Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

removing virus please.


  • Please log in to reply
4 replies to this topic

#1 bulex

bulex

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 09 October 2013 - 05:32 AM

here are the logs

 


Found ! C:\Users\RichardS\AppData\Roaming\kpcgrhynko..vbs
Found ! E:\kpcgrhynko..vbs
Found ! F:\kpcgrhynko..vbs
Found ! G:\kpcgrhynko..vbs
Found ! C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kpcgrhynko..vbs
Found ! E:\CK.lnk
Found ! E:\clark and kelly logo.lnk
Found ! E:\new.lnk
Found ! E:\dava excel pricelist updated.lnk
Found ! E:\~$dava excel pricelist.lnk
Found ! E:\RECYCLER.lnk
Found ! E:\dava excel pricelist updated na talaga.lnk
Found ! E:\dava excel pricelist.lnk
Found ! E:\~$dava excel pricelist updated.lnk
Found ! E:\VVS-H.T.lnk
Found ! E:\dava folder.lnk
Found ! E:\LS brochure.lnk
Found ! E:\ph dava home textile hotel.lnk
Found ! E:\ph dava home textile pillow comforter.lnk
Found ! E:\Sample 2.lnk
Found ! E:\dava home textile hotel grand opera.lnk
Found ! E:\Pricelist.lnk
Found ! E:\Original logo.lnk
Found ! E:\Sample 1.lnk
Found ! E:\CHESTER SY H-T.lnk
Found ! E:\dava home textile hotel.lnk
Found ! E:\dava home textile pillow comforter.lnk
Found ! F:\ERD.lnk
Found ! F:\pos.lnk
Found ! F:\receipt.lnk
Found ! F:\asa asa.lnk
Found ! F:\Image0553.lnk
Found ! F:\tope resume.lnk
Found ! F:\Image0551.lnk
Found ! F:\Image0552.lnk
Found ! F:\60s with Dava Logo.lnk
Found ! F:\Dave Pricelist Updated.lnk
Found ! F:\Dava accessories.lnk
Found ! F:\DATABASE NORMALIZATION.lnk
Found ! F:\KRMD_Pharmacy.lnk
Found ! F:\KULANG.lnk
Found ! F:\SAI_FINAL.lnk
Found ! F:\Disposable supplies2.jpg.lnk
Found ! F:\Solicitation.lnk
Found ! F:\DBMS_Pharmacy.lnk
Found ! F:\SalesAndInventorySystem.lnk
Found ! G:\1370462_10151889258029707_2005255125_n.lnk
Found ! G:\1370482_10151889258079707_1797454275_n.lnk
Found ! E:\Recycler\desktop.ini
Found ! E:\Recycler\R-1-5-21-1482476501-1644491937-682003330-1013
 
################## | Registry |
 
Found ! HKU\S-1-5-21-2618486259-1879759754-354466961-1000\Software\Microsoft\Windows\CurrentVersion\Run|kpcgrhynko
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|kpcgrhynko
Found ! HKU\S-1-5-21-2618486259-1879759754-354466961-1000\Software\Microsoft\Windows\CurrentVersion\Run|kpcgrhynko
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|kpcgrhynko
Found ! HKU\S-1-5-21-2618486259-1879759754-354466961-1000\Software\Microsoft\Windows\CurrentVersion\Run|kpcgrhynko
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|kpcgrhynko
Found ! HKU\S-1-5-21-2618486259-1879759754-354466961-1000\Software\Microsoft\Windows\CurrentVersion\Run|kpcgrhynko
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|kpcgrhynko
Found ! HKU\S-1-5-21-2618486259-1879759754-354466961-1000\Software\Microsoft\Windows\CurrentVersion\Run|kpcgrhynko
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|kpcgrhynko
HKCU\.\.\.\.\Explorer\MountPoints2\{4f8d6960-530d-11e2-bb1c-30f9edeed481}
Shell\AutoRun\Command = E:\AutoRun.exe
 
HKCU\.\.\.\.\Explorer\MountPoints2\{4f8d6966-530d-11e2-bb1c-30f9edeed481}
Shell\AutoRun\Command = E:\AutoRun.exe
 
 
 
################## | Vaccin |
 
(!) This computer is not vaccinated!
 
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
 
 
 
############################## | UsbFix V 7.144 | [Listing]
 
User: RichardS (Administrator) # GEL
Updated 08/10/2013 by El Desaparecido - Team SosVirus
Started at 18:28:10 | 09/10/2013
 
 
PC: Sony Corporation (VAIO)
CPU: Intel® Core™ i5-3210M CPU @ 2.50GHz
RAM -> [Total : 6041 | Free : 2976]
Bios: American Megatrends Inc.
Boot: Normal boot
 
OS: Microsoft Windows 7 Home Premium  (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686
 
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]
 
C:\ (%systemdrive%) -> Fixed drive # 698 Gb (107 Mb free - 15%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 15 Gb (15 Mb free - 99%) [Transcend] # FAT32
F:\ -> Removable drive # 2 Gb (2 Mb free - 99%) [TRANSCEND] # FAT32
G:\ -> Removable drive # 7 Gb (7 Mb free - 99%) [USB DISK] # NTFS
 
