B0D7-A0527C064113}\InprocServer32 -> E:\hex editor\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-342642988-3338087968-1028205921-1002_Classes\CLSID\{AE1514A4-5D7D-4D1B-BC7F-320E6962B0DD}\InprocServer32 -> E:\hex editor\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-342642988-3338087968-1028205921-1002_Classes\CLSID\{B845012A-F05A-4EC8-816D-B033183B9CA5}\InprocServer32 -> E:\hex editor\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-342642988-3338087968-1028205921-1002_Classes\CLSID\{F350F7C1-9F0E-4A97-8EEC-E690C7095BEF}\InprocServer32 -> E:\hex editor\PatchAPI\dll\x64\hexpatch64.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-342642988-3338087968-1028205921-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\****\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
11-04-2015 08:49:57 Installed Spyware Detector
12-04-2015 17:13:01 Removed ProxyCap
13-04-2015 15:50:31 Windows Modules Installer
13-04-2015 15:55:20 Windows Modules Installer
13-04-2015 19:33:38 Installed SpyHunter
14-04-2015 08:08:29 Removed IPTInstaller
14-04-2015 17:20:33 Removed IPTInstaller
14-04-2015 17:21:53 Removed SpyHunter
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 18:55 - 2015-04-14 17:13 - 00000822 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {07842345-B3C5-4BED-9319-ADAA7DC03EB1} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {104BEBCA-37CA-4B14-ABDA-3607399303B6} - System32\Tasks\{B027D141-2320-4025-B834-D7BDB10892FA} => pcalua.exe -a "F:\my pdfs (USER-PC)\hacking\CEHv7\Hide Your IP Address v1.0\Keygen\ Keygen.exe" -d "F:\my pdfs (USER-PC)\hacking\CEHv7\Hide Your IP Address v1.0\Keygen"
Task: {26199FE2-C0A1-4C14-BE9F-A3355E4CAB79} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {295F2FE9-DEF5-49A3-A405-86A51DAB42FA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2972A16B-9633-4B4B-BBC0-4DA966123BBB} - System32\Tasks\{FF0FA7BA-B204-478A-B04F-55B9B6B6B800} => pcalua.exe -a "C:\Program Files (x86)\HideIPEasy\uninst.exe"
Task: {299C8FE2-424E-4C48-8215-93A9C9881AA1} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {2B99E64D-0E30-48B6-BA7E-F8B0E2A051F0} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-10-23] (Sony Corporation)
Task: {304150C3-8827-404D-81C4-972BD3D5FC5F} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {3133CDCA-3C13-40BB-A438-C421F2DBBDF9} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.6.3\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {3751C6BB-BB01-4209-93D4-F4AC1AA4CD13} - System32\Tasks\Wise Turbo Checker => E:\Wise Care 365 (USER-PC)\WiseTurbo.exe
Task: {3999185A-6FB0-476B-B72A-202700791FA3} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {423FE85E-EE8E-42C3-AB7C-8C59FA40AC21} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {4EA23C43-A362-4EE3-BF24-9CB6C90C8F49} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation)
Task: {5774FDF9-B0DC-445A-A149-2DB9051FF512} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2014-11-17] (Sony Corporation)
Task: {5D3621BE-CC90-42C3-A4A0-6481549F6B92} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-13] (Google Inc.)
Task: {699174A8-B876-4FED-80A6-DA49168BA979} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {6A0A4ECA-407F-4A96-8054-F30FD5746B89} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-342642988-3338087968-1028205921-1002UA => C:\Users\****\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {771EB43D-515C-4515-9C7B-3EE9FC8E6AAA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-342642988-3338087968-1028205921-1002Core => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {7C414834-7693-43BA-AAFF-DE221DA7DA32} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {7FC674F1-6ACD-40D9-9594-9C5913A3A97E} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {8958A7FE-8FBA-45A6-8336-B2EDAA9D54B1} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {8E697881-AE67-439D-8F10-957680C9E0A7} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {8E8E4EC3-9057-4C54-8490-77C7D4DC0EA0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-13] (Google Inc.)
Task: {8F9DF927-FAA0-4D1C-8C23-1F0EDCE9DFC5} - System32\Tasks\{81F040EB-1F3E-463C-A0E2-A3EF3A506073} => pcalua.exe -a "F:\Adobe Photoshop 7.0 Full\_ISDel.exe" -d "F:\Adobe Photoshop 7.0 Full"
Task: {9147B897-1C72-43CD-A646-ECA21D7B9ECA} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {91F50D4D-6686-4EEC-9232-8C7B9A57E368} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-342642988-3338087968-1028205921-1002 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {92A24A71-096E-4202-8B3A-6CF6A011EDE2} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-08-15] (Sony Corporation)
Task: {96A00230-EC08-46DC-A370-42F0FB9DA491} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => %ProgramData%\Sony Corporation\VAIO Care\UpdateContacts.exe
Task: {A36B9AAC-58F7-4030-9166-FD711AA3E4EF} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-02-28] (Sony Corporation)
Task: {A52CA188-C752-4945-81B5-61C87C363AD8} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2014-11-17] (Sony Corporation)
Task: {A554CF14-E976-4A83-9CF0-0CF474812984} - System32\Tasks\{E209D482-667E-4196-B683-F3002789E848} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Office\Office12\MSACCESS.EXE" -d "C:\Program Files (x86)\Microsoft Office\Office12"
Task: {A8D86612-2568-4B94-80BE-E2EE95868196} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {AA25B8CB-5F79-4AEE-BF50-79348B6F18C5} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {B49B6BAB-D796-4117-AABC-1AF59EC04462} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.6.3\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {B746D89D-B65A-4850-B665-6DA2170CAC14} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation)
Task: {BD99D8D0-1EAB-4D32-B798-25E8A439809F} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-10-22] (Sony Corporation)
