Inactive Malware/Virus Problem..

SabDad · Jul 20, 2017

Need help with my daughters PC.. She downloaded some iphone hacking crap.. and some other network stuff and her PC has been acting up.. We have sophos Home installed, and I've scanned with MlwareBytes, and a few others and gotten rid of some low hanging Unwanted apps and basic stuff.. Just want to make sure its all cleaned up.. something else still seems fishy.. Thanks:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
Ran by Sabrina (administrator) on WORKTOP (20-07-2017 10:35:35)
Running from C:\Users\Sabrina\Downloads
Loaded Profiles: Sabrina (Available Profiles: WORK & Sabrina)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Atheros Communications, Inc.) C:\Program Files (x86)\Jumpstart\jswpbapi.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sysinternals - www.sysinternals.com) C:\Users\Sabrina\Desktop\av\Procmon.exe
(Sysinternals - www.sysinternals.com) C:\Users\Sabrina\AppData\Local\Temp\Procmon64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Sabrina\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [655360 2012-12-12] ()
HKLM-x32\...\Run: [FonePaw iPhone Data RecoveryAppService] => C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\AppService.exe [88216 2017-01-20] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [FoneLabAppService] => C:\Program Files (x86)\Aiseesoft Studio\FoneLab\AppService.exe [88024 2016-11-28] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [jswtrayutil] => C:\Program Files (x86)\Jumpstart\jswtrayutil.exe [528384 2008-09-26] (Atheros Communications, Inc.)
HKLM-x32\...\Run: [Smart-PSS] => C:\Program Files (x86)\Amcrest Surveillance Pro\Amcrest Surveillance Pro\SmartPSS.exe*****************************************
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1480168 2017-07-17] (Sophos Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3524799261-2934001270-7150906-1003\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [28112584 2017-05-16] (Microsoft Corporation)
HKU\S-1-5-21-3524799261-2934001270-7150906-1003\...\Run: [UCreate Music Mixer] => C:\Program Files (x86)\Radica\UCreate\Music\UCreate.exe [597616 2009-08-09] (Mattel Inc.)
HKU\S-1-5-21-3524799261-2934001270-7150906-1003\...\MountPoints2: {ebcea46d-686f-11e7-828d-24ec99e15e70} - "explorer.exe" "MyUCreateMusic.html"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2017-07-06] ()
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.10.254
Tcpip\..\Interfaces\{02021F1B-A660-4096-8BE7-B40779C176ED}: [DhcpNameServer] 192.168.10.254
Tcpip\..\Interfaces\{31E29C0A-D083-48C0-B9BE-C0B9E718C4D4}: [DhcpNameServer] 192.168.10.254
Tcpip\..\Interfaces\{3ACE2D5D-3BA7-43D2-A187-9115B92FB62D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FEE11645-41A8-4741-85A3-DB8F1AFAB051}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3524799261-2934001270-7150906-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3524799261-2934001270-7150906-1003 -> {2A882EE4-1883-4AD2-8F60-1E867C685738} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-08] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-08] (Oracle Corporation)
DPF: HKLM-x32 {25CE630D-3EA0-40D8-A7B4-502FD023AAE7} hxxp://192.168.0.13/img/Decoder.cab
DPF: HKLM-x32 {4B90BBA0-9621-48CB-810B-5A75E9CA6270} hxxp://192.168.0.13/img/MediaAccess.cab
DPF: HKLM-x32 {4E94DD12-E0E0-5C87-9E61-4F4C4B0052BB} hxxp://192.168.1.100:5000/webman/3rdparty/SurveillanceStation/object/SurveillanceHelper.cab?undefined
DPF: HKLM-x32 {D63FBD76-6EAA-43C0-BAFB-474D5FD9AD3F} hxxp://192.168.1.100:5000/webman/3rdparty/SurveillanceStation/object/SurveillancePlugin.cab?undefined
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-10-11] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Sabrina\AppData\Roaming\GNUCITIZEN\Websecurify Scanner\Profiles\liii1x0t.default [2017-07-15]
FF Extension: (No Name) - C:\Program Files (x86)\Websecurify Scanner\extensions\development@weaponry.gnucitizen.org [not found]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: (FiddlerHook) - C:\Program Files (x86)\Fiddler2\FiddlerHook [2017-05-25] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: synology.com/SurveillanceHelper -> C:\Program Files (x86)\Synology\SurveillanceHelper\1.0.0.5\npSurveillanceHelper_x86_64.dll [2017-04-17] (Synology)
FF Plugin: synology.com/SurveillancePlugin_x86_64 -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.1217\npSurveillancePlugin_x86_64.dll [2017-06-13] (Synology)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @IPC/npmedia3.0.0.1,version=3.0.0.1 -> C:\Program Files\webrec\Torch\3.0.0.1\npmedia3.0.0.1.dll [2015-08-19] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: synology.com/SurveillanceHelper -> C:\Program Files (x86)\Synology\SurveillanceHelper\1.0.0.5\npSurveillanceHelper.dll [2017-04-17] (Synology)
FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.1217\npSurveillancePlugin.dll [2017-06-13] (Synology)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-12-13] (Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default [2017-07-20]
CHR Extension: (Google Drive) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-26]
CHR Extension: (YouTube) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-31]
CHR Extension: (Gmail) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-26]
CHR Extension: (Chrome Media Router) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR Profile: C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-01]
CHR Profile: C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-07-01]
CHR Extension: (Google Slides) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-15]
CHR Extension: (Google Docs) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-15]
CHR Extension: (Google Drive) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-15]
CHR Extension: (YouTube) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-15]
CHR Extension: (Google Sheets) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-15]
CHR Extension: (Google Docs Offline) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-26]
CHR Extension: (Skype) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-07-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-26]
CHR Extension: (Gmail) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-15]
CHR Extension: (Chrome Media Router) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-01]
CHR Profile: C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-07-19]
CHR Extension: (Google Slides) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-14]
CHR Extension: (Google Docs) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-14]
CHR Extension: (Google Drive) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-14]
CHR Extension: (YouTube) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-14]
CHR Extension: (Google Sheets) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-14]
CHR Extension: (Google Docs Offline) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-25]
CHR Extension: (Skype) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-07-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-14]
CHR Extension: (Gmail) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-19]
CHR Profile: C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-01]
CHR HKLM-x32\...\Chrome\Extension: [commhkacjheiacaopdonmodahaoadoln] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-08-18] () [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [11075816 2015-10-16] (DisplayLink Corp.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4967632 2017-06-05] (SurfRight B.V.)
R2 jswpbapi; C:\Program Files (x86)\Jumpstart\jswpbapi.exe [265216 2008-09-26] (Atheros Communications, Inc.) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
S2 RTLDHCPService; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RTLDHCP.exe [262360 2014-04-23] (Realtek)
S4 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [230752 2017-06-02] (Sophos Limited)
S4 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [200064 2017-06-02] (Sophos Limited)
S4 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe [925824 2017-01-26] (Sophos Limited)
S4 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [760672 2017-07-17] (Sophos Limited)
S4 Sophos MCS Agent; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe [1379856 2017-07-17] (Sophos Limited)
S4 Sophos MCS Client; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe [1806904 2017-07-17] (Sophos Limited)
S4 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [360040 2017-06-02] (Sophos Limited)
S4 SophosDataRecorderService; C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe [996240 2016-09-12] (Sophos Limited)
S4 sophossps; C:\Program Files\Sophos\Sophos System Protection\ssp.exe [5366040 2016-09-12] (Sophos Limited)
S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S4 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [475384 2017-06-02] (Sophos Limited)
S4 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3596088 2017-06-02] (Sophos Limited)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 WLANBelkinService; C:\Program Files (x86)\Belkin\F9L1101\V1\wlansrv.exe [86016 2012-10-05] () [File not signed]
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe [134288 2017-02-15] (Wondershare)
S2 FastvueSyslogServer; C:\Program Files\Fastvue\Syslog Server\Service\Fastvue.SyslogServer.Service.exe [X]
S2 RealtekWlanU; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe [X]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
S2 RunSwUSB; C:\Windows\runSW.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DisplayLinkUsbIo_x64; C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.9.630.0.sys [58640 2015-10-17] ()
S3 dlcdcncm; C:\Windows\system32\DRIVERS\dlcdcncm62_x64.sys [91920 2015-10-16] (DisplayLink Corp.)
S3 dlusbaudio; C:\Windows\system32\DRIVERS\dlusbaudio_x64.sys [229648 2015-10-16] (DisplayLink Corp.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-07-20] ()
R3 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [250472 2017-07-17] (SurfRight B.V.)
S3 kmloop; C:\Windows\system32\DRIVERS\loop.sys [15360 2013-08-22] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2017-05-06] (Malwarebytes Corporation)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [71888 2017-06-12] (Insecure.Com LLC.)
S4 npcap_wifi; C:\Windows\system32\DRIVERS\npcap.sys [71888 2017-06-12] (Insecure.Com LLC.)
S3 OSFMount; C:\Program Files\OSForensics\OSFMount64\OSFMount.sys [1299384 2014-02-12] (PassMark Software)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corporation )
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [199552 2017-06-02] (Sophos Limited)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [38144 2017-06-02] (Sophos Limited)
R2 sntp; C:\Windows\system32\DRIVERS\sntp.sys [123848 2017-01-26] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [45840 2017-06-02] (Sophos Limited)
R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [47760 2017-06-02] (Sophos Limited)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S3 TRLNDISMON; C:\Windows\system32\DRIVERS\TRLNDISMON.sys [31392 2015-03-23] (Tarlogic)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-07-20] ()
R1 TsLwWfF; C:\Windows\system32\DRIVERS\TsLwWfF.sys [39272 2016-08-04] (TamoSoft)
R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-20 10:35 - 2017-07-20 10:38 - 00022275 _____ C:\Users\Sabrina\Downloads\FRST.txt
2017-07-20 10:35 - 2017-07-20 10:35 - 02382336 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64 (1).exe
2017-07-20 08:40 - 2017-07-20 09:00 - 00000021 _____ C:\Windows\S.dirmngr
2017-07-20 08:36 - 2017-07-20 08:36 - 00021504 _____ C:\Users\Sabrina\Desktop\mginfo.txt
2017-07-20 08:34 - 2017-07-20 08:34 - 00008397 _____ C:\Users\Sabrina\Desktop\procdll.txt
2017-07-20 07:39 - 2017-07-20 07:39 - 01305367 _____ C:\Users\Sabrina\Downloads\Autoruns.zip
2017-07-20 07:18 - 2017-07-20 07:18 - 05200384 _____ (AVAST Software) C:\Users\Sabrina\Downloads\aswmbr.exe
2017-07-20 06:19 - 2017-07-20 06:19 - 00000000 _____ C:\Users\Sabrina\Downloads\7uc7zlgr.bat
2017-07-20 05:23 - 2017-07-20 05:23 - 02509378 _____ C:\Users\Sabrina\Desktop\StoreLogs_2017-07-20_05-23-34.cab
2017-07-20 03:39 - 2017-07-20 03:39 - 00380928 _____ C:\Users\Sabrina\Downloads\7uc7zlgr.exe
2017-07-20 03:26 - 2017-07-20 03:56 - 00097708 _____ C:\TDSSKiller.3.1.0.15_20.07.2017_03.26.13_log.txt
2017-07-20 03:25 - 2017-07-20 03:25 - 04922400 _____ (AO Kaspersky Lab) C:\Users\Sabrina\Downloads\tdsskiller.exe
2017-07-20 02:03 - 2017-07-20 02:03 - 00349829 _____ C:\Users\Sabrina\Desktop\MGlogsR.zip
2017-07-20 01:41 - 2017-07-20 01:41 - 00000000 _____ C:\Windows\system32\curdate
2017-07-20 01:24 - 2017-07-20 01:24 - 05659794 _____ (Swearware) C:\Users\Sabrina\Downloads\yoyoyo.exe
2017-07-20 01:16 - 2017-07-20 01:16 - 00055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-07-20 00:25 - 2017-07-20 00:25 - 00028860 _____ C:\Users\Sabrina\Downloads\Addition.txt
2017-07-20 00:25 - 2017-07-20 00:25 - 00028860 _____ C:\Users\Sabrina\Downloads\Addition (1).txt
2017-07-20 00:23 - 2017-07-20 08:38 - 00000000 ____D C:\MGtools
2017-07-19 23:12 - 2017-07-19 23:12 - 00025222 _____ C:\Windows\system32\.crusader
2017-07-19 23:03 - 2017-07-19 23:03 - 01078590 _____ C:\wfp-filters.xml
2017-07-19 23:01 - 2017-07-19 23:01 - 01078590 _____ C:\Windows\system32\filters.xml
2017-07-19 22:49 - 2017-07-19 23:13 - 00000000 ____D C:\ProgramData\HitmanPro
2017-07-19 22:39 - 2017-07-20 09:02 - 00000000 ____D C:\AdwCleaner
2017-07-19 22:39 - 2017-07-19 22:39 - 01993530 _____ C:\Users\Sabrina\Downloads\MGtools.exe
2017-07-19 22:37 - 2017-07-19 22:38 - 11584088 _____ (SurfRight B.V.) C:\Users\Sabrina\Downloads\HitmanPro_x64.exe
2017-07-19 22:37 - 2017-07-19 22:37 - 08162248 _____ (Malwarebytes) C:\Users\Sabrina\Downloads\AdwCleaner.exe
2017-07-19 22:34 - 2017-07-19 22:34 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-07-19 21:37 - 2017-07-19 14:45 - 00192590 _____ C:\Windows\ntbtlog.txt
2017-07-19 18:45 - 2017-07-20 08:42 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-07-19 18:44 - 2017-07-19 18:44 - 00000870 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-07-19 18:44 - 2017-07-19 18:44 - 00000000 ____D C:\ProgramData\RogueKiller
2017-07-19 18:44 - 2017-07-19 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-07-19 18:44 - 2017-07-19 18:44 - 00000000 ____D C:\Program Files\RogueKiller
2017-07-19 18:42 - 2017-07-19 18:43 - 35679504 _____ (Adlice Software ) C:\Users\Sabrina\Downloads\RogueKiller_setup_ref3.exe
2017-07-19 18:01 - 2017-07-20 10:35 - 00000000 ____D C:\FRST
2017-07-19 18:00 - 2017-07-19 18:00 - 02382336 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2017-07-19 17:41 - 2017-07-19 17:42 - 08755368 _____ C:\Users\Sabrina\Downloads\latest.zip
2017-07-19 17:25 - 2015-04-06 08:30 - 00000000 ____D C:\Users\Sabrina\Documents\windows-privesc-check-master
2017-07-19 17:24 - 2017-07-19 17:25 - 07589322 _____ C:\Users\Sabrina\Downloads\windows-privesc-check-master.zip
2017-07-19 17:24 - 2017-07-19 17:24 - 00002140 _____ C:\Users\Public\Desktop\REALTEK USB Wireless LAN Utility.lnk
2017-07-19 17:24 - 2017-07-19 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK USB Wireless LAN Utility
2017-07-19 17:23 - 2012-02-14 19:37 - 00594432 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
2017-07-19 17:23 - 2007-04-26 14:05 - 00100000 _____ C:\Windows\SysWOW64\EAPPkt9x.VXD
2017-07-19 17:23 - 2001-09-26 11:03 - 00012981 _____ C:\Windows\SysWOW64\REALPKT.VXD
2017-07-19 17:22 - 2017-07-19 17:22 - 00000000 ____D C:\Program Files (x86)\REALTEK
2017-07-19 17:22 - 2012-02-14 19:37 - 00594432 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\Rtlihvs.dll
2017-07-19 17:20 - 2010-12-01 09:31 - 00451072 _____ C:\Windows\SysWOW64\ISSRemoveSP.exe
2017-07-19 15:46 - 2017-07-19 21:38 - 00003460 _____ C:\Users\Sabrina\Desktop\wut.txt
2017-07-19 15:16 - 2016-07-06 17:32 - 00000000 ____D C:\Users\Sabrina\Documents\windows(xp,win7,win8.1)
2017-07-19 15:15 - 2017-07-19 15:16 - 42620831 _____ C:\Users\Sabrina\Downloads\rtl8811auwinxp7win81.zip
2017-07-19 14:56 - 2017-07-19 14:56 - 21041152 _____ C:\Users\Sabrina\Documents\crashed.evtx
2017-07-19 14:45 - 2017-07-19 14:45 - 726032001 _____ C:\Windows\MEMORY.DMP
2017-07-19 14:45 - 2017-07-19 14:45 - 00000000 ____D C:\Windows\Minidump
2017-07-19 14:45 - 2017-07-19 14:45 - 00000000 _____ C:\Windows\Minidump\071917-33531-01.dmp
2017-07-19 13:31 - 2017-07-19 13:31 - 21483146 _____ C:\Users\Sabrina\Downloads\FW_EA8500_1.1.5.178908_prod.gpg.img
2017-07-19 13:23 - 2017-07-19 13:23 - 23199744 _____ C:\Users\Sabrina\Downloads\FW_EA8500_1.1.4.169978_prod (3).img
2017-07-19 13:04 - 2017-07-19 13:04 - 22675484 _____ C:\Users\Sabrina\Downloads\EA8500_webrevert.bin
2017-07-19 02:47 - 2017-07-19 02:47 - 00571759 _____ C:\Users\Sabrina\Downloads\IoT-spreading-wildfire-final.pdf
2017-07-19 02:08 - 2017-07-19 02:10 - 214603475 _____ C:\Users\Sabrina\Downloads\pygi-aio-3.24.1_rev1-setup_049a323fe25432b10f7e9f543b74598d4be74a39.exe
2017-07-19 00:53 - 2017-07-19 00:53 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Bishop_Fox
2017-07-19 00:52 - 2017-07-19 00:52 - 00002627 _____ C:\Users\Public\Desktop\SearchDiggity.lnk
2017-07-19 00:52 - 2017-07-19 00:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bishop Fox
2017-07-19 00:52 - 2017-07-19 00:52 - 00000000 ____D C:\Program Files (x86)\Bishop Fox
2017-07-19 00:42 - 2017-07-19 00:49 - 11722751 _____ C:\Users\Sabrina\Downloads\SearchDiggity_v3.1.0-MSI.zip
2017-07-19 00:42 - 2017-07-19 00:42 - 00007649 _____ C:\Users\Sabrina\Downloads\Shodan Queries.txt
2017-07-17 10:56 - 2017-07-17 10:56 - 07862485 _____ C:\Users\Sabrina\Downloads\Malware_Detection_with_OSSEC.pptx
2017-07-17 10:14 - 2017-07-17 10:14 - 00000000 _____ C:\Users\Sabrina\4.mhx
2017-07-17 03:38 - 2017-06-02 17:01 - 00047760 _____ (Sophos Limited) C:\Windows\system32\Drivers\swi_callout.sys
2017-07-17 03:38 - 2017-06-02 17:00 - 00044304 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2017-07-17 03:37 - 2017-07-20 09:00 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2017-07-17 03:37 - 2017-07-17 03:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-07-17 03:37 - 2017-07-17 03:37 - 00933624 _____ (SurfRight B.V.) C:\Windows\system32\hmpalert.dll
2017-07-17 03:37 - 2017-07-17 03:37 - 00857856 _____ (SurfRight B.V.) C:\Windows\SysWOW64\hmpalert.dll
2017-07-17 03:37 - 2017-07-17 03:37 - 00250472 _____ (SurfRight B.V.) C:\Windows\system32\Drivers\hmpalert.sys
2017-07-17 03:37 - 2017-07-17 03:37 - 00000000 ____D C:\Program Files\Sophos
2017-07-17 03:37 - 2017-07-17 03:37 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2017-07-17 03:37 - 2017-01-26 13:23 - 00123848 _____ (Sophos Limited) C:\Windows\system32\Drivers\sntp.sys
2017-07-17 03:36 - 2017-06-02 17:00 - 00199552 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2017-07-17 03:36 - 2017-06-02 17:00 - 00176120 _____ (Sophos Limited) C:\Windows\system32\sdccoinstaller.dll
2017-07-17 03:36 - 2017-06-02 17:00 - 00045840 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys
2017-07-17 03:36 - 2017-06-02 17:00 - 00038144 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys
2017-07-17 03:33 - 2017-07-17 03:39 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-07-17 03:25 - 2017-07-17 03:25 - 00005124 _____ C:\Users\Sabrina\Desktop\hashy.mhx
2017-07-17 03:21 - 2017-07-17 03:21 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\abelhadigital.com
2017-07-17 03:18 - 2017-07-17 03:18 - 02521188 _____ C:\Users\Sabrina\Downloads\MultiHasher_2.8.2_win_installer.zip
2017-07-17 03:18 - 2017-07-17 03:18 - 02521188 _____ C:\Users\Sabrina\Downloads\MultiHasher_2.8.2_win_installer (1).zip
2017-07-17 03:18 - 2017-07-17 03:18 - 00001183 _____ C:\Users\Public\Desktop\MultiHasher.lnk
2017-07-17 03:18 - 2017-07-17 03:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiHasher
2017-07-17 03:18 - 2017-07-17 03:18 - 00000000 ____D C:\Program Files (x86)\MultiHasher
2017-07-17 03:06 - 2017-07-17 03:07 - 249140816 _____ (Sophos Limited) C:\Users\Sabrina\Downloads\SophosInstall (1).exe
2017-07-17 02:11 - 2017-07-17 02:12 - 00046080 ___SH C:\Users\Sabrina\AppData\Local\Thumbs.db
2017-07-16 07:19 - 2017-07-16 07:19 - 00167296 _____ (Gibson Research Corp.) C:\Users\Sabrina\Downloads\DNSBench.exe
2017-07-16 05:19 - 2017-07-16 05:19 - 00000389 _____ C:\Users\Sabrina\Desktop\API KEYS.txt
2017-07-16 01:23 - 2017-07-16 01:23 - 00065910 _____ C:\Users\Sabrina\Downloads\datasploit-master.zip