################## | Listing |
 
[03/02/2013 - 21:35:25 | SHD ] C:\$Recycle.Bin
[18/07/2013 - 08:32:47 | D ] C:\android-sdk
[09/10/2013 - 17:30:53 | D ] C:\Config.Msi
[03/07/2012 - 21:48:34 | D ] C:\Documentation
[14/07/2009 - 13:08:56 | SHD ] C:\Documents and Settings
[16/08/2013 - 19:14:49 | D ] C:\e7a3d25caba32d5c0c189fd172decbda
[09/08/2013 - 15:05:26 | D ] C:\eclipse
[09/10/2013 - 18:05:43 | D ] C:\FRST
[09/10/2013 - 18:10:49 | ASH | 4750610432] C:\hiberfil.sys
[03/07/2012 - 20:47:00 | D ] C:\Intel
[20/02/2013 - 14:28:59 | D ] C:\KC_Project
[11/08/2013 - 18:36:02 | D ] C:\logs
[11/10/2012 - 05:16:24 | RHD ] C:\MSOCache
[09/10/2013 - 18:10:50 | ASH | 6334148608] C:\pagefile.sys
[14/07/2009 - 11:20:08 | D ] C:\PerfLogs
[17/09/2013 - 21:40:06 | RD ] C:\Program Files
[08/10/2013 - 17:58:08 | RD ] C:\Program Files (x86)
[07/10/2013 - 18:02:19 | HD ] C:\ProgramData
[17/09/2013 - 21:44:38 | D ] C:\SAVE
[09/10/2013 - 17:30:34 | SHD ] C:\System Volume Information
[11/03/2013 - 06:55:19 | D ] C:\temp
[09/10/2013 - 18:28:11 | D ] C:\UsbFix
[09/10/2013 - 18:28:11 | A | 2211] C:\UsbFix [Listing 1 ] GEL.txt
[09/10/2013 - 18:23:39 | A | 3161] C:\UsbFix [Scan 3] GEL.txt
[20/12/2012 - 15:53:25 | RD ] C:\Users
[03/07/2012 - 22:24:09 | D ] C:\VAIO Sample Contents
[09/10/2013 - 18:06:49 | D ] C:\Windows
[12/02/2013 - 06:01:55 | D ] C:\xampp
[15/08/2012 - 16:45:32 | SH | 651112] E:\clark and kelly logo.jpg
[17/09/2012 - 19:12:42 | SH | 868406] E:\CK.jpg
[25/11/2012 - 13:18:48 | SHD ] E:\VVS-H.T
[17/09/2012 - 22:40:16 | SH | 71803] E:\dava excel pricelist updated.xlsx
[19/09/2012 - 10:31:40 | SHD ] E:\dava folder
[19/09/2012 - 10:34:22 | SHD ] E:\ph dava home textile hotel
[19/09/2012 - 10:38:58 | SHD ] E:\ph dava home textile pillow comforter
[22/09/2012 - 20:18:26 | SH | 152576] E:\dava excel pricelist updated na talaga.xls
[14/10/2012 - 10:09:14 | SHD ] E:\LS brochure
[13/10/2012 - 10:50:36 | SHD ] E:\?????.jpg
[22/09/2012 - 20:20:36 | SHD ] E:\Sample 2
[12/10/2012 - 18:35:22 | SHD ] E:\dava home textile hotel grand opera
[14/10/2012 - 10:09:20 | SHD ] E:\Pricelist
[05/11/2012 - 16:21:38 | SH | 46597] E:\??.jpg
[22/09/2012 - 20:19:20 | SHD ] E:\Original logo
[22/09/2012 - 20:19:56 | SHD ] E:\Sample 1
[25/11/2012 - 13:19:22 | SHD ] E:\CHESTER SY H-T
[12/09/2012 - 14:39:22 | SH | 64512] E:\?????1.xls
[09/03/2013 - 17:55:04 | SH | 342928] E:\new.JPG
[09/10/2013 - 18:27:48 | A | 728] E:\CK.lnk
[27/05/2011 - 16:24:08 | SH | 252062] E:\DAVA LOGO?????.png
[12/02/2013 - 17:02:14 | SH | 362982] E:\???? richard tan DAVA HOMETEXTILE ready to print.docx
[24/09/2013 - 18:11:50 | SHD ] E:\168????
[27/05/2011 - 16:24:08 | SH | 252062] E:\?????.png
[12/09/2012 - 14:01:02 | SHD ] E:\dava home textile hotel
[04/10/2013 - 16:52:40 | SH | 19968] E:\????168 MALL ???.doc
[09/09/2012 - 16:39:40 | SHD ] E:\dava home textile pillow comforter
[12/09/2012 - 16:20:42 | SHD ] E:\?? ???
[25/03/2011 - 15:49:54 | SH | 306013] E:\?????.PNG
[20/03/2011 - 23:33:34 | SH | 5334841] E:\?????.JPG
[17/08/2013 - 23:16:34 | SH | 167773] E:\kpcgrhynko..vbs
[09/10/2013 - 18:27:48 | A | 776] E:\clark and kelly logo.lnk
[09/10/2013 - 18:27:48 | A | 730] E:\new.lnk
[15/08/2012 - 13:18:48 | SHD ] E:\RECYCLER
[09/10/2013 - 18:27:48 | A | 1656] E:\dava excel pricelist updated.lnk
[09/10/2013 - 18:27:50 | A | 1640] E:\~$dava excel pricelist.lnk
[09/10/2013 - 18:27:50 | A | 748] E:\RECYCLER.lnk
[15/08/2012 - 13:19:58 | SH | 165] E:\~$dava excel pricelist.xlsx
[15/09/2012 - 13:51:18 | SH | 70204] E:\dava excel pricelist.xlsx
[09/10/2013 - 18:27:48 | A | 1682] E:\dava excel pricelist updated na talaga.lnk