Task: {BEECF6B9-7E94-417C-9EF7-495340F908DC} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {BF27CD57-99C8-45F3-9597-02E32FA24673} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {BF2DA36B-A7CB-43B1-ACBB-F09643AD2200} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {C7E58D11-31FD-48EE-95B0-C2DCA74ACFDD} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {C7E5A0FB-D7E0-4404-9F3F-7F03812EBDAB} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {CA65E94F-5BF8-4F05-8AAD-17C02097949A} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {CBDA132F-8D88-4CF3-883D-A5F56B36A6C5} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-11-28] (Sony Corporation)
Task: {D09BCCD4-339C-4613-9E88-C9B7BCC0E349} - System32\Tasks\{90286981-F5AC-4987-8BF5-B9C9F4A32107} => pcalua.exe -a C:\Users\****\Downloads\Programs\osfmount.exe -d C:\Users\****\AppData\Roaming\IDM
Task: {D0A109B4-678A-4BC5-9F4C-1EED75B754A9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {D2440F15-F4FE-4F9D-8AD3-10C925AE85CA} - System32\Tasks\RegCure Pro_sch_35EC1A2E-E2A9-11E4-BFA3-0019DE1156B4 => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION
Task: {D4301F0C-75F6-4D83-8CD5-54AC332A85F3} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {D490A13D-2948-49DD-8BE6-C6AC3B3C2109} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-342642988-3338087968-1028205921-1002UA => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {DFF62C94-757C-451C-9899-2C003F93F957} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {E3CC2A42-4CF0-44D6-8D98-C22B9CFD7945} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {E75021CA-816E-4DBB-857D-71E8BB3FB957} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-342642988-3338087968-1028205921-1002Core => C:\Users\****\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {EF68BF73-0E08-4148-87BE-933EA38179D9} - System32\Tasks\{AD68E786-F0BF-4876-A37F-F4E1F184C310} => pcalua.exe -a C:\Users\****\Downloads\Programs\WinPcap_4_1_3.exe
Task: {F5B161A9-D630-43E0-9575-4E80109511B3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-01] (Microsoft Corporation)
Task: {F6492769-DE8C-4D40-A6DB-81C5D4CF1E22} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-24] (Synaptics Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-342642988-3338087968-1028205921-1002Core.job => C:\Users\****\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-342642988-3338087968-1028205921-1002UA.job => C:\Users\****\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-342642988-3338087968-1028205921-1002Core.job => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-342642988-3338087968-1028205921-1002UA.job => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RegCure Pro_sch_35EC1A2E-E2A9-11E4-BFA3-0019DE1156B4.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => E:\Wise Care 365 (USER-PC)\WiseTurbo.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-07 01:48 - 2013-09-07 01:48 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 01:45 - 2013-09-07 01:45 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 01:52 - 2013-09-07 01:52 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-11-19 10:21 - 2013-11-19 10:21 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2014-05-12 15:19 - 2014-05-12 15:19 - 00222720 _____ () E:\Notepad++\NppShell_06.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-29 15:01 - 2014-10-29 15:01 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2012-08-03 07:27 - 2012-09-29 21:51 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\screw.bat:ruby.pdf
AlternateDataStreams: C:\ProgramData\Temp:1B4D9DFB
AlternateDataStreams: C:\ProgramData\Temp:F297470E
AlternateDataStreams: C:\Users\****\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\****\SkyDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\Public\DRM:احتضان
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-342642988-3338087968-1028205921-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\****\Desktop\1907621_1074943689189284_4643144900391251384_n.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AIPS => 2
MSCONFIG\Services: CGVPNCliService => 2
MSCONFIG\Services: EaseUS Agent => 2
MSCONFIG\Services: Everything => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FreemakeVideoCapture => 2
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: pcapsvc => 2
MSCONFIG\Services: PrintNotify => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\Services: VMwareHostd => 2
HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "ProxyCap"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "FileZilla Server Interface"
HKLM\...\StartupApproved\Run32: => "ADSK DLMSession"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "Everything"
HKLM\...\StartupApproved\Run32: => "ArcSoft Connection Service"
HKLM\...\StartupApproved\Run32: => "Nikon Message Center 2"
HKLM\...\StartupApproved\Run32: => "EaseUS TB Tray Agent"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "ProxyCap"
HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\StartupApproved\Run: => "msnmsgr"
HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\StartupApproved\Run: => "CCleaner"
HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\StartupApproved\Run: => "PC Suite Tray"
HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\StartupApproved\Run: => "NokiaSuite.exe"
HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\StartupApproved\Run: => "ElcomSoft DPR Server"
HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-342642988-3338087968-1028205921-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-342642988-3338087968-1028205921-500 - Administrator - Disabled)
**** (S-1-5-21-342642988-3338087968-1028205921-1002 - Administrator - Enabled) => C:\Users\****
Guest (S-1-5-21-342642988-3338087968-1028205921-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-342642988-3338087968-1028205921-1008 - Limited - Enabled)
LANGUARD_11_USER (S-1-5-21-342642988-3338087968-1028205921-1012 - Administrator - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/15/2015 04:05:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VCAgent.exe, version: 8.4.2.12030, time stamp: 0x5476d099
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffab2764051
Faulting process id: 0x15cc
Faulting application start time: 0xVCAgent.exe0
Faulting application path: VCAgent.exe1
Faulting module path: VCAgent.exe2
Report Id: VCAgent.exe3
Faulting package full name: VCAgent.exe4
Faulting package-relative application ID: VCAgent.exe5
 