SabDad · Jul 20, 2017

2017-07-16 00:33 - 2017-07-16 00:33 - 20750757 _____ C:\Users\Sabrina\Downloads\johnny_2.2_win.zip
2017-07-15 23:40 - 2017-07-15 23:40 - 00000000 ____D C:\Windows\SysWOW64\Npcap
2017-07-15 23:40 - 2017-07-15 23:40 - 00000000 ____D C:\Windows\system32\Npcap
2017-07-15 23:39 - 2017-07-15 23:39 - 00720256 _____ C:\Users\Sabrina\Downloads\npcap-0.92.exe
2017-07-15 13:20 - 2016-09-09 21:52 - 04194304 ____N C:\Users\Sabrina\Documents\dcs932l_v1.14.04.bin
2017-07-15 13:15 - 2017-07-15 13:16 - 10551421 _____ C:\Users\Sabrina\Downloads\DCS-932L_REVA_SETUPWIZARD_1.04.10_WIN.ZIP
2017-07-15 13:11 - 2017-07-15 13:12 - 04179934 _____ C:\Users\Sabrina\Downloads\DCS-932L_REVA_FIRMWARE_1.14.04.ZIP
2017-07-15 07:57 - 2017-07-15 10:25 - 00000000 ____D C:\Users\Sabrina\AppData\LocalLow\uTorrent
2017-07-15 07:35 - 2017-07-15 07:39 - 2142277825 _____ C:\Users\Sabrina\Downloads\Movie.2017.HD-TS x264 (720p).zip
2017-07-15 07:13 - 2017-07-15 07:13 - 00033004 _____ C:\Users\Sabrina\Downloads\Despicable Me 3 (1).torrent
2017-07-15 07:12 - 2017-07-15 07:12 - 00033004 _____ C:\Users\Sabrina\Downloads\Despicable Me 3.torrent
2017-07-15 02:34 - 2017-07-15 02:34 - 00002247 _____ C:\Users\Sabrina\Desktop\IronWASP.exe - Shortcut.lnk
2017-07-15 01:33 - 2017-07-15 01:33 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Mozilla
2017-07-15 01:33 - 2017-07-15 01:33 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\GNUCITIZEN
2017-07-15 01:33 - 2017-07-15 01:33 - 00000000 ____D C:\Users\Sabrina\AppData\Local\GNUCITIZEN
2017-07-15 01:20 - 2017-07-15 01:21 - 00000841 _____ C:\Windows\WVS_InstDBLogFile.csv
2017-07-15 01:20 - 2017-07-15 01:20 - 00000016 _____ C:\Windows\SysWOW64\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
2017-07-15 01:20 - 2017-07-15 01:20 - 00000000 ____D C:\Program Files (x86)\Acunetix
2017-07-15 01:14 - 2017-07-15 01:14 - 00000978 _____ C:\Users\Sabrina\Desktop\Acrylic Wi-Fi Professional.lnk
2017-07-15 01:14 - 2017-07-15 01:14 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acrylic Wi-Fi Professional
2017-07-15 01:12 - 2017-07-15 01:12 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Janusec.com
2017-07-15 01:04 - 2017-07-15 01:04 - 08752944 _____ (Tarlogic Research S.L. ) C:\Users\Sabrina\Downloads\Acrylic_WiFi_Professional_v3.2.6355.21915-Setup.exe
2017-07-14 23:02 - 2017-07-14 23:02 - 00019408 _____ C:\Users\Sabrina\Downloads\config (1).bin
2017-07-14 23:00 - 2017-07-14 23:00 - 03953489 _____ C:\Users\Sabrina\Downloads\TL-WR940N(US)_V4_160617_1476690524248q.zip
2017-07-14 23:00 - 2016-06-17 03:16 - 04063744 _____ C:\Users\Sabrina\Downloads\wr940nv4_us_3_16_9_up_boot(160617).bin
2017-07-14 23:00 - 2015-09-13 20:33 - 00112046 _____ C:\Users\Sabrina\Downloads\GPL License Terms.pdf
2017-07-14 23:00 - 2013-12-25 00:26 - 00259952 _____ C:\Users\Sabrina\Downloads\How to upgrade TP-LINK Wireless N Router.pdf
2017-07-14 22:20 - 2017-07-14 22:20 - 00019408 _____ C:\Users\Sabrina\Downloads\config.bin
2017-07-14 15:29 - 2017-07-14 15:29 - 00028328 _____ C:\Users\Sabrina\Downloads\nvrambak (4).bin
2017-07-14 12:55 - 2017-07-14 12:55 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2017-07-14 12:55 - 2017-07-14 12:55 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2017-07-14 12:55 - 2017-07-14 12:55 - 00000000 ____D C:\usb_driver
2017-07-14 12:51 - 2017-07-14 12:51 - 05153385 _____ C:\Users\Sabrina\Downloads\zadig_v1.1.1.137.7z
2017-07-14 12:41 - 2017-07-14 12:41 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Radica
2017-07-14 12:40 - 2017-07-14 12:40 - 00001263 _____ C:\Users\Public\Desktop\UCreate Music.lnk
2017-07-14 12:40 - 2017-07-14 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radica
2017-07-14 12:40 - 2017-07-14 12:40 - 00000000 ____D C:\Program Files (x86)\Radica
2017-07-14 12:38 - 2017-07-14 12:38 - 00461077 _____ C:\Users\Sabrina\Downloads\u-load.zip
2017-07-14 12:36 - 2017-07-14 12:36 - 03476328 _____ (Mattel Inc.) C:\Users\Sabrina\Downloads\UCreateMusic_Setup_Full.exe
2017-07-14 11:53 - 2017-07-14 11:53 - 24210616 _____ (Audacity Team ) C:\Users\Sabrina\Downloads\audacity-win-2.1.0.exe
2017-07-14 03:29 - 2017-07-14 03:29 - 00000251 _____ C:\Users\Sabrina\Desktop\mel passys.txt
2017-07-14 00:00 - 2017-07-14 00:00 - 00031275 _____ C:\Users\Sabrina\Downloads\remnux-tools-sheet.xlsx
2017-07-13 22:55 - 2017-07-16 01:24 - 00000000 ____D C:\Users\Sabrina\Documents\kali
2017-07-13 17:19 - 2017-07-13 17:23 - 287309824 _____ C:\Users\Sabrina\Downloads\gparted-live-0.28.1-1-i686.iso
2017-07-13 17:08 - 2017-06-29 02:27 - 25734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-13 17:08 - 2017-06-29 02:02 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-13 17:08 - 2017-06-29 01:50 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-13 17:08 - 2017-06-29 01:44 - 05975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-13 17:08 - 2017-06-29 01:23 - 20270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-13 17:08 - 2017-06-29 01:23 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-13 17:08 - 2017-06-29 01:17 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-07-13 17:08 - 2017-06-29 01:13 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-13 17:08 - 2017-06-29 01:09 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-13 17:08 - 2017-06-29 00:58 - 15253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-13 17:08 - 2017-06-29 00:53 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-13 17:08 - 2017-06-29 00:52 - 04549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-13 17:08 - 2017-06-29 00:51 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-07-13 17:08 - 2017-06-29 00:47 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-13 17:08 - 2017-06-29 00:43 - 13663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-13 17:08 - 2017-06-29 00:41 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-13 17:08 - 2017-06-29 00:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-13 17:08 - 2017-06-29 00:28 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-13 17:08 - 2017-06-29 00:24 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-13 17:08 - 2017-06-29 00:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-13 17:08 - 2017-06-27 10:29 - 07796736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-07-13 17:08 - 2017-06-27 10:29 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-07-13 17:08 - 2017-06-27 10:26 - 05274112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-07-13 17:08 - 2017-06-27 10:26 - 05268992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-07-13 17:08 - 2017-06-22 10:22 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-13 17:08 - 2017-06-17 12:45 - 03631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-13 17:08 - 2017-06-17 12:34 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-13 17:08 - 2017-06-17 12:11 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-13 17:08 - 2017-06-17 12:05 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-13 17:08 - 2017-06-15 18:02 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-13 17:08 - 2017-06-15 09:45 - 07440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-07-13 17:08 - 2017-06-15 09:45 - 01674520 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-07-13 17:08 - 2017-06-15 09:45 - 01534064 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-07-13 17:08 - 2017-06-15 09:45 - 01499920 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-07-13 17:08 - 2017-06-15 09:45 - 01370320 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-07-13 17:08 - 2017-06-15 09:45 - 00086360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2017-07-13 17:08 - 2017-06-11 20:06 - 00376672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-07-13 17:08 - 2017-06-11 18:21 - 00590848 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-13 17:08 - 2017-06-11 17:43 - 00371200 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-13 17:08 - 2017-06-11 17:25 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-13 17:08 - 2017-06-11 17:15 - 01436672 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-13 17:08 - 2017-06-11 17:08 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-13 17:08 - 2017-06-11 17:07 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-13 17:08 - 2017-06-11 17:00 - 00962560 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-13 17:08 - 2017-06-11 16:58 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-13 17:08 - 2017-06-11 16:40 - 01323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-13 17:08 - 2017-06-11 16:35 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-13 17:08 - 2017-06-11 16:31 - 00781312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-13 17:08 - 2017-06-11 11:15 - 02013528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-13 17:08 - 2017-06-06 16:52 - 03120640 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-13 17:08 - 2017-06-06 16:42 - 00925696 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2017-07-13 17:08 - 2017-06-06 16:38 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\cnvfat.dll
2017-07-13 17:08 - 2017-06-06 16:36 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\uudf.dll
2017-07-13 17:08 - 2017-06-06 16:36 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\convert.exe