[09/10/2013 - 18:27:50 | A | 1636] E:\dava excel pricelist.lnk
[09/10/2013 - 18:27:50 | A | 1660] E:\~$dava excel pricelist updated.lnk
[09/10/2013 - 18:27:50 | A | 746] E:\VVS-H.T.lnk
[09/10/2013 - 18:27:50 | A | 758] E:\dava folder.lnk
[09/10/2013 - 18:27:50 | A | 758] E:\LS brochure.lnk
[15/08/2012 - 15:30:38 | SH | 165] E:\~$dava excel pricelist updated.xlsx
[09/10/2013 - 18:27:50 | A | 800] E:\ph dava home textile hotel.lnk
[09/10/2013 - 18:27:50 | A | 826] E:\ph dava home textile pillow comforter.lnk
[09/10/2013 - 18:27:50 | A | 752] E:\Sample 2.lnk
[09/10/2013 - 18:27:50 | A | 822] E:\dava home textile hotel grand opera.lnk
[09/10/2013 - 18:27:50 | A | 750] E:\Pricelist.lnk
[09/10/2013 - 18:27:50 | A | 762] E:\Original logo.lnk
[09/10/2013 - 18:27:50 | A | 752] E:\Sample 1.lnk
[09/10/2013 - 18:27:50 | A | 768] E:\CHESTER SY H-T.lnk
[09/10/2013 - 18:27:50 | A | 790] E:\dava home textile hotel.lnk
[09/10/2013 - 18:27:50 | A | 816] E:\dava home textile pillow comforter.lnk
[25/03/2013 - 12:50:50 | SHD ] F:\SAI_FINAL
[25/03/2013 - 14:57:32 | SH | 135986] F:\ERD.jpg
[25/03/2013 - 15:46:32 | SH | 145752] F:\pos.png
[25/03/2013 - 15:49:24 | SH | 153160] F:\receipt.png
[09/10/2013 - 18:27:52 | A | 730] F:\ERD.lnk
[25/03/2013 - 16:23:04 | SH | 1061452] F:\asa asa.docx
[04/08/2013 - 10:10:12 | SH | 235008] F:\tope resume.doc
[08/09/2013 - 15:55:08 | SH | 120512] F:\Image0553.jpg
[08/09/2013 - 15:55:44 | SH | 240893] F:\Image0551.jpg
[08/09/2013 - 15:55:28 | SH | 250525] F:\Image0552.jpg
[26/09/2013 - 21:05:30 | SH | 17735] F:\60s with Dava Logo.docx
[09/10/2013 - 18:27:52 | A | 682] F:\pos.lnk
[01/10/2013 - 23:26:12 | SH | 23791] F:\Dave Pricelist Updated.docx
[01/10/2013 - 23:26:26 | SH | 15972] F:\Dava accessories.docx
[06/10/2013 - 18:28:14 | SHD ] F:\?????
[06/10/2013 - 18:28:54 | SHD ] F:\Disposable supplies2.jpg
[17/08/2013 - 23:16:34 | SH | 167773] F:\kpcgrhynko..vbs
[09/10/2013 - 18:27:52 | A | 698] F:\receipt.lnk
[09/10/2013 - 18:27:52 | A | 1608] F:\asa asa.lnk
[09/10/2013 - 18:27:52 | A | 742] F:\Image0553.lnk
[19/03/2013 - 14:55:36 | SHD ] F:\Solicitation
[09/10/2013 - 18:27:52 | A | 1614] F:\tope resume.lnk
[09/10/2013 - 18:27:52 | A | 742] F:\Image0551.lnk
[09/10/2013 - 18:27:52 | A | 742] F:\Image0552.lnk
[09/10/2013 - 18:27:52 | A | 1638] F:\60s with Dava Logo.lnk
[09/10/2013 - 18:27:52 | A | 1642] F:\Dave Pricelist Updated.lnk
[21/03/2013 - 12:05:20 | SHD ] F:\DBMS_Pharmacy
[09/10/2013 - 18:27:52 | A | 1626] F:\Dava accessories.lnk
[09/10/2013 - 18:27:52 | A | 1638] F:\DATABASE NORMALIZATION.lnk
[09/10/2013 - 18:27:52 | A | 1618] F:\KRMD_Pharmacy.lnk
[09/10/2013 - 18:27:54 | A | 736] F:\KULANG.lnk
[09/10/2013 - 18:27:54 | A | 750] F:\SAI_FINAL.lnk
[09/10/2013 - 18:27:54 | A | 784] F:\Disposable supplies2.jpg.lnk
[09/10/2013 - 18:27:54 | A | 756] F:\Solicitation.lnk
[09/10/2013 - 18:27:54 | A | 758] F:\DBMS_Pharmacy.lnk
[09/10/2013 - 18:27:54 | A | 778] F:\SalesAndInventorySystem.lnk
[24/03/2013 - 06:59:36 | SH | 76487] F:\DATABASE NORMALIZATION.docx
[25/03/2013 - 12:38:02 | SHD ] F:\SalesAndInventorySystem
[24/03/2013 - 18:22:44 | SH | 3469312] F:\KRMD_Pharmacy.accdb
[24/03/2013 - 15:11:24 | SH | 421] F:\KULANG.txt
[06/10/2013 - 09:02:06 | SH | 132461] G:\1370462_10151889258029707_2005255125_n.jpg
[09/10/2013 - 18:27:52 | A | 800] G:\1370462_10151889258029707_2005255125_n.lnk
[06/10/2013 - 09:02:20 | SH | 143263] G:\1370482_10151889258079707_1797454275_n.jpg
[09/10/2013 - 18:27:52 | A | 800] G:\1370482_10151889258079707_1797454275_n.lnk
[17/08/2013 - 23:16:34 | SH | 167773] G:\kpcgrhynko..vbs
 