Error: (04/15/2015 04:05:34 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run()
   at VCAgent.App.Main()
 
Error: (04/15/2015 01:01:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (04/15/2015 10:58:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program vlc.exe version 2.1.5.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 15ac
 
Start Time: 01d0773cbf6ecfd9
 
Termination Time: 4
 
Application Path: E:\VLC\vlc.exe
 
Report Id: 1229493d-e330-11e4-bfa6-0019de1156b4
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (04/15/2015 10:51:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DeviceAssociationService, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c850f5
Exception code: 0xc0000374
Fault offset: 0x00000000000f12a0
Faulting process id: 0x290
Faulting application start time: 0xsvchost.exe_DeviceAssociationService0
Faulting application path: svchost.exe_DeviceAssociationService1
Faulting module path: svchost.exe_DeviceAssociationService2
Report Id: svchost.exe_DeviceAssociationService3
Faulting package full name: svchost.exe_DeviceAssociationService4
Faulting package-relative application ID: svchost.exe_DeviceAssociationService5
 
Error: (04/15/2015 08:25:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VCAgent.exe, version: 8.4.2.12030, time stamp: 0x5476d099
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ff7bd2aab71
Faulting process id: 0x1208
Faulting application start time: 0xVCAgent.exe0
Faulting application path: VCAgent.exe1
Faulting module path: VCAgent.exe2
Report Id: VCAgent.exe3
Faulting package full name: VCAgent.exe4
Faulting package-relative application ID: VCAgent.exe5
 
Error: (04/15/2015 08:25:32 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run()
   at VCAgent.App.Main()
 
Error: (04/14/2015 07:04:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DeviceAssociationService, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c850f5
Exception code: 0xc0000374
Fault offset: 0x00000000000f12a0
Faulting process id: 0x278
Faulting application start time: 0xsvchost.exe_DeviceAssociationService0
Faulting application path: svchost.exe_DeviceAssociationService1
Faulting module path: svchost.exe_DeviceAssociationService2
Report Id: svchost.exe_DeviceAssociationService3
Faulting package full name: svchost.exe_DeviceAssociationService4
Faulting package-relative application ID: svchost.exe_DeviceAssociationService5
 