2017-07-13 17:08 - 2017-06-06 16:35 - 00517120 _____ (Microsoft Corporation) C:\Windows\system32\uReFS.dll
2017-07-13 17:08 - 2017-06-06 15:13 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll
2017-07-13 17:08 - 2017-06-06 15:11 - 00557568 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2017-07-13 17:08 - 2017-06-06 15:11 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll
2017-07-13 17:08 - 2017-06-06 15:11 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\ufat.dll
2017-07-13 17:08 - 2017-06-06 15:11 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\uexfat.dll
2017-07-13 17:08 - 2017-06-06 15:08 - 02712576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-13 17:08 - 2017-06-06 15:03 - 00837632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2017-07-13 17:08 - 2017-06-06 14:59 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cnvfat.dll
2017-07-13 17:08 - 2017-06-06 14:57 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uudf.dll
2017-07-13 17:08 - 2017-06-06 14:56 - 00375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uReFS.dll
2017-07-13 17:08 - 2017-06-06 14:03 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ulib.dll
2017-07-13 17:08 - 2017-06-06 14:02 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2017-07-13 17:08 - 2017-06-06 14:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2017-07-13 17:08 - 2017-06-06 14:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ufat.dll
2017-07-13 17:08 - 2017-06-06 14:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uexfat.dll
2017-07-13 17:08 - 2017-06-03 12:27 - 02346496 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-07-13 17:08 - 2017-06-03 12:03 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-07-13 17:08 - 2017-05-31 17:20 - 00470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-13 17:08 - 2017-05-15 18:09 - 00057688 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2017-07-13 17:08 - 2017-05-15 16:03 - 00379744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-07-13 17:08 - 2017-05-09 10:37 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2017-07-13 17:08 - 2017-05-09 10:35 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2017-07-13 17:08 - 2017-05-09 10:29 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2017-07-13 17:08 - 2017-05-09 10:29 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\snmptrap.exe
2017-07-13 17:08 - 2017-05-09 10:28 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\DAFWSD.dll
2017-07-13 17:08 - 2017-05-09 10:28 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2017-07-13 17:08 - 2017-05-09 10:12 - 00448576 _____ C:\Windows\system32\ApnDatabase.xml
2017-07-13 17:08 - 2017-05-06 12:45 - 01114624 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2017-07-13 17:08 - 2017-05-06 12:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\rdsdwmdr.dll
2017-07-13 17:08 - 2017-05-02 16:09 - 00686592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-07-13 17:08 - 2017-05-02 16:08 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-07-13 17:08 - 2017-05-02 16:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-07-13 17:08 - 2017-05-02 14:41 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2017-07-13 17:08 - 2017-05-02 14:31 - 00329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-07-13 17:08 - 2017-05-02 14:31 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\smbwmiv2.dll
2017-07-13 17:08 - 2017-05-02 13:35 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2017-07-13 17:08 - 2017-04-30 12:48 - 00080078 _____ C:\Windows\system32\normidna.nls
2017-07-13 17:08 - 2017-04-27 21:13 - 01292288 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2017-07-13 17:08 - 2017-04-27 21:11 - 01060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2017-07-13 13:46 - 2017-05-03 19:11 - 00103600 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-13 13:46 - 2017-05-03 09:43 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-13 13:46 - 2017-05-03 09:43 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-13 13:46 - 2017-05-03 09:43 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-13 13:46 - 2017-05-03 09:43 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-13 13:46 - 2017-05-03 09:43 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-13 13:46 - 2017-05-03 09:43 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-13 13:46 - 2017-05-03 09:43 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-13 13:46 - 2017-05-03 09:43 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-10 17:23 - 2017-07-14 00:49 - 00000008 _____ C:\Users\Sabrina\Documents\dream pin.txt
2017-07-09 04:05 - 2017-07-09 04:05 - 00028049 _____ C:\Users\Sabrina\Downloads\nvrambak (3).bin
2017-07-09 00:51 - 2017-07-09 00:51 - 13283705 _____ C:\Users\Sabrina\Downloads\General_IPC-HX3(2)XXX_Eng_N_V2.212.0000.2.R.20170314.bin
2017-07-09 00:39 - 2017-07-09 00:39 - 00002509 _____ C:\Users\Public\Desktop\ONVIF Device Manager.lnk
2017-07-09 00:39 - 2017-07-09 00:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONVIF Device Manager
2017-07-09 00:39 - 2017-07-09 00:39 - 00000000 ____D C:\Program Files (x86)\Synesis
2017-07-09 00:31 - 2017-07-09 00:31 - 00009981 _____ C:\Users\Sabrina\Downloads\Snort-P0f-plugin.tgz
2017-07-09 00:30 - 2017-07-09 00:30 - 21950464 _____ C:\Users\Sabrina\Downloads\odm-v2.2.250.msi
2017-07-08 23:51 - 2013-09-21 06:49 - 00027648 _____ C:\Users\Sabrina\Documents\diel.exe
2017-07-08 23:51 - 2013-04-15 11:27 - 00027648 _____ C:\Users\Sabrina\Documents\die.exe
2017-07-08 23:48 - 2017-07-08 23:49 - 10143358 _____ C:\Users\Sabrina\Downloads\DIE_1.01_win.zip
2017-07-08 23:30 - 2017-07-08 23:30 - 00000000 ____H C:\Users\Sabrina\Documents\Default.rdp
2017-07-08 22:22 - 2017-07-08 22:22 - 00000073 _____ C:\Users\Sabrina\Documents\electum-seed.txt
2017-07-08 20:44 - 2017-07-08 23:34 - 00000000 ____D C:\Users\Sabrina\Desktop\dn
2017-07-08 04:00 - 2017-07-08 04:00 - 00028110 _____ C:\Users\Sabrina\Downloads\nvrambak (2).bin
2017-07-08 03:52 - 2017-07-08 03:52 - 24875036 _____ C:\Users\Sabrina\Downloads\ddwrt-Linksys-EA8500 (1).bin
2017-07-08 03:51 - 2017-07-08 03:51 - 37777408 _____ C:\Users\Sabrina\Downloads\dd-wrt-webupgrade (1).bin
2017-07-08 01:36 - 2017-07-08 01:36 - 08052415 _____ C:\Users\Sabrina\Downloads\BAckyard-20170620-1497957090-1497957126.mp4
2017-07-08 01:29 - 2017-07-08 01:29 - 06201800 _____ C:\Users\Sabrina\Downloads\BAckyard-20170619-1497929591-1497929651.mp4
2017-07-08 01:18 - 2017-07-08 01:20 - 09077423 _____ C:\Users\Sabrina\Downloads\BAckyard-20170619-1497910239-1497910291.mp4
2017-07-07 23:40 - 2017-07-07 23:40 - 02591872 _____ C:\Users\Sabrina\Downloads\Amcrest IP2M-842 WiFi Bullet User Manual v1.0.2 (1).pdf
2017-07-07 23:38 - 2017-07-07 23:39 - 04679199 _____ C:\Users\Sabrina\Downloads\AmcrestPTCameraUserManualv2.0.5 (1).pdf
2017-07-07 23:36 - 2017-07-07 23:36 - 04679199 _____ C:\Users\Sabrina\Downloads\AmcrestPTCameraUserManualv2.0.5.pdf
2017-07-07 20:58 - 2017-07-07 20:58 - 00001158 _____ C:\Users\Public\Desktop\Amcrest IP Config.lnk
2017-07-07 20:58 - 2017-07-07 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amcrest IP Config
2017-07-07 20:58 - 2017-07-07 20:58 - 00000000 ____D C:\Program Files (x86)\Amcrest IP Config
2017-07-07 20:57 - 2017-07-07 20:57 - 17358728 _____ C:\Users\Sabrina\Downloads\Amcrest_IPConfig_Eng_V3.20.10.R.160922.exe
2017-07-07 18:15 - 2016-11-22 18:53 - 00000234 _____ C:\Users\Sabrina\Downloads\md5sum.txt
2017-07-07 18:15 - 2016-11-22 00:12 - 1294991360 _____ C:\Users\Sabrina\Downloads\Remix_OS_for_PC_Android_M_64bit_B2016112101.iso
2017-07-07 18:15 - 2016-08-08 17:22 - 05715968 _____ (Jide Technology Co., Ltd) C:\Users\Sabrina\Downloads\Remix_OS_for_PC_Installation_Tool-B2016080802.exe
2017-07-07 18:15 - 2016-08-08 17:21 - 00003031 _____ C:\Users\Sabrina\Downloads\How_to_launch_Remix_OS_for_PC.txt
2017-07-07 17:27 - 2017-07-07 17:43 - 1097779088 ____R C:\Users\Sabrina\Downloads\release_Remix_OS_for_PC_Android_M_64bit_B2016112101.zip
2017-07-07 17:27 - 2017-07-07 17:27 - 00084140 _____ C:\Users\Sabrina\Downloads\Remix_OS_for_PC_Android_M_64bit_B2016112101.torrent
2017-07-07 16:43 - 2017-07-07 16:44 - 04866048 _____ (Geza Kovacs) C:\Users\Sabrina\Downloads\remixos-usb-tool.exe
2017-07-06 23:06 - 2017-07-06 23:06 - 03006464 _____ C:\Users\Sabrina\Documents\ActiveBootDiskDOS.ISO
2017-07-06 22:56 - 2017-07-06 22:57 - 44235710 _____ C:\Users\Sabrina\Downloads\win7_v9-2-0-419 (1).rar
2017-07-06 22:56 - 2017-07-06 22:56 - 00364850 _____ C:\Users\Sabrina\Downloads\WinFlash_2_31_1.zip
2017-07-06 22:54 - 2017-07-06 22:54 - 04236706 _____ C:\Users\Sabrina\Downloads\Control_Deck.zip
2017-07-06 22:51 - 2017-07-06 22:52 - 44235710 _____ C:\Users\Sabrina\Downloads\win7_v9-2-0-419.rar
2017-07-06 22:51 - 2017-07-06 22:52 - 00897983 _____ C:\Users\Sabrina\Downloads\EP121AS_603.zip
2017-07-06 22:16 - 2017-07-06 22:16 - 00000059 _____ C:\Users\Sabrina\Desktop\sandisk info.txt
2017-07-06 20:37 - 2017-07-06 20:37 - 315910144 _____ C:\Users\Sabrina\Desktop\ActiveBootDisk.ISO
2017-07-06 20:28 - 2017-07-06 20:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ Data Studio
2017-07-06 20:27 - 2017-07-06 20:27 - 00000000 ____D C:\Program Files\LSoft Technologies
2017-07-06 20:24 - 2017-07-06 22:43 - 00000000 ____D C:\Users\Sabrina\Documents\Active.Data.Studio.10.5.0
2017-07-06 19:21 - 2017-07-06 19:25 - 00000000 ____D C:\Users\Sabrina\Documents\bootit
2017-07-06 19:17 - 2017-07-06 19:19 - 07940638 _____ C:\Users\Sabrina\Documents\WORKTOP.arn
2017-07-06 17:37 - 2017-07-20 09:17 - 00000000 ____D C:\Users\Sabrina\Desktop\av
2017-07-06 15:55 - 2017-07-06 15:55 - 05272204 _____ C:\Users\Sabrina\Downloads\bootitbm_en_trial.zip
2017-07-05 20:01 - 2017-07-05 20:05 - 188987936 _____ C:\Users\Sabrina\Downloads\BT_V8_0_0_206.zip
2017-07-05 20:01 - 2017-07-05 20:03 - 38705692 _____ C:\Users\Sabrina\Downloads\RNWF10_0_0Win8_77_INSTALL10_0_0_110.zip
2017-07-05 20:01 - 2017-07-05 20:03 - 107437436 _____ C:\Users\Sabrina\Downloads\6_0_1_6704_PG355_logo_Win8_7_Vista32_64_ASIO.zip
2017-07-05 20:01 - 2017-07-05 20:01 - 05507075 _____ C:\Users\Sabrina\Downloads\EeeSlateUtil_atk0200_1_0_0_5.zip
2017-07-05 20:01 - 2017-07-05 20:01 - 05061555 _____ C:\Users\Sabrina\Downloads\EeeSlateUtil_atk0201_1_0_0_2.zip
2017-07-05 19:58 - 2017-07-05 19:58 - 00889550 _____ C:\Users\Sabrina\Downloads\EP121AS_704.rar
2017-07-04 19:47 - 2017-07-04 19:47 - 00002226 _____ C:\Users\Sabrina\AppData\Local\recently-used.xbel
2017-07-04 18:10 - 2017-07-04 19:37 - 08955736 _____ C:\Users\Sabrina\Documents\network_time
2017-07-04 10:10 - 2017-02-19 12:04 - 00000054 _____ C:\serial.txt
2017-07-04 10:09 - 2017-02-19 12:04 - 214339584 ____R C:\passware-kit-forensic-64bit.msi
2017-07-04 06:39 - 2017-07-08 09:50 - 00000000 ____D C:\Users\Sabrina\Documents\BULK EXTRACTOR
2017-07-04 06:30 - 2017-07-04 06:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Extractor 1.5.1
2017-07-04 06:30 - 2017-07-04 06:30 - 00000000 ____D C:\Program Files (x86)\Bulk Extractor 1.5.1
2017-07-04 06:29 - 2017-07-04 06:29 - 20624977 _____ C:\Users\Sabrina\Downloads\bulk_extractor-windowsinstaller.exe
2017-07-04 04:27 - 2013-09-11 10:37 - 00000156 _____ C:\Users\Sabrina\Documents\aff.conf
2017-07-04 03:58 - 2010-10-07 21:37 - 00546205 _____ C:\Windows\system32\sqlite3.dll
2017-07-04 03:58 - 2010-10-07 21:37 - 00546205 _____ C:\Users\Sabrina\Desktop\sqlite3.dll
2017-07-04 03:13 - 2017-07-04 03:14 - 03746594 _____ C:\Users\Sabrina\Downloads\RegRipper2.8-master.zip
2017-07-04 01:31 - 2017-07-04 01:31 - 00117208 _____ C:\Users\Sabrina\Documents\PasswareKitLogs.zip
2017-07-04 01:01 - 2017-07-04 01:01 - 00001268 _____ C:\Users\Sabrina\Desktop\TreeSize Free.lnk
2017-07-04 01:01 - 2017-07-04 01:01 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\JAM Software
2017-07-04 01:01 - 2017-07-04 01:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2017-07-04 01:01 - 2017-07-04 01:01 - 00000000 ____D C:\Program Files (x86)\JAM Software
2017-07-04 00:30 - 2017-07-20 06:26 - 00000000 ____D C:\Users\Sabrina\AppData\Local\CrashDumps
2017-07-03 22:40 - 2017-07-03 23:05 - 2552998568 _____ C:\Users\Sabrina\Downloads\rds_257_modernm.zip
2017-07-03 21:45 - 2017-07-03 21:45 - 00000000 ____D C:\Users\Sabrina\Documents\Wrensoft
2017-07-03 21:35 - 2017-07-06 13:49 - 00000000 ____D C:\Program Files\OSForensics
2017-07-03 21:35 - 2017-07-04 21:55 - 00000939 _____ C:\Users\Sabrina\Desktop\OSForensics.lnk
2017-07-03 21:35 - 2017-07-04 03:54 - 00000000 ____D C:\Users\Sabrina\Documents\PassMark
2017-07-03 21:35 - 2017-07-03 21:35 - 00000000 ____D C:\ProgramData\PassMark
2017-07-03 21:35 - 2017-07-03 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OSForensics
2017-07-03 20:46 - 2017-07-03 20:48 - 53433133 _____ C:\Users\Sabrina\Downloads\OSForensics.3.2.1001 (1).rar
2017-07-03 20:42 - 2017-07-03 20:44 - 16973536 _____ C:\Users\Sabrina\Downloads\OSForensics.3.2.1001.rar
2017-07-03 20:11 - 2017-07-03 20:33 - 1214161066 _____ C:\Users\Sabrina\Downloads\BlackLight_Win_Setup_2016r3_1.zip
2017-07-03 19:45 - 2017-07-03 19:45 - 01218791 _____ C:\Users\Sabrina\Downloads\NTFS Log Tracker v1.41.zip
2017-07-03 19:39 - 2017-07-03 19:41 - 42314377 _____ C:\Users\Sabrina\Downloads\bulk_extractor64.exe
2017-07-03 18:34 - 2017-02-19 12:04 - 57839616 ____R C:\passware-kit-agent-64bit.msi
2017-07-03 18:19 - 2017-07-03 18:30 - 106037859 _____ C:\Users\Sabrina\Downloads\PKF2017v11Agents.7z
2017-07-03 17:54 - 2017-07-03 17:54 - 00001195 _____ C:\Users\Public\Desktop\Passware Kit Forensic 2017 v1 (64-bit).lnk
2017-07-03 17:53 - 2017-07-03 17:53 - 00000000 ____D C:\Program Files\Passware
2017-07-03 17:51 - 2017-02-19 12:04 - 214339584 ____R C:\Users\Sabrina\Desktop\passware-kit-forensic-64bit.msi
2017-07-03 17:08 - 2017-07-03 17:36 - 412290583 _____ C:\Users\Sabrina\Downloads\PKF2017v11 (1).7z
2017-07-03 16:22 - 2017-07-03 16:22 - 00005148 _____ C:\Users\Sabrina\Desktop\PasswareKit_Results-070317.html
2017-07-03 16:17 - 2017-07-03 16:23 - 916687958 _____ C:\Users\Sabrina\Downloads\PKF 2017 - izofile.com.rar
2017-07-03 15:57 - 2017-07-03 15:58 - 157267329 _____ C:\Users\Sabrina\Downloads\CodenameH****-S0076.zip
2017-07-03 15:48 - 2017-07-03 15:48 - 66383872 _____ C:\Users\Sabrina\Downloads\passware-kit-agent-32bit.msi
2017-07-03 15:03 - 2017-07-03 15:05 - 182830080 _____ C:\Users\Sabrina\Downloads\FrequentPasswords.dic
2017-07-03 15:01 - 2017-07-03 15:02 - 68599808 _____ C:\Users\Sabrina\Downloads\passware-kit-agent-64bit.msi
2017-07-03 14:45 - 2017-07-03 14:29 - 00000000 ____D C:\Assets1_1
2017-07-03 14:45 - 2011-03-24 02:14 - 05645496 _____ C:\Users\Sabrina\Desktop\Assets1_1.zip
2017-07-02 20:19 - 2017-07-02 21:02 - 2949644288 _____ C:\Users\Sabrina\Downloads\caine8.0.iso
2017-07-02 20:18 - 2017-07-02 20:18 - 00056870 _____ C:\Users\Sabrina\Downloads\caine8.0.iso.torrent
2017-07-02 00:17 - 2017-07-02 00:17 - 00027118 _____ C:\Users\Sabrina\Downloads\nvrambak (1).bin
2017-07-01 18:56 - 2017-07-01 18:57 - 00001480 _____ C:\Users\Sabrina\Downloads\vap2500_root.rb
2017-07-01 10:26 - 2017-07-01 10:26 - 00000045 _____ C:\Users\Sabrina\Desktop\pass-routs.txt
2017-07-01 10:12 - 2017-07-01 10:12 - 00026947 _____ C:\Users\Sabrina\Downloads\nvrambak.bin
2017-07-01 03:49 - 2017-07-01 03:51 - 24858652 _____ C:\Users\Sabrina\Downloads\ddwrt-Linksys-EA8500-31240.bin
2017-06-30 21:33 - 2017-06-30 21:40 - 00000000 ____D C:\Users\Sabrina\Desktop\look
2017-06-30 21:33 - 2017-06-30 21:33 - 01005016 _____ C:\Users\Sabrina\Downloads\ProcessMonitor.zip
2017-06-30 21:26 - 2017-06-30 21:26 - 00291606 _____ C:\Users\Sabrina\Downloads\TCPView.zip
2017-06-30 21:26 - 2006-07-28 09:32 - 00007005 _____ C:\Users\Sabrina\Documents\Eula.txt
2017-06-28 17:37 - 2017-06-28 17:50 - 25696208 _____ C:\Users\Sabrina\Downloads\dd-wrt-webupgrade.bin
2017-06-28 17:37 - 2017-06-28 17:50 - 24940572 _____ C:\Users\Sabrina\Downloads\ddwrt-Linksys-EA8500.bin
2017-06-28 13:40 - 2017-06-28 13:40 - 00089213 _____ C:\Users\Sabrina\Downloads\Profilic_Win8_x64_x86.zip
2017-06-28 13:38 - 2017-06-28 13:38 - 00000000 ____D C:\Users\Sabrina\Desktop\PuTTy-TFTP
2017-06-28 13:36 - 2017-06-28 13:38 - 23893927 _____ C:\Users\Sabrina\Downloads\PuTTy-TFTP.zip
2017-06-28 13:36 - 2017-06-28 13:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ser2pl64_01009.Wdf
2017-06-27 17:45 - 2017-06-27 17:45 - 00036864 _____ () C:\Users\Sabrina\Downloads\Tftp.exe
2017-06-27 17:24 - 2017-06-27 17:25 - 37255782 _____ C:\Users\Sabrina\Downloads\full.zip
2017-06-27 15:06 - 2017-06-27 15:07 - 07471816 _____ (JAM Software ) C:\Users\Sabrina\Downloads\TreeSizeFreeSetup.exe
2017-06-27 05:29 - 2017-06-27 05:37 - 19843170 _____ C:\Users\Sabrina\Downloads\chrome-net-export-log.json
2017-06-27 01:13 - 2017-07-02 21:36 - 00000000 ____D C:\Users\Sabrina\Documents\Virtual Machines
2017-06-27 01:09 - 2017-07-16 03:07 - 00000000 ____D C:\Users\Sabrina\AppData\Local\VMware
2017-06-27 01:09 - 2017-07-16 01:20 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\VMware
2017-06-27 01:05 - 2017-06-19 20:04 - 01149416 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2017-06-27 01:05 - 2017-06-19 20:03 - 00400872 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2017-06-27 01:05 - 2017-06-19 20:03 - 00366568 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2017-06-27 01:05 - 2017-06-19 19:58 - 00088504 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2017-06-27 01:05 - 2017-06-19 19:46 - 00066520 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
2017-06-27 01:05 - 2017-06-19 19:46 - 00046032 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys
2017-06-27 01:05 - 2017-06-19 19:46 - 00043992 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2017-06-27 01:05 - 2017-02-20 08:02 - 00083008 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2017-06-27 01:05 - 2016-09-30 01:12 - 00091712 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2017-06-27 01:05 - 2016-09-30 01:12 - 00069104 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2017-06-27 01:05 - 2016-09-30 01:12 - 00065016 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2017-06-27 01:04 - 2017-07-20 09:00 - 00000000 ____D C:\ProgramData\VMware
2017-06-27 01:04 - 2017-06-27 01:04 - 00883938 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-06-27 01:04 - 2017-06-27 01:04 - 00001239 _____ C:\Users\Public\Desktop\VMware Workstation 12 Player.lnk
2017-06-27 01:04 - 2017-06-27 01:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2017-06-27 01:04 - 2017-06-27 01:04 - 00000000 ____D C:\Program Files\Common Files\VMware
2017-06-27 01:04 - 2017-06-27 01:04 - 00000000 ____D C:\Program Files (x86)\VMware
2017-06-27 00:58 - 2017-06-27 01:03 - 82084808 _____ (VMware, Inc.) C:\Users\Sabrina\Downloads\VMware-player-12.5.7-5813279.exe
2017-06-26 21:36 - 2017-06-26 21:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
2017-06-26 21:36 - 2017-06-26 21:36 - 00000000 ____D C:\Program Files (x86)\Belkin
2017-06-26 21:34 - 2017-06-26 21:34 - 00000000 ____D C:\Windows\{FF6654AC-6C49-4BA9-B6CC-868D13DE0321}
2017-06-26 21:33 - 2017-06-26 21:34 - 45792328 _____ C:\Users\Sabrina\Downloads\F9L1101v1_N600.exe
2017-06-26 20:23 - 2017-06-26 20:38 - 2162908504 _____ C:\Users\Sabrina\Downloads\Kali-Linux-2017.1-hyperv-amd64.7z
2017-06-26 19:45 - 2017-06-26 19:45 - 00001239 _____ C:\Users\Sabrina\Desktop\Dumpper.exe - Shortcut.lnk
2017-06-26 13:43 - 2017-06-26 13:43 - 00000981 _____ C:\Users\Sabrina\Desktop\WShark.exe - Shortcut.lnk
2017-06-26 04:02 - 2017-06-26 19:14 - 00000073 _____ C:\Users\Sabrina\Desktop\neighb.txt
2017-06-26 03:11 - 2017-06-26 03:12 - 07913472 _____ C:\Users\Sabrina\Downloads\tomato-K26USB-1.28.20150213MIPSR2Gus-F9K1102-64K (1).trx
2017-06-26 02:28 - 2017-06-26 02:28 - 00139104 _____ C:\Users\Sabrina\Downloads\tomato-K26USB-1.28.20150213MIPSR2Gus-F9K1102-64K.trx
2017-06-26 00:38 - 2017-06-26 00:39 - 24486143 _____ C:\Users\Sabrina\Downloads\EA8500-factory-to-ddwrt.img
2017-06-25 18:06 - 2017-06-25 18:06 - 00009057 _____ C:\Users\Sabrina\Downloads\backup (1).cfg
2017-06-25 17:38 - 2017-06-25 17:47 - 10917166 _____ C:\Users\Sabrina\Downloads\FW_EA8500_1.1.4.168206_prod.img
2017-06-25 17:35 - 2017-06-25 17:42 - 06245070 _____ C:\Users\Sabrina\Downloads\FW_EA8500_1.1.4.169978_prod (2).img
2017-06-25 16:40 - 2017-06-25 16:40 - 23199744 _____ C:\Users\Sabrina\Downloads\FW_EA8500_1.1.4.169978_prod (1).img
2017-06-25 16:06 - 2017-06-25 16:06 - 04720805 _____ C:\Users\Sabrina\Downloads\lede-17.01.2-ipq806x-EA8500-squashfs-sysupgrade.tar
2017-06-25 16:06 - 2017-06-25 16:06 - 04720805 _____ C:\Users\Sabrina\Downloads\lede-17.01.2-ipq806x-EA8500-squashfs-sysupgrade (1).tar
2017-06-25 15:40 - 2017-06-25 15:40 - 23199744 _____ C:\Users\Sabrina\Downloads\FW_EA8500_1.1.4.169978_prod.img
2017-06-25 15:30 - 2017-06-25 15:31 - 06553600 _____ C:\Users\Sabrina\Downloads\lede-ipq806x-EA8500-squashfs-factory.bin
2017-06-25 09:39 - 2017-06-25 09:39 - 03882384 _____ (Fastvue Inc. ) C:\Users\Sabrina\Downloads\FastvueSyslogServer1.0_stable (1).exe
2017-06-25 08:58 - 2017-06-25 08:58 - 07077888 _____ C:\Users\Sabrina\Downloads\lede-17.01.2-ipq806x-EA8500-squashfs-factory.bin
2017-06-25 06:06 - 2017-06-25 06:06 - 00117805 _____ C:\Users\Sabrina\Downloads\cports-x64.zip
2017-06-25 06:01 - 2017-06-25 06:01 - 00009316 _____ C:\Users\Sabrina\Downloads\ddnsupdater (1).php
2017-06-25 05:37 - 2017-06-25 05:37 - 00012909 _____ C:\Users\Sabrina\Downloads\All_2017-6-25-5-38-19.html
2017-06-25 04:48 - 2017-06-25 04:48 - 00057741 _____ C:\Users\Sabrina\Desktop\home2.txt
2017-06-25 04:06 - 2017-06-25 04:06 - 00007831 _____ C:\Users\Sabrina\Desktop\home.txt
2017-06-24 04:38 - 2017-06-24 04:38 - 00000000 ____D C:\Users\Sabrina\Desktop\ulns
2017-06-24 02:24 - 2017-06-24 02:24 - 00001329 _____ C:\Users\Sabrina\Desktop\beach.csv
2017-06-24 01:31 - 2017-06-24 01:42 - 00000000 ____D C:\Program Files (x86)\CommViewWiFi
2017-06-24 01:31 - 2017-06-24 01:31 - 00001122 _____ C:\Users\Public\Desktop\CommView for WiFi.lnk
2017-06-24 01:31 - 2017-06-24 01:31 - 00000000 ____D C:\Users\Sabrina\Documents\CommView for WiFi
2017-06-24 01:31 - 2017-06-24 01:31 - 00000000 ____D C:\ProgramData\TamoSoft
2017-06-24 01:31 - 2017-06-24 01:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CommView for WiFi
2017-06-24 01:03 - 2017-06-24 01:04 - 01227012 _____ C:\Users\Sabrina\Documents\Dumpper v.90.6.rar
2017-06-24 01:03 - 2017-06-24 01:03 - 00000000 _____ C:\Users\WORK\Desktop\JumpStart.rar
2017-06-24 00:35 - 2017-06-26 15:02 - 00000000 ____D C:\windump
2017-06-23 21:50 - 2017-06-23 21:50 - 00002370 _____ C:\Users\Public\Desktop\MaltegoCE v4.0.11.lnk
2017-06-23 21:50 - 2017-06-23 21:50 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\.maltego
2017-06-23 21:50 - 2017-06-23 21:50 - 00000000 ____D C:\ProgramData\Paterva
2017-06-23 21:45 - 2017-06-23 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paterva
2017-06-23 21:44 - 2017-06-23 21:49 - 00000000 ____D C:\Program Files (x86)\Paterva
2017-06-23 21:26 - 2017-06-23 21:26 - 00915128 _____ (Riverbed Technology, Inc.) C:\Users\Sabrina\Downloads\WinPcap_4_1_3.exe
2017-06-23 21:23 - 2017-06-23 21:27 - 81666866 _____ (Paterva) C:\Users\Sabrina\Downloads\MaltegoCESetup.v4.0.11.9358.exe
2017-06-23 21:21 - 2017-06-23 21:21 - 00709364 _____ C:\Users\Sabrina\Downloads\kismet-2016-07-R1.tar (1).xz
2017-06-23 21:20 - 2017-06-23 21:20 - 00569344 _____ C:\Users\Sabrina\Downloads\WinDump.exe
2017-06-23 21:00 - 2017-06-23 21:00 - 00413488 _____ C:\Users\Sabrina\Downloads\windows-installation-guide.pdf
2017-06-23 20:27 - 2017-06-23 20:27 - 00001013 _____ C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2017-06-23 20:27 - 2017-06-23 20:27 - 00001005 _____ C:\Users\Sabrina\Desktop\join.me.lnk
2017-06-23 19:49 - 2017-06-23 20:27 - 00000000 ____D C:\Users\Sabrina\AppData\Local\join.me
2017-06-22 05:50 - 2017-06-22 05:50 - 00251904 _____ C:\Users\Sabrina\Downloads\SynoMon-1.4.8-029-noarch.spk
2017-06-22 05:38 - 2017-06-22 05:41 - 83950736 _____ (Synology Inc.) C:\Users\Sabrina\Downloads\Synology Surveillance Station Client-1.0.3-0214_x64.exe
2017-06-22 05:36 - 2017-06-22 05:36 - 00008533 _____ C:\Users\Sabrina\Downloads\CvwMeszQ.txt
2017-06-22 04:03 - 2017-06-22 04:03 - 00013491 _____ C:\Users\Sabrina\Documents\Router Logs.html
2017-06-22 03:24 - 2017-06-22 03:24 - 00213370 _____ C:\Users\Sabrina\Downloads\AA05.tmp
2017-06-21 01:16 - 2017-06-22 03:24 - 00000000 ____D C:\Users\Sabrina\Documents\Hosts (darkstat eth0)_files
2017-06-21 01:16 - 2017-06-21 01:16 - 00272294 _____ C:\Users\Sabrina\Documents\Hosts (darkstat eth0).html
2017-06-20 23:47 - 2017-04-21 17:53 - 00029376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-06-20 23:47 - 2017-04-21 17:50 - 00030912 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-06-20 23:46 - 2017-04-21 17:53 - 00018600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2017-06-20 23:46 - 2017-04-21 17:50 - 00018592 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-06-20 23:46 - 2017-04-11 14:27 - 00485576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-06-20 23:46 - 2017-03-15 14:15 - 00690008 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-06-20 23:45 - 2017-04-11 14:27 - 00987840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-06-20 23:45 - 2017-03-15 14:15 - 00993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-06-20 22:10 - 2017-06-20 22:10 - 00001594 _____ C:\Users\Sabrina\Desktop\Acrylic.exe - Shortcut.lnk
2017-06-20 22:06 - 2016-04-01 21:03 - 00470528 _____ (Tarlogic Security S.L.) C:\Users\Sabrina\Desktop\Tarlogic.Common.dll
2017-06-20 22:06 - 2016-04-01 20:40 - 00778752 _____ (Tarlogic Security S.L.) C:\Users\Sabrina\Desktop\Tarlogic.Gui.dll
2017-06-20 22:05 - 2015-03-23 11:00 - 00031392 _____ (Tarlogic) C:\Windows\system32\Drivers\TRLNDISMON.sys
2017-06-20 22:01 - 2017-06-20 23:11 - 00000000 ____D C:\Users\Sabrina\Documents\acryllz
2017-06-20 21:58 - 2017-06-20 21:58 - 00000025 _____ C:\Users\Sabrina\Downloads\www.p30download.com.txt
2017-06-20 21:56 - 2017-06-20 22:02 - 09283050 _____ C:\Users\Sabrina\Downloads\Acrylic.WiFi.Professional.v3.0.5770.30583_p30download.com.rar
2017-06-20 21:52 - 2017-06-20 21:52 - 00539685 _____ C:\Users\Sabrina\Downloads\Acrylic.WiFi.Professional.v3.0.5770.30583.Crack.zip
2017-06-20 19:17 - 2017-06-20 19:17 - 06422101 _____ C:\Users\Sabrina\Downloads\Acrylic_WiFi_Free_v1.1.5248.17312-Setup (1).exe
2017-06-20 18:57 - 2017-06-20 19:27 - 00001071 _____ C:\Users\Sabrina\Desktop\Acrylic Wi-Fi Free.lnk
2017-06-20 18:57 - 2017-06-20 18:57 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acrylic Wi-Fi Free
2017-06-20 18:49 - 2017-06-20 18:51 - 06071728 _____ (Tarlogic Security S.L. ) C:\Users\Sabrina\Downloads\acrylic_wifi_free_v2.3.5652.32360-setup.exe
2017-06-20 18:32 - 2017-06-20 18:32 - 06422101 _____ C:\Users\Sabrina\Downloads\Acrylic_WiFi_Free_v1.1.5248.17312-Setup.exe
2017-06-20 17:50 - 2017-06-20 18:57 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Acrylic Wi-Fi Free
2017-06-20 17:48 - 2017-06-20 17:48 - 06512360 _____ (Tarlogic Security S.L. ) C:\Users\Sabrina\Downloads\acrylic-wifi-free-1-1-5248-es-en-win.exe
2017-06-20 17:46 - 2017-06-20 17:46 - 06837560 _____ (Microsoft Corporation) C:\Users\Sabrina\Downloads\NM34_x64.exe
2017-06-20 17:29 - 2017-06-20 17:40 - 80650541 _____ C:\Users\Sabrina\Downloads\ca7.zip
2017-06-20 17:25 - 2017-06-21 00:39 - 00000000 ____D C:\aircrack
2017-06-20 17:24 - 2017-06-20 17:24 - 00174778 _____ C:\Users\Sabrina\Downloads\Peek_9.zip
2017-06-20 04:05 - 2017-06-20 04:05 - 14594574 _____ C:\Users\Sabrina\Downloads\34586751-MIT (1).pdf
2017-06-20 03:47 - 2017-06-20 03:48 - 14594574 _____ C:\Users\Sabrina\Downloads\34586751-MIT.pdf
2017-06-20 03:47 - 2017-06-20 03:48 - 03660657 _____ C:\Users\Sabrina\Downloads\ZHENG_Jianxia.pdf
2017-06-20 02:00 - 2017-06-20 02:00 - 00003901 _____ C:\Users\Sabrina\Desktop\synx.txt
2017-06-20 01:50 - 2017-06-20 01:50 - 00020480 _____ C:\Users\Sabrina\Downloads\CurrentConnection-noarch-11.spk
2017-06-20 00:08 - 2017-06-20 00:08 - 00024623 _____ C:\Users\Sabrina\Desktop\check_find_new_hosts

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-20 10:37 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2017-07-20 10:36 - 2017-05-31 22:56 - 00000000 ____D C:\Windows\CryptoGuard
2017-07-20 10:02 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
2017-07-20 09:25 - 2015-07-03 13:24 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3524799261-2934001270-7150906-1003
2017-07-20 09:00 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-20 08:56 - 2017-05-02 04:19 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-07-20 08:51 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-20 08:12 - 2015-07-03 14:57 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0BD6A148-BAF0-460C-9755-028D337DC37D}
2017-07-20 02:03 - 2015-07-03 13:18 - 00000000 ____D C:\Users\Sabrina\AppData\Local\VirtualStore
2017-07-19 22:28 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF
2017-07-19 21:38 - 2015-07-03 13:18 - 00000000 ____D C:\Users\Sabrina
2017-07-19 20:51 - 2014-11-21 04:43 - 00869580 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-19 17:24 - 2017-02-06 09:52 - 00000000 ____D C:\Program Files (x86)\Cisco
2017-07-19 17:20 - 2017-05-06 03:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-07-19 17:14 - 2017-05-01 18:09 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Electrum
2017-07-19 17:05 - 2017-05-01 00:46 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\gnupg
2017-07-19 03:09 - 2015-07-06 16:12 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\vlc
2017-07-19 00:52 - 2017-05-23 20:36 - 00000000 ____D C:\Users\Sabrina\.zenmap
2017-07-18 04:53 - 2015-07-04 09:15 - 00000000 ____D C:\Users\Sabrina\AppData\Local\ElevatedDiagnostics
2017-07-17 03:39 - 2017-05-01 03:28 - 00000000 ____D C:\ProgramData\Sophos
2017-07-17 03:00 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-07-16 23:24 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\setup
2017-07-16 23:24 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-07-16 21:28 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2017-07-16 21:28 - 2013-08-22 06:45 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\telnet.exe
2017-07-16 17:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2017-07-15 23:41 - 2017-05-23 20:29 - 00000000 ____D C:\Program Files\Npcap
2017-07-15 14:24 - 2017-05-26 11:05 - 00388096 ___SH C:\Users\Sabrina\Documents\Thumbs.db
2017-07-15 10:25 - 2017-06-03 15:44 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\uTorrent
2017-07-15 01:14 - 2017-05-26 00:17 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Acrylic Wi-Fi Professional
2017-07-15 01:14 - 2017-05-26 00:17 - 00000000 ____D C:\Program Files\Acrylic Wi-Fi Professional
2017-07-14 22:10 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\LiveKernelReports
2017-07-14 05:10 - 2017-05-26 11:11 - 00074240 ___SH C:\Users\Sabrina\Desktop\Thumbs.db
2017-07-14 04:38 - 2015-06-17 21:06 - 00000000 ____D C:\Windows\system32\appraiser
2017-07-14 04:36 - 2013-08-22 10:44 - 00348616 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-13 19:00 - 2015-11-03 09:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-07-13 19:00 - 2015-06-14 15:12 - 00000000 ____D C:\Windows\system32\MRT
2017-07-13 18:55 - 2015-06-14 15:12 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-11 17:13 - 2015-07-05 00:19 - 00004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-11 17:13 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-11 17:13 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-10 17:33 - 2017-05-01 01:04 - 00000000 ____D C:\Users\Sabrina\AppData\Local\gtk-2.0
2017-07-09 03:18 - 2017-05-23 20:28 - 00000000 ____D C:\Program Files (x86)\Nmap
2017-07-08 23:23 - 2017-05-25 14:14 - 00000600 _____ C:\Users\Sabrina\AppData\Local\PUTTY.RND
2017-07-08 05:56 - 2015-07-03 13:18 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Packages
2017-07-08 01:01 - 2017-06-19 02:18 - 00000000 ____D C:\Program Files (x86)\Synology
2017-07-07 22:41 - 2017-06-03 14:35 - 00000070 _____ C:\Users\Sabrina\AppData\Local\Config.ini
2017-07-06 16:22 - 2017-05-07 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passware
2017-07-06 16:00 - 2017-05-05 18:33 - 00000000 ___HD C:\Users\Sabrina\Desktop\SC Info
2017-07-06 07:11 - 2017-05-06 08:33 - 00000000 ____D C:\Users\Sabrina\Documents\samsung
2017-07-04 04:37 - 2017-05-06 01:56 - 00000000 ____D C:\ProgramData\firebird
2017-07-01 23:31 - 2015-06-18 00:15 - 00000498 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-06-29 20:27 - 2017-06-19 00:17 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-29 20:27 - 2017-06-19 00:17 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-28 19:09 - 2016-09-26 14:39 - 00002250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 18:05 - 2017-06-12 18:20 - 00000600 _____ C:\Users\Sabrina\AppData\Roaming\winscp.rnd
2017-06-27 18:03 - 2017-06-03 02:58 - 00007589 _____ C:\Users\Sabrina\AppData\Local\Resmon.ResmonCfg
2017-06-27 02:46 - 2017-05-06 03:53 - 00000000 ___HD C:\win-forensics-tools
2017-06-27 01:15 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\schemas
2017-06-26 23:07 - 2015-06-17 22:25 - 27715584 _____ C:\Windows\system32\vmguest.iso
2017-06-25 09:39 - 2017-05-26 05:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fastvue
2017-06-22 11:05 - 2017-06-03 16:04 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\.minecraft
2017-06-22 11:02 - 2017-06-12 18:15 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\DS4Windows
2017-06-22 08:24 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\tracing
2017-06-20 18:57 - 2015-06-14 16:07 - 00000000 ____D C:\Program Files\Acrylic Wi-Fi Free

==================== Files in the root of some directories =======

2017-05-22 06:10 - 2017-05-22 06:10 - 1101824 _____ (Mojang (By OfficialHawk)) C:\Users\Sabrina\AppData\Roaming\game.gdf
2017-05-21 05:24 - 2011-05-22 16:12 - 0014324 _____ () C:\Users\Sabrina\AppData\Roaming\minecraft.png
2017-05-06 04:03 - 2017-05-30 03:00 - 0000819 _____ () C:\Users\Sabrina\AppData\Roaming\NetworkScanner.ini
2017-06-12 18:20 - 2017-06-28 18:05 - 0000600 _____ () C:\Users\Sabrina\AppData\Roaming\winscp.rnd
2017-05-05 20:33 - 2017-05-05 20:33 - 0001109 _____ () C:\Users\Sabrina\AppData\Local\AppData - Shortcut.lnk
2017-06-03 14:35 - 2017-07-07 22:41 - 0000070 _____ () C:\Users\Sabrina\AppData\Local\Config.ini
2017-05-25 14:14 - 2017-07-08 23:23 - 0000600 _____ () C:\Users\Sabrina\AppData\Local\PUTTY.RND
2017-07-04 19:47 - 2017-07-04 19:47 - 0002226 _____ () C:\Users\Sabrina\AppData\Local\recently-used.xbel
2017-06-03 02:58 - 2017-06-27 18:03 - 0007589 _____ () C:\Users\Sabrina\AppData\Local\Resmon.ResmonCfg
2017-07-17 02:11 - 2017-07-17 02:12 - 0046080 ___SH () C:\Users\Sabrina\AppData\Local\Thumbs.db
2017-05-23 20:36 - 2017-06-25 15:12 - 0000715 _____ () C:\Users\Sabrina\AppData\Local\zenmap.exe.log

Some files in TEMP:
====================
2017-07-17 02:59 - 2017-03-15 11:55 - 0325080 _____ (Sophos Limited) C:\Users\Sabrina\AppData\Local\Temp\deleter.dll
2017-07-19 18:44 - 2017-05-14 14:06 - 1737600 _____ (Microsoft Corporation) C:\Users\Sabrina\AppData\Local\Temp\dllnt_dump.dll
2017-05-09 00:31 - 2012-02-06 10:55 - 0122368 _____ () C:\Users\Sabrina\AppData\Local\Temp\Gecko_iPhone_Toolkit.exe
2009-08-26 21:52 - 2009-08-26 21:52 - 0086016 _____ () C:\Users\Sabrina\AppData\Local\Temp\install.dll
2002-04-13 20:59 - 2002-04-13 20:59 - 0007584 _____ () C:\Users\Sabrina\AppData\Local\Temp\KILLW16.EXE
2017-07-20 09:03 - 2017-07-20 09:03 - 1173152 ____H (Sysinternals - www.sysinternals.com) C:\Users\Sabrina\AppData\Local\Temp\Procmon64.exe
2017-05-09 00:31 - 2012-02-06 00:09 - 25516032 _____ () C:\Users\Sabrina\AppData\Local\Temp\redsn0w.exe
2012-11-13 00:55 - 2012-11-13 00:55 - 28710616 _____ (Belkin ) C:\Users\Sabrina\AppData\Local\Temp\setup.exe
2017-05-08 00:38 - 2017-05-08 00:38 - 26386488 _____ (EaseUS ) C:\Users\Sabrina\AppData\Local\Temp\StpC80D_TMP.EXE
2017-05-01 04:25 - 2008-10-01 15:40 - 0453720 _____ (Macrovision Corporation) C:\Users\Sabrina\AppData\Local\Temp\_is678C.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-15 08:03

==================== End of FRST.txt ============================

SabDad · Jul 20, 2017

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by Sabrina (20-07-2017 10:40:12)
Running from C:\Users\Sabrina\Downloads
Windows 8.1 Pro (Update) (X64) (2015-06-14 16:57:29)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3524799261-2934001270-7150906-500 - Administrator - Disabled)
Guest (S-1-5-21-3524799261-2934001270-7150906-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3524799261-2934001270-7150906-1011 - Limited - Enabled)
Sabrina (S-1-5-21-3524799261-2934001270-7150906-1003 - Administrator - Enabled) => C:\Users\Sabrina
SophosSAUWORKTOPaaa (S-1-5-21-3524799261-2934001270-7150906-1012 - Limited - Enabled)
WORK (S-1-5-21-3524799261-2934001270-7150906-1001 - Administrator - Enabled) => C:\Users\WORK

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Sophos Home (Disabled - Up to date) {FFADE7EA-DC92-4602-D6B2-626CD3450A0F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Home (Disabled - Up to date) {44CC060E-FAA8-498C-EC02-591EA8C240B2}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3524799261-2934001270-7150906-1003\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{68451E5C-0A9C-4D5C-8D06-6E296242E908}) (Version: 3.2.1 - Hewlett-Packard) Hidden
Acrylic Wi-Fi Free v2.3 (HKU\S-1-5-21-3524799261-2934001270-7150906-1003\...\{3706FB7A-11FB-44C4-AD94-2B29878D75DC}_is1) (Version: 2.3 - Tarlogic Security S.L.)
Acrylic Wi-Fi Professional v3.2 (HKU\S-1-5-21-3524799261-2934001270-7150906-1003\...\{FBD2EDDA-2B1B-49A2-9147-99CBCC5F10E5}_is1) (Version: 3.2 - Tarlogic Research S.L.)
Active@ Data Studio 10 (HKLM\...\{E59278D4-C877-449A-8183-E3C995270768}_is1) (Version: 10 - LSoft Technologies Inc)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Amcrest IP Config 3.20.10 (HKLM-x32\...\Amcrest IP Config) (Version: 3.20.10 - Amcrest Technologies LLC)
Amcrest Surveillance Pro 1.14.1 (HKLM-x32\...\Amcrest Surveillance Pro) (Version: 1.14.1 - Amcrest Technologies LLC)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.5.1 - Angry IP Scanner)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Belkin USB Wireless Adaptor (HKLM-x32\...\{6E016C56-820F-4B2D-A36F-34CCADF90C16}) (Version: 1.0.0.09 - Belkin) Hidden
Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{6E016C56-820F-4B2D-A36F-34CCADF90C16}) (Version: 1.0.0.09 - Belkin)
BlackBerry Desktop Software 5.0.1 (HKLM-x32\...\{436B8D8A-0D6F-410E-BA6D-2DB11F28D429}) (Version: 5.0.1.26 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 5.0.1 (HKLM-x32\...\BlackBerry_{436B8D8A-0D6F-410E-BA6D-2DB11F28D429}) (Version: 5.0.1.26 - Research In Motion Ltd.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bulk Extractor 1.5.1 (HKLM-x32\...\Bulk Extractor 1.5.1) (Version: 1.5.1 - NPS)
Burp Suite Free Edition 1.7.23 (HKLM\...\9806-1938-4586-6531) (Version: 1.7.23 - PortSwigger Web Security)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
CommView for WiFi (HKLM-x32\...\{CDED9EF0-D072-11DF-2EA6-0104A00B0BB3}) (Version: 7.1 - TamoSoft)
Compiled Driver Disk (Apple) 1.0 (HKLM\...\{3DCF00F5-04A5-4543-A088-70548081120D}_is1) (Version: 1.0.9.7 - COMPELSON Labs)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-3524799261-2934001270-7150906-1003\...\CopyTrans Suite) (Version: 4.013 - WindSolutions)
DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.7.0 - oldsch00l)
DisplayLink Core Software (HKLM\...\{DF3F0788-16F0-4894-9748-677409D69100}) (Version: 7.9.630.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{2B3CC359-0B1C-4C84-B914-0B3BE0907EC2}) (Version: 7.9.658.0 - DisplayLink Corp.)
dr.fone toolkit for iOS (Version 8.3.0) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 8.3.0.50 - Wondershare Technology Co.,Ltd.)
Elcomsoft Phone Password Breaker (HKLM-x32\...\{91E3CFF8-5A2F-4895-A6BE-6883A66C6CD8}) (Version: 3.00.106.2053 - Elcomsoft Co. Ltd.)
Electrum (HKU\S-1-5-21-3524799261-2934001270-7150906-1003\...\Electrum) (Version: 2.8.2 - Electrum Technologies GmbH)
Fastvue Syslog Server (HKLM\...\Fastvue Syslog Server_is1) (Version: 3.0 - Fastvue Inc.)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.4.5.8 - Telerik)
FoneLab 8.3.30 (HKLM-x32\...\{CA7ED0B0-3CD4-4254-A9D2-2D7F78C5E3C5}_is1) (Version: 8.3.30 - Aiseesoft Studio)
FonePaw iPhone Data Recovery 3.6.0 (HKLM-x32\...\{77B09C3A-839E-4ea7-81BA-E5864F6BF388}_is1) (Version: 3.6.0 - FonePaw)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.1.20 - The GnuPG Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Gpg4win (2.3.3) (HKLM-x32\...\GPG4Win) (Version: 2.3.3 - The Gpg4win Project)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.6.7.603 - SurfRight B.V.) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.0.1.001 - HTC Corporation)
HTC Sync (HKLM-x32\...\{B78CFC07-B623-4995-ADCC-B2B4D59D083A}) (Version: 3.3.21 - HTC Corporation)
iBackup Viewer 3.65.00 (HKLM-x32\...\{5B428966-3054-41E3-B0F8-008EE30BD019}_is1) (Version: - iMacTools)
iCare Data Recovery Free (HKLM-x32\...\{43D63B27-661F-428E-97B7-70D0604D28E8}_is1) (Version: 7.9.2 - iCareAll Inc.)
iCare Data Recovery Pro Free Edition (HKLM-x32\...\{F7EAB243-4D0C-47F5-A4F1-74D350E45489}_is1) (Version: 8.0.0 - iCareAll Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
join.me (HKU\S-1-5-21-3524799261-2934001270-7150906-1003\...\JoinMe) (Version: 3.2.1.5059 - LogMeIn, Inc.)
Jumpstart Installation Program (HKLM-x32\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version: - Atheros)
K-Lite Codec Pack 6.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.2.0 - )
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.0.4 - LG Electronics)
Maltego CE 4.0.11 (HKLM-x32\...\MaltegoCE 4.0.11) (Version: 4.0.11 - Paterva)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Lync Basic 2013 (HKLM\...\Office15.LYNCENTRY) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Minecraft (HKLM-x32\...\{171B3EB7-1B5D-4422-9460-8D95CF2508DB}) (Version: 1.11.2 - Mojang (By OfficialHawk)) Hidden
Minecraft (HKLM-x32\...\Minecraft 1.11.2) (Version: 1.11.2 - Mojang (By OfficialHawk))
MOBILedit Enterprise ver. 8.7.1.21217 (HKLM-x32\...\{E7FA1F7A-A5E7-4D44-9B34-654F23A94E78}_is1) (Version: 8.7.1.21217 - COMPELSON Labs)
MOBILedit Forensic 9.0.1.21994 (HKLM-x32\...\{3369649B-FE61-46A0-9268-D938B660EE5C}_is1) (Version: 9.0.1.21994 - COMPELSON Labs)
MOBILedit Forensic Express ver. 4.0.0.8613 (x86) (HKLM-x32\...\{F6682279-1366-4D31-BD0F-53687E43E51F}_is1) (Version: 4.0.0.8613 - COMPELSON Labs)
MOBILedit! Support Libraries (HKLM-x32\...\{9DF587A2-054C-46A2-9B1A-4A230F389E4B}) (Version: 12.0.0 - COMPELSON Labs)
Motorola Mobile Drivers Installation 4.9.0 (HKLM\...\{D7F7D7C0-6832-4687-B8EB-92555DA859A8}) (Version: 4.9.0 - Motorola Inc.)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MTP Porting Kit (HKLM-x32\...\{353B1E6D-7073-4450-8C80-699BD8FCFB49}) (Version: 12.0.0 - Microsoft Corp)
MultiHasher 2.8.2 (HKLM-x32\...\{6D8A77EC-1D83-4F07-9038-6913EFEACA1F}_is1) (Version: 2.8.2.0 - abelhadigital.com)
Network Stumbler 0.4.0 (remove only) (HKLM-x32\...\Network Stumbler) (Version: - )
Nmap 7.40 (HKLM-x32\...\Nmap) (Version: 7.40 - )
Nokia Connectivity Adapter Cable DKU-5 (HKLM-x32\...\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}) (Version: - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{D22AFEDF-6A5B-459D-A9EA-D16E422E4C18}) (Version: 7.1.34.0 - Nokia)
Npcap 0.92 (HKLM-x32\...\NpcapInst) (Version: 0.92 - Nmap Project)
ONVIF Device Manager v2.2.250 (HKLM-x32\...\{6AC771CF-4EAA-41B7-A398-61A33701E076}) (Version: 2.2.250 - Synesis)
OSForensics (HKLM\...\OSForensics_is1) (Version: - PassMark Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Oxygen Connectivity Driver Installer 16.12.04.06 (HKLM-x32\...\{0BD12A4D-8485-4B2F-BBED-51DDC5C2D769}_is1) (Version: 16.12.04.06 - Oxygen Software)
Oxygen Forensic Suite 2014 (HKLM-x32\...\{18E8893A-9749-47BC-B1F3-53796559B66E}_is1) (Version: 6.3.0 - Oxygen Software)
Passware Kit Forensic 2017 v1 (64-bit) (HKLM\...\{90882615-A9EB-4E25-A66D-9F3CC9A7B1A6}) (Version: 2017.1.1.14340 - Passware)
Phone Drivers Downloader 1.1 (HKLM\...\{BDDB58A5-F98E-4D3C-B554-4A4D31C6D405}_is1) (Version: 1.1.0.0 - COMPELSON Labs)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.4.17 - Prolific Technology INC)
Plist Pad - Plist Pad - A friendly, cross-platform propertly list (Plist) file editor. (HKLM-x32\...\Plist Pad Plist Pad) (Version: "0.1.0" - "Plist Pad")
PuTTY release 0.69 (64-bit) (HKLM\...\{5FE84905-DAF1-4319-82B2-D60BCA095BCE}) (Version: 0.69.0.0 - Simon Tatham)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0267 - REALTEK Semiconductor Corp.)
RogueKiller version 12.11.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.7.0 - Adlice Software)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15013.18 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15013.18 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
SearchDiggity (HKLM-x32\...\{32593C5B-EEAD-49F1-8968-211C5C311072}) (Version: 3.1.0 - Bishop Fox)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-012D-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{CA524364-D9C5-4804-92DE-2800BDAC1AA4}) (Version: 10.7.3.120 - Sophos Limited) Hidden
Sophos AutoUpdate (HKLM-x32\...\{AFBCA1B9-496C-4AE6-98AE-3EA1CFF65C54}) (Version: 5.6.484 - Sophos Limited) Hidden
Sophos Diagnostic Utility (HKLM-x32\...\{4627F5A1-E85A-4394-9DB3-875DF83AF6C2}) (Version: 1.15.0.7 - Sophos Limited) Hidden
Sophos Exploit Prevention (HKLM\...\{866151B2-E14E-40E0-B6D9-64B1D428F5CB}) (Version: 1.0.7.11 - Sophos Limited) Hidden
Sophos Home (HKLM\...\Sophos Endpoint Agent) (Version: 1.2.2 Beta - Sophos Ltd)
Sophos Home (HKLM-x32\...\{2CC3743E-B100-4373-B05D-AD7B4717CB2C}) (Version: 2.1.1 - Sophos Limited) Hidden
Sophos Home Clean (HKLM\...\Sophos Home Clean) (Version: 3.7.21.27 - Sophos Limited) Hidden
Sophos Management Communications System (HKLM-x32\...\{2C14E1A2-C4EB-466E-8374-81286D723D3A}) (Version: 4.3.2.1 - Sophos Limited) Hidden
Sophos Network Threat Protection (HKLM\...\{66967E5F-43E8-4402-87A4-04685EE5C2CB}) (Version: 1.3.2.40 - Sophos Limited) Hidden
Sophos System Protection (HKLM\...\{934BEF80-B9D1-4A86-8B42-D8A6716A8D27}) (Version: 2.6.0.71 - Sophos Limited) Hidden
SurveillanceHelper (HKLM-x32\...\{A7C70F90-6FA0-4FC4-B44F-624D93AC2B01}) (Version: 1.0.0.5 - Synology)
SurveillancePlugin (HKLM-x32\...\{8ABD4847-6FA3-4350-ADB1-E077A5677C94}) (Version: 1.0.0.1217 - Synology)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TreeSize Free V4.0.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.0.3 - JAM Software)
UCreate Music Mixer 1.0 (HKLM-x32\...\UCreate Music) (Version: 1.0.1.6 - Radica)
Update for Skype for Business 2015 (KB3213574) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{8C2A4D8F-3020-403E-94D4-E8EC03F9E723}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3213574) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.LYNCENTRY_{8C2A4D8F-3020-403E-94D4-E8EC03F9E723}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3213574) 64-Bit Edition (HKLM\...\{90150000-012D-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{8C2A4D8F-3020-403E-94D4-E8EC03F9E723}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Player (HKLM\...\{E5DF3245-80CF-48E8-AE2F-22D4D2DDD805}) (Version: 12.5.7 - VMware, Inc.)
webplugin.exe version 3.0.0.1 (HKLM-x32\...\{E790ABDC-FE4D-4C68-B40F-C93A3D33FA9E}_is1) (Version: 3.0.0.1 - )
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinSCP 5.9.5 (HKLM-x32\...\winscp3_is1) (Version: 5.9.5 - Martin Prikryl)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare MobileTrans ( Version 7.8.1 ) (HKLM-x32\...\{18CDCEAA-A9E4-4A4C-AC0E-C15E87C30EA5}_is1) (Version: 7.8.1 - Wondershare)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3524799261-2934001270-7150906-1003_Classes\CLSID\{7bb28970-b8b8-23a5-e872-5580d38ff23e4}\InprocServer32 -> 0xB033BE2ED7D5D2019F5A2F2E7CE5D201030000004A00000000000000 => No File
ContextMenuHandlers01: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2016-08-18] (g10 Code GmbH)
ContextMenuHandlers01: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2017-06-27] (Sophos Limited)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers02: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2017-06-27] (Sophos Limited)
ContextMenuHandlers02: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => -> No File
ContextMenuHandlers02: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2017-06-19] (VMware, Inc.)
ContextMenuHandlers04: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2016-08-18] (g10 Code GmbH)
ContextMenuHandlers04: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2017-06-27] (Sophos Limited)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-11-04] (Intel Corporation)
ContextMenuHandlers06: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2017-06-27] (Sophos Limited)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08C28239-C39A-4153-AAFD-CC877706A231} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {4FF89B39-7779-476F-82C6-38CF5EB47353} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {52688499-DB34-41A8-A2F1-8368A3FE4BBF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-26] (Google Inc.)
Task: {6C2B2737-3B71-4F66-A7A5-C2FA991481AD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {6DD38C14-6734-41E5-AD6E-0A5972F3C38A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {B86C0ADA-6973-49DA-97E6-76BDE9E7D75D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-26] (Google Inc.)
Task: {BF04758C-92EB-4C27-BECF-DC5C4DE3E222} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-12-12] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Sabrina\Desktop\First user - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Sabrina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\sabrinarachal@gmail.com - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"

==================== Loaded Modules (Whitelisted) ==============

2017-03-16 16:08 - 2017-03-16 16:08 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-08-18 04:27 - 2016-08-18 04:27 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2015-10-16 09:41 - 2015-10-16 09:41 - 01613032 _____ () C:\Program Files\DisplayLink Core Software\AddOnApi64.dll
2013-11-04 22:22 - 2013-11-04 22:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-06-28 19:09 - 2017-06-22 23:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-28 19:09 - 2017-06-22 23:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2016-08-18 04:14 - 2016-08-18 04:14 - 00222720 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2016-08-18 04:03 - 2016-08-18 04:03 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2016-08-18 04:14 - 2016-08-18 04:14 - 00073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2016-08-18 04:17 - 2016-08-18 04:17 - 00751104 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2016-08-18 04:09 - 2016-08-18 04:09 - 00103424 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3524799261-2934001270-7150906-1003\...\//192.168.1.100/ -> //192.168.1.100/

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2017-07-20 08:56 - 00000830 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3524799261-2934001270-7150906-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.10.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "TBI Notify.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "jswtrayutil"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "Sophos AutoUpdate Monitor"
HKLM\...\StartupApproved\Run32: => "FoneLabAppService"
HKLM\...\StartupApproved\Run32: => "FonePaw iPhone Data RecoveryAppService"
HKLM\...\StartupApproved\Run32: => "HTC Sync Loader"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Smart-PSS"
HKU\S-1-5-21-3524799261-2934001270-7150906-1003\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-3524799261-2934001270-7150906-1003\...\StartupApproved\Run: => "UCreate Music Mixer"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{3D79279E-3023-43E1-AC12-E19D53CAB1C5}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{D838BFBD-2980-4856-9B1D-3A3F48604412}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Description: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTWlanE
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Qualcomm Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.30)
Description: Qualcomm Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.30)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2017 10:20:24 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/20/2017 10:20:24 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkQuarantineRetry

Error: (07/20/2017 10:05:25 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/20/2017 10:04:20 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/20/2017 10:04:13 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/20/2017 10:03:14 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/20/2017 10:03:07 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/20/2017 10:02:29 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\iMacTools\iBackup Viewer\iBackup Viewer.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (07/20/2017 10:02:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\iMacTools\iBackup Viewer\iBackup Viewer.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (07/20/2017 10:02:08 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

System errors:
=============
Error: (07/20/2017 10:01:15 AM) (Source: DCOM) (EventID: 10010) (User: worktop)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (07/20/2017 10:00:44 AM) (Source: DCOM) (EventID: 10010) (User: worktop)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (07/20/2017 09:26:42 AM) (Source: DCOM) (EventID: 10010) (User: worktop)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (07/20/2017 09:26:12 AM) (Source: DCOM) (EventID: 10010) (User: worktop)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (07/20/2017 09:01:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Realtek DHCP Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/20/2017 09:01:03 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (07/20/2017 09:01:03 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (07/20/2017 09:00:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RunSwUSB service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/20/2017 09:00:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RealtekWlanU service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/20/2017 09:00:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Fastvue Syslog Server service failed to start due to the following error:
The system cannot find the file specified.

CodeIntegrity:
===================================
Date: 2017-04-25 12:31:06.460
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-14 10:22:59.473
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-09 03:40:05.433
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-31 12:05:24.295
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-06 09:19:01.930
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-15 06:51:10.812
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-15 06:51:10.494
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-19 12:02:38.363
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-12 14:33:06.499
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-12 14:32:04.549
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 45%
Total physical RAM: 6028.2 MB
Available physical RAM: 3294.07 MB
Total Virtual: 6988.2 MB
Available Virtual: 4047.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.25 GB) (Free:74.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 46165F27)

Partition: GPT.

==================== End of Addition.txt ============================

Broni · Jul 20, 2017

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Inactive Malware/Virus Problem..

SabDad

SabDad

SabDad

Broni

Posts: 56,041 +516

Similar threads

Latest posts