################## | E.O.F |
 

Attached Files



BC AdBot (Login to Remove)

 


#2 bulex

bulex
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 09 October 2013 - 05:34 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by RichardS (administrator) on GEL on 09-10-2013 18:33:23
Running from C:\Users\RichardS\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Windows\SysWOW64\SupportAppXL\cdrom_mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Sony Corporation) c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
() C:\Program Files\Sony\VAIO Care\esrv\esrv.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Rozky) C:\Program Files (x86)\Remote PC Server 1.0.4\Remote PC Server.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-27] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2870032 2012-02-24] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Runonce: [] -  [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [kpcgrhynko] - C:\Users\RichardS\AppData\Roaming\kpcgrhynko..vbs [167773 2013-08-17] ()
MountPoints2: {4f8d6960-530d-11e2-bb1c-30f9edeed481} - E:\AutoRun.exe
MountPoints2: {4f8d6966-530d-11e2-bb1c-30f9edeed481} - E:\AutoRun.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-23] (Intel Corporation)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ContentTransferWMDetector.exe] - C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kpcgrhynko..vbs ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.search.us.com/v/2/?guid={9320909B-7EA0-45AB-813B-69F9DFA83306}&serpv=5
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.sony.ca
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.sony.ca
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {559BACC0-783D-4054-852E-85C8F8FA5060} URL = http://search.us.com/serp?guid={5B4DD82A-1A80-4357-9DEA-E852E6B0ABBB}&action=default_search&serpv=5&k={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10513
SearchScopes: HKCU - {F92404BC-893D-4D49-A276-0DCCCAD2CC09} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10511
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU -  No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7720B186-DB72-41C2-8BFA-0409BDFE7D89}: [NameServer]202.138.128.50 202.138.128.54
 
FireFox:
========
FF ProfilePath: C:\Users\RichardS\AppData\Roaming\Mozilla\Firefox\Profiles\wt0rsjfd.default
FF user.js: detected! => C:\Users\RichardS\AppData\Roaming\Mozilla\Firefox\Profiles\wt0rsjfd.default\user.js
FF NewTab: file:///C:\\Users\\RichardS\\AppData\\Local\\TNT2\\Common\\pinnedSearch.htm
FF DefaultSearchEngine: Search.us
FF Homepage: hxxp://start.search.us.com/v/2/?guid={9320909B-7EA0-45AB-813B-69F9DFA83306}&serpv=5
FF Keyword.URL: hxxp://search.us.com/serp?guid={5B4DD82A-1A80-4357-9DEA-E852E6B0ABBB}&action=default_search&serpv=5&k=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\RichardS\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\RichardS\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\RichardS\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\RichardS\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\RichardS\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\RichardS\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
 
Chrome: 
=======
CHR HomePage: hxxp://sony.msn.com/
CHR Extension: (Google Drive) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.12.0.13601_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
 
==================== Services (Whitelisted) =================
 
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Autorun CDROM Monitor; C:\Windows\SysWow64\SupportAppXL\cdrom_mon.exe [81920 2009-10-11] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-23] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-23] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-23] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [210784 2011-04-24] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [61916000 2011-04-24] (Microsoft Corporation)
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe [54568288 2010-04-03] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-22] (Sony Corporation)
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2175328 2011-04-24] (Microsoft Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-12-01] (Sony Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [428384 2011-04-24] (Microsoft Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-24] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-23] ()
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-30] (Sony Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
R3 MSSQLFDLauncher; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.MSSQLSERVER [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-27] (ArcSoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 rimssne; C:\Windows\System32\DRIVERS\rimssne64.sys [102912 2012-02-24] (REDC)
R2 risdsnxc; C:\Windows\System32\DRIVERS\risdsnxc64.sys [104448 2012-02-23] (REDC)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2012-11-07] ()
S3 VSPerfDrv100; C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 VSPerfDrv100; C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-09 18:28 - 2013-10-09 18:28 - 00008584 _____ C:\UsbFix [Listing 1 ] GEL.txt
2013-10-09 18:22 - 2013-10-09 18:23 - 00003161 _____ C:\UsbFix [Scan 3] GEL.txt
2013-10-09 18:06 - 2013-10-09 18:07 - 00039125 _____ C:\Users\RichardS\Downloads\Addition.txt
2013-10-09 18:05 - 2013-10-09 18:05 - 00000000 ____D C:\FRST
2013-10-09 18:00 - 2013-10-09 18:23 - 00002110 _____ C:\Users\RichardS\Desktop\SosVirus On Facebook.lnk
2013-10-09 18:00 - 2013-10-09 18:23 - 00002102 _____ C:\Users\RichardS\Desktop\UsbFix Faire un Don.lnk
2013-10-09 18:00 - 2013-10-09 18:23 - 00002086 _____ C:\Users\RichardS\Desktop\SosVirus Forum.lnk
2013-10-09 17:49 - 2013-10-09 18:28 - 00000000 ____D C:\UsbFix
2013-10-09 17:48 - 2013-10-09 17:49 - 01540681 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\RichardS\Downloads\UsbFix (1).exe
2013-10-08 18:31 - 2013-10-08 18:32 - 01954124 _____ (Farbar) C:\Users\RichardS\Downloads\FRST64.exe
2013-10-08 18:16 - 2013-10-08 18:16 - 00657408 _____ C:\Users\RichardS\Downloads\MicrosoftFixit50475.msi
2013-10-08 18:16 - 2013-10-08 18:16 - 00655360 _____ C:\Users\RichardS\Downloads\MicrosoftFixit50471.msi
2013-10-08 17:58 - 2013-10-08 17:58 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-08 17:58 - 2013-10-08 17:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-08 17:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-08 17:48 - 2013-10-08 17:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\RichardS\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-10-07 22:37 - 2011-01-01 00:13 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\iolo
2013-10-07 18:03 - 2013-10-08 23:31 - 01881576 _____ C:\Users\RichardS\AppData\Roaming\ICARE.LOG
2013-10-07 18:02 - 2013-10-07 18:02 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Malwarebytes
2013-10-07 18:02 - 2013-10-07 18:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-07 18:01 - 2010-05-13 14:53 - 00047104 _____ (Inside Core) C:\Users\RichardS\Desktop\AutoRunExterminator.exe
2013-10-07 17:57 - 2013-10-07 17:57 - 00017028 _____ C:\Users\RichardS\Downloads\AutoRunExterminator-1.8.zip
2013-10-07 04:26 - 2013-08-17 23:16 - 00167773 ___SH C:\Users\RichardS\AppData\Roaming\kpcgrhynko..vbs
2013-10-06 23:09 - 2013-10-09 18:10 - 00000896 _____ C:\Windows\setupact.log
2013-10-06 23:09 - 2013-10-06 23:09 - 00000000 _____ C:\Windows\setuperr.log
2013-10-06 18:48 - 2013-10-06 18:48 - 00000000 ____D C:\Users\RichardS\Documents\New folder
2013-10-06 18:08 - 2013-10-06 19:21 - 589458084 _____ C:\Users\RichardS\Downloads\Insidious_Chapter_2_2013_CAM_X264-PLAYNOW.flv.mp4
2013-10-04 18:20 - 2013-10-04 18:20 - 00003126 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC
2013-10-04 18:19 - 2013-10-04 18:20 - 00000023 _____ C:\Windows\Model.txt
2013-10-04 18:04 - 2013-10-04 18:04 - 00000000 ____D C:\ProgramData\Oracle
2013-10-04 18:03 - 2013-10-04 05:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-04 18:03 - 2013-10-04 05:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-04 18:03 - 2013-10-04 05:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-04 18:03 - 2013-10-04 05:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-29 07:37 - 2013-09-29 07:37 - 00000000 ____D C:\Users\RichardS\Documents\VideoPad Projects
2013-09-29 07:29 - 2013-10-07 17:59 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-09-29 07:29 - 2013-09-29 07:29 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\NCH Software
2013-09-29 07:29 - 2013-09-29 07:29 - 00000000 ____D C:\ProgramData\NCH Software
2013-09-17 21:44 - 2013-09-17 21:44 - 00000000 ____D C:\SAVE
2013-09-17 21:43 - 2013-09-17 21:47 - 00001904 _____ C:\Users\RichardS\Desktop\Counter-Strike.lnk
2013-09-17 21:41 - 2013-09-17 21:41 - 00001774 _____ C:\Users\SALVE\Desktop\Half-Life.lnk
2013-09-17 21:41 - 2013-09-17 21:41 - 00000103 _____ C:\Windows\sierra.ini
2013-09-17 21:41 - 2013-09-17 21:41 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sierra
2013-09-17 21:41 - 2001-07-31 10:55 - 00217088 _____ C:\Windows\SysWOW64\libmySQL.dll
2013-09-17 21:40 - 2013-09-17 21:40 - 00000000 ____D C:\Program Files\Sierra
2013-09-17 21:37 - 2013-09-17 21:37 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\PowerISO
2013-09-17 21:36 - 2013-09-17 21:36 - 00000000 ____D C:\Users\Public\Documents\Adobe
2013-09-17 21:33 - 2013-09-17 21:33 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\POD-Bot 2.5
2013-09-17 21:33 - 1999-12-17 09:13 - 00086016 _____ (MindVision Software) C:\Windows\unvise32.exe
2013-09-17 21:32 - 2013-09-17 21:43 - 00001870 _____ C:\Users\SALVE\Desktop\Counter-Strike.lnk
2013-09-17 21:32 - 2013-09-17 21:43 - 00001159 _____ C:\Users\SALVE\Desktop\Counter-Strike Manual.lnk
2013-09-14 09:08 - 2013-09-14 09:08 - 00002067 _____ C:\Users\Public\Desktop\Remote PC Server.lnk
2013-09-14 09:08 - 2013-09-14 09:08 - 00000000 ____D C:\Program Files (x86)\Remote PC Server 1.0.4
2013-09-13 18:38 - 2013-08-10 13:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 18:38 - 2013-08-10 13:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 18:38 - 2013-08-10 13:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 18:38 - 2013-08-10 13:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 18:38 - 2013-08-10 13:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 18:38 - 2013-08-10 13:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 18:38 - 2013-08-10 11:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 18:38 - 2013-08-10 11:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-13 18:38 - 2013-08-10 11:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 18:38 - 2013-08-10 11:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 18:38 - 2013-08-10 10:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-13 18:38 - 2013-08-10 10:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-13 17:01 - 2013-09-13 17:01 - 00002296 _____ C:\Users\SALVE\Desktop\AutoWarkey.lnk
2013-09-13 17:01 - 2013-09-13 17:01 - 00002218 _____ C:\Users\SALVE\Desktop\Warkeys.lnk
2013-09-13 17:01 - 2013-09-13 17:01 - 00000991 _____ C:\Users\SALVE\Desktop\Warkeys Help.lnk
2013-09-13 16:32 - 2013-08-08 09:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 16:32 - 2013-08-05 10:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-13 16:32 - 2013-08-02 10:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-13 16:32 - 2013-08-02 10:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-13 16:32 - 2013-08-02 10:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-13 16:32 - 2013-08-02 10:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-13 16:32 - 2013-08-02 10:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-13 16:32 - 2013-08-02 10:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 16:32 - 2013-08-02 10:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-13 16:32 - 2013-08-02 10:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 16:32 - 2013-08-02 10:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-13 16:32 - 2013-08-02 09:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-13 16:32 - 2013-08-02 09:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-13 16:32 - 2013-08-02 09:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-13 16:32 - 2013-08-02 09:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-13 16:32 - 2013-08-02 09:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 16:32 - 2013-08-02 08:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-13 16:32 - 2013-08-02 08:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-13 16:32 - 2013-08-02 08:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-13 16:32 - 2013-08-02 08:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-13 16:32 - 2013-08-02 08:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-13 16:32 - 2013-08-02 08:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 08:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 08:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 08:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-13 16:32 - 2013-07-26 10:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 16:32 - 2013-07-26 10:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-13 16:32 - 2013-07-26 09:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-13 16:32 - 2013-07-26 09:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-10 22:49 - 2013-09-10 22:49 - 00000000 ____D C:\Users\RichardS\Documents\UE-Hasop
2013-09-10 22:40 - 2013-09-14 21:40 - 00000000 ____D C:\Users\RichardS\Documents\UE-Physics
2013-09-10 22:38 - 2013-09-10 22:41 - 00000000 ____D C:\Users\RichardS\Documents\UE-Dbms
2013-09-10 22:35 - 2011-01-01 00:04 - 00000000 ____D C:\Users\RichardS\Documents\UE-Others
2013-09-10 22:26 - 2013-09-10 22:51 - 00000000 ____D C:\Users\RichardS\Documents\UE-Opsys
2013-09-10 22:25 - 2013-10-05 16:04 - 00000000 ____D C:\Users\RichardS\Documents\UE-English
2013-09-10 22:25 - 2011-01-01 00:07 - 00000000 ____D C:\Users\RichardS\Documents\UE-Coarc
2013-09-10 22:24 - 2011-01-01 00:08 - 00000000 ____D C:\Users\RichardS\Documents\UE-Sweng
2013-09-10 17:48 - 2013-09-10 17:48 - 00000000 ____D C:\ProgramData\Steam
2013-09-10 16:20 - 2013-09-10 17:23 - 00000000 ____D C:\Program Files (x86)\Resident Evil 6
2013-09-09 22:32 - 2013-09-09 22:32 - 00000000 ____D C:\Users\RichardS\Documents\Red Alert 3 Uprising
2013-09-09 18:56 - 2013-09-09 22:32 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Red Alert 3 Uprising
2013-09-09 18:16 - 2013-09-09 18:16 - 00003138 _____ C:\Windows\System32\Tasks\{3302051F-5549-42DC-9157-66B7AA4470F5}
 
==================== One Month Modified Files and Folders =======
 
2013-10-09 18:28 - 2013-10-09 18:28 - 00008584 _____ C:\UsbFix [Listing 1 ] GEL.txt
2013-10-09 18:28 - 2013-10-09 17:49 - 00000000 ____D C:\UsbFix
2013-10-09 18:27 - 2012-12-12 16:45 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-09 18:23 - 2013-10-09 18:22 - 00003161 _____ C:\UsbFix [Scan 3] GEL.txt
2013-10-09 18:23 - 2013-10-09 18:00 - 00002110 _____ C:\Users\RichardS\Desktop\SosVirus On Facebook.lnk
2013-10-09 18:23 - 2013-10-09 18:00 - 00002102 _____ C:\Users\RichardS\Desktop\UsbFix Faire un Don.lnk
2013-10-09 18:23 - 2013-10-09 18:00 - 00002086 _____ C:\Users\RichardS\Desktop\SosVirus Forum.lnk
2013-10-09 18:19 - 2009-07-14 12:45 - 00021200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-09 18:19 - 2009-07-14 12:45 - 00021200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-09 18:16 - 2013-08-13 07:25 - 01485514 _____ C:\Windows\WindowsUpdate.log
2013-10-09 18:12 - 2013-01-31 10:54 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-10-09 18:11 - 2013-08-28 16:00 - 00003496 _____ C:\Windows\System32\Tasks\gg_uac_daemon_RichardS
2013-10-09 18:11 - 2012-12-12 16:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-09 18:10 - 2013-10-06 23:09 - 00000896 _____ C:\Windows\setupact.log
2013-10-09 18:10 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-09 18:07 - 2013-10-09 18:06 - 00039125 _____ C:\Users\RichardS\Downloads\Addition.txt
2013-10-09 18:05 - 2013-10-09 18:05 - 00000000 ____D C:\FRST
2013-10-09 18:04 - 2009-07-14 13:13 - 00933982 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-09 18:03 - 2013-02-20 13:35 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2618486259-1879759754-354466961-1000UA.job
2013-10-09 17:58 - 2012-07-03 21:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-09 17:49 - 2013-10-09 17:48 - 01540681 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\RichardS\Downloads\UsbFix (1).exe
2013-10-09 16:09 - 2013-07-07 19:04 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2618486259-1879759754-354466961-1000UA.job
2013-10-08 23:31 - 2013-10-07 18:03 - 01881576 _____ C:\Users\RichardS\AppData\Roaming\ICARE.LOG
2013-10-08 20:04 - 2013-02-20 13:35 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2618486259-1879759754-354466961-1000Core.job
2013-10-08 19:30 - 2012-12-20 13:15 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\vlc
2013-10-08 19:11 - 2013-07-07 19:04 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2618486259-1879759754-354466961-1000Core.job
2013-10-08 18:32 - 2013-10-08 18:31 - 01954124 _____ (Farbar) C:\Users\RichardS\Downloads\FRST64.exe
2013-10-08 18:16 - 2013-10-08 18:16 - 00657408 _____ C:\Users\RichardS\Downloads\MicrosoftFixit50475.msi
2013-10-08 18:16 - 2013-10-08 18:16 - 00655360 _____ C:\Users\RichardS\Downloads\MicrosoftFixit50471.msi
2013-10-08 17:58 - 2013-10-08 17:58 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-08 17:58 - 2013-10-08 17:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-08 17:50 - 2013-10-08 17:48 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\RichardS\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-10-08 17:44 - 2013-01-31 11:03 - 00000000 ____D C:\Users\RichardS\AppData\Local\Adobe
2013-10-08 17:41 - 2013-01-31 10:54 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-10-07 21:25 - 2013-08-13 18:16 - 00000000 ____D C:\Users\RichardS\AppData\Local\TNT2
2013-10-07 19:36 - 2012-12-15 07:20 - 00000000 ____D C:\Program Files\Starcraft
2013-10-07 19:36 - 2012-12-15 07:19 - 00000000 ____D C:\Program Files\Warcraft III
2013-10-07 18:02 - 2013-10-07 18:02 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Malwarebytes
2013-10-07 18:02 - 2013-10-07 18:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-07 18:01 - 2012-07-03 21:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-07 18:01 - 2012-07-03 21:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-07 18:01 - 2012-07-03 21:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-07 17:59 - 2013-09-29 07:29 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-10-07 17:57 - 2013-10-07 17:57 - 00017028 _____ C:\Users\RichardS\Downloads\AutoRunExterminator-1.8.zip
2013-10-07 04:26 - 2012-10-11 05:00 - 00000000 ___RD C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-06 23:09 - 2013-10-06 23:09 - 00000000 _____ C:\Windows\setuperr.log
2013-10-06 19:21 - 2013-10-06 18:08 - 589458084 _____ C:\Users\RichardS\Downloads\Insidious_Chapter_2_2013_CAM_X264-PLAYNOW.flv.mp4
2013-10-06 18:48 - 2013-10-06 18:48 - 00000000 ____D C:\Users\RichardS\Documents\New folder
2013-10-06 14:14 - 2013-07-03 15:21 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Mozilla
2013-10-05 17:01 - 2012-12-28 12:41 - 00000000 ____D C:\Users\RichardS\Documents\MOVIES
2013-10-05 16:04 - 2013-09-10 22:25 - 00000000 ____D C:\Users\RichardS\Documents\UE-English
2013-10-04 18:20 - 2013-10-04 18:20 - 00003126 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC
2013-10-04 18:20 - 2013-10-04 18:19 - 00000023 _____ C:\Windows\Model.txt
2013-10-04 18:05 - 2012-12-20 13:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-04 18:05 - 2012-07-03 22:18 - 00000000 ____D C:\ProgramData\Skype
2013-10-04 18:04 - 2013-10-04 18:04 - 00000000 ____D C:\ProgramData\Oracle
2013-10-04 05:59 - 2013-10-04 18:03 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-04 05:59 - 2013-10-04 18:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-04 05:59 - 2013-10-04 18:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-04 05:59 - 2013-10-04 18:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-04 05:59 - 2013-04-06 23:18 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-04 05:59 - 2013-01-19 12:33 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-10-04 05:59 - 2012-07-03 21:04 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-01 23:23 - 2012-12-20 15:53 - 00000000 ___RD C:\Users\SALVE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-01 23:23 - 2012-12-20 15:53 - 00000000 ___RD C:\Users\SALVE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-29 07:37 - 2013-09-29 07:37 - 00000000 ____D C:\Users\RichardS\Documents\VideoPad Projects
2013-09-29 07:29 - 2013-09-29 07:29 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\NCH Software
2013-09-29 07:29 - 2013-09-29 07:29 - 00000000 ____D C:\ProgramData\NCH Software
2013-09-17 21:47 - 2013-09-17 21:43 - 00001904 _____ C:\Users\RichardS\Desktop\Counter-Strike.lnk
2013-09-17 21:44 - 2013-09-17 21:44 - 00000000 ____D C:\SAVE
2013-09-17 21:43 - 2013-09-17 21:32 - 00001870 _____ C:\Users\SALVE\Desktop\Counter-Strike.lnk
2013-09-17 21:43 - 2013-09-17 21:32 - 00001159 _____ C:\Users\SALVE\Desktop\Counter-Strike Manual.lnk
2013-09-17 21:43 - 2012-12-15 07:26 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-17 21:41 - 2013-09-17 21:41 - 00001774 _____ C:\Users\SALVE\Desktop\Half-Life.lnk
2013-09-17 21:41 - 2013-09-17 21:41 - 00000103 _____ C:\Windows\sierra.ini
2013-09-17 21:41 - 2013-09-17 21:41 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sierra
2013-09-17 21:40 - 2013-09-17 21:40 - 00000000 ____D C:\Program Files\Sierra
2013-09-17 21:37 - 2013-09-17 21:37 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\PowerISO
2013-09-17 21:36 - 2013-09-17 21:36 - 00000000 ____D C:\Users\Public\Documents\Adobe
2013-09-17 21:36 - 2013-07-18 11:47 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-09-17 21:36 - 2012-07-03 21:55 - 00000000 ____D C:\ProgramData\Adobe
2013-09-17 21:33 - 2013-09-17 21:33 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\POD-Bot 2.5
2013-09-15 17:05 - 2012-10-11 05:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-15 13:27 - 2013-08-13 11:02 - 00000000 ____D C:\Users\RichardS\Documents\THESIS
2013-09-15 08:19 - 2013-08-27 10:54 - 00001456 _____ C:\Users\RichardS\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-09-15 08:19 - 2013-08-27 09:55 - 00000000 ____D C:\Users\RichardS\Documents\PROTOTYPE
2013-09-14 21:40 - 2013-09-10 22:40 - 00000000 ____D C:\Users\RichardS\Documents\UE-Physics
2013-09-14 21:40 - 2011-02-11 06:48 - 00000000 ____D C:\Windows\Panther
2013-09-14 20:06 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2013-09-14 09:08 - 2013-09-14 09:08 - 00002067 _____ C:\Users\Public\Desktop\Remote PC Server.lnk
2013-09-14 09:08 - 2013-09-14 09:08 - 00000000 ____D C:\Program Files (x86)\Remote PC Server 1.0.4
2013-09-13 18:49 - 2012-10-11 05:00 - 00000000 ___RD C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-13 18:46 - 2009-07-14 12:45 - 05065624 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 18:38 - 2013-07-19 00:19 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 18:35 - 2012-12-29 12:56 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-13 17:01 - 2013-09-13 17:01 - 00002296 _____ C:\Users\SALVE\Desktop\AutoWarkey.lnk
2013-09-13 17:01 - 2013-09-13 17:01 - 00002218 _____ C:\Users\SALVE\Desktop\Warkeys.lnk
2013-09-13 17:01 - 2013-09-13 17:01 - 00000991 _____ C:\Users\SALVE\Desktop\Warkeys Help.lnk
2013-09-10 22:51 - 2013-09-10 22:26 - 00000000 ____D C:\Users\RichardS\Documents\UE-Opsys
2013-09-10 22:49 - 2013-09-10 22:49 - 00000000 ____D C:\Users\RichardS\Documents\UE-Hasop
2013-09-10 22:42 - 2013-03-19 12:27 - 00000000 ____D C:\Users\RichardS\Documents\UE-C sharp
2013-09-10 22:41 - 2013-09-10 22:38 - 00000000 ____D C:\Users\RichardS\Documents\UE-Dbms
2013-09-10 17:48 - 2013-09-10 17:48 - 00000000 ____D C:\ProgramData\Steam
2013-09-10 17:48 - 2013-04-02 02:30 - 00000000 ____D C:\Users\RichardS\Documents\CAPCOM
2013-09-10 17:23 - 2013-09-10 16:20 - 00000000 ____D C:\Program Files (x86)\Resident Evil 6
2013-09-09 22:32 - 2013-09-09 22:32 - 00000000 ____D C:\Users\RichardS\Documents\Red Alert 3 Uprising
2013-09-09 22:32 - 2013-09-09 18:56 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Red Alert 3 Uprising
2013-09-09 18:46 - 2013-08-19 18:17 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-09-09 18:16 - 2013-09-09 18:16 - 00003138 _____ C:\Windows\System32\Tasks\{3302051F-5549-42DC-9157-66B7AA4470F5}
 
Some content of TEMP:
====================
C:\Users\RichardS\AppData\Local\Temp\GLF18D3.EXE
C:\Users\RichardS\AppData\Local\Temp\GLF25A0.EXE
C:\Users\RichardS\AppData\Local\Temp\GLF7A82.EXE
C:\Users\RichardS\AppData\Local\Temp\GLF7E1B.EXE
C:\Users\SALVE\AppData\Local\Temp\{F2991848-A4D9-4744-8544-09D5BA4C312D}-26.0.1410.43_25.0.1364.172_chrome_updater.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-09-24 19:18
 
==================== End Of Log ============================


#3 bulex

bulex
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 09 October 2013 - 05:36 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by RichardS (administrator) on GEL on 09-10-2013 18:35:12
Running from C:\Users\RichardS\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Windows\SysWOW64\SupportAppXL\cdrom_mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Sony Corporation) c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
() C:\Program Files\Sony\VAIO Care\esrv\esrv.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Rozky) C:\Program Files (x86)\Remote PC Server 1.0.4\Remote PC Server.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-27] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2870032 2012-02-24] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Runonce: [] -  [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [kpcgrhynko] - C:\Users\RichardS\AppData\Roaming\kpcgrhynko..vbs [167773 2013-08-17] ()
MountPoints2: {4f8d6960-530d-11e2-bb1c-30f9edeed481} - E:\AutoRun.exe
MountPoints2: {4f8d6966-530d-11e2-bb1c-30f9edeed481} - E:\AutoRun.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-23] (Intel Corporation)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ContentTransferWMDetector.exe] - C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kpcgrhynko..vbs ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.search.us.com/v/2/?guid={9320909B-7EA0-45AB-813B-69F9DFA83306}&serpv=5
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.sony.ca
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.sony.ca
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {559BACC0-783D-4054-852E-85C8F8FA5060} URL = http://search.us.com/serp?guid={5B4DD82A-1A80-4357-9DEA-E852E6B0ABBB}&action=default_search&serpv=5&k={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10513
SearchScopes: HKCU - {F92404BC-893D-4D49-A276-0DCCCAD2CC09} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10511
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU -  No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7720B186-DB72-41C2-8BFA-0409BDFE7D89}: [NameServer]202.138.128.50 202.138.128.54
 
FireFox:
========
FF ProfilePath: C:\Users\RichardS\AppData\Roaming\Mozilla\Firefox\Profiles\wt0rsjfd.default
FF user.js: detected! => C:\Users\RichardS\AppData\Roaming\Mozilla\Firefox\Profiles\wt0rsjfd.default\user.js
FF NewTab: file:///C:\\Users\\RichardS\\AppData\\Local\\TNT2\\Common\\pinnedSearch.htm
FF DefaultSearchEngine: Search.us
FF Homepage: hxxp://start.search.us.com/v/2/?guid={9320909B-7EA0-45AB-813B-69F9DFA83306}&serpv=5
FF Keyword.URL: hxxp://search.us.com/serp?guid={5B4DD82A-1A80-4357-9DEA-E852E6B0ABBB}&action=default_search&serpv=5&k=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\RichardS\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\RichardS\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\RichardS\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\RichardS\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\RichardS\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\RichardS\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
 
Chrome: 
=======
CHR HomePage: hxxp://sony.msn.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.445_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.445_0\plugin/npABPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.445_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.10.8) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 7 U1) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Media Go Detector) - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
CHR Plugin: (PlayStation®Network Downloader Check Plug-in) - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.12.0.13601_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
 
==================== Services (Whitelisted) =================
 
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Autorun CDROM Monitor; C:\Windows\SysWow64\SupportAppXL\cdrom_mon.exe [81920 2009-10-11] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-23] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-23] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-23] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [210784 2011-04-24] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [61916000 2011-04-24] (Microsoft Corporation)
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe [54568288 2010-04-03] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-22] (Sony Corporation)
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2175328 2011-04-24] (Microsoft Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-12-01] (Sony Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [428384 2011-04-24] (Microsoft Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-24] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-23] ()
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-30] (Sony Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
R3 MSSQLFDLauncher; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.MSSQLSERVER [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-27] (ArcSoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 rimssne; C:\Windows\System32\DRIVERS\rimssne64.sys [102912 2012-02-24] (REDC)
R2 risdsnxc; C:\