Error: (04/14/2015 05:40:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nacl64.exe, version: 41.0.2272.101, time stamp: 0x5503e5f4
Faulting module name: nacl64.exe, version: 41.0.2272.101, time stamp: 0x5503e5f4
Exception code: 0x80000003
Fault offset: 0x000000000001ad39
Faulting process id: 0x172c
Faulting application start time: 0xnacl64.exe0
Faulting application path: nacl64.exe1
Faulting module path: nacl64.exe2
Report Id: nacl64.exe3
Faulting package full name: nacl64.exe4
Faulting package-relative application ID: nacl64.exe5
 
Error: (04/14/2015 05:12:34 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "ONEINDEX15://{S-1-5-21-342642988-3338087968-1028205921-1002}/">.
 
 
System errors:
=============
Error: (04/15/2015 05:08:49 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys
 
Error: (04/15/2015 04:15:50 PM) (Source: DCOM) (EventID: 10016) (User: SPARKLE)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SPARKLE****S-1-5-21-342642988-3338087968-1028205921-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/15/2015 04:14:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware NAT Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (04/15/2015 04:14:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Internet Pass-Through Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (04/15/2015 04:14:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (04/15/2015 04:14:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (04/15/2015 04:14:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Capability Licensing Service Interface service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (04/15/2015 04:14:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (04/15/2015 04:14:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VUAgent service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/15/2015 04:14:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (04/15/2015 04:05:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VCAgent.exe8.4.2.120305476d099unknown0.0.0.000000000c000000500007ffab276405115cc01d0773d2f67306fC:\Program Files\Sony\VAIO Care\VCAgent.exeunknown2522847b-e35b-11e4-bfa6-0019de1156b4
 
Error: (04/15/2015 04:05:34 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run()
   at VCAgent.App.Main()
 
Error: (04/15/2015 01:01:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files\CCleaner\CCleaner64.exe
 
Error: (04/15/2015 10:58:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: vlc.exe2.1.5.015ac01d0773cbf6ecfd94E:\VLC\vlc.exe1229493d-e330-11e4-bfa6-0019de1156b4
 
Error: (04/15/2015 10:51:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DeviceAssociationService6.3.9600.1741554504177ntdll.dll6.3.9600.1766854c850f5c000037400000000000f12a029001d07727db387884C:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dll49a12c3e-e32f-11e4-bfa5-0019de1156b4
 
Error: (04/15/2015 08:25:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: VCAgent.exe8.4.2.120305476d099unknown0.0.0.000000000c000000500007ff7bd2aab71120801d076b8e269c8f7C:\Program Files\Sony\VAIO Care\VCAgent.exeunknowne111608c-e31a-11e4-bfa4-0019de1156b4
 
Error: (04/15/2015 08:25:32 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run()
   at VCAgent.App.Main()
 
Error: (04/14/2015 07:04:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DeviceAssociationService6.3.9600.1741554504177ntdll.dll6.3.9600.1766854c850f5c000037400000000000f12a027801d076a7cacf9161C:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dllf89e1309-e2aa-11e4-bfa3-0019de1156b4
 
Error: (04/14/2015 05:40:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nacl64.exe41.0.2272.1015503e5f4nacl64.exe41.0.2272.1015503e5f480000003000000000001ad39172c01d076ac06db5b83C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\nacl64.exeC:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\nacl64.exe449fbee2-e29f-11e4-bfa3-0019de1156b4
 
Error: (04/14/2015 05:12:34 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07ONEINDEX15://{S-1-5-21-342642988-3338087968-1028205921-1002}/
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-15 13:34:55.168
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-14 19:01:16.323
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\PrxerDrv.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-14 19:01:16.152
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\PrxerDrv.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-14 16:38:28.830
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-14 14:00:22.432
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-14 12:38:09.546
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\SysinternalsSuite\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-14 09:31:55.778
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-13 23:52:38.863
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-13 19:38:05.409
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-13 19:38:05.194
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 47%
Total physical RAM: 3975.27 MB
Available physical RAM: 2087.97 MB
Total Pagefile: 8071.27 MB
Available Pagefile: 6154.8 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (local disk c:) (Fixed) (Total:142.86 GB) (Free:70.12 GB) NTFS
Drive e: (local disk D:) (Fixed) (Total:115.28 GB) (Free:65.08 GB) NTFS
Drive f: (local disk E) (Fixed) (Total:150 GB) (Free:45.68 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3E90C9FB)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

Edited by jane27, 15 April 2015 - 07:54 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 PM

Posted 20 April 2015 - 07:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/573302 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 PM

Posted 25 April 2015 - 07:45 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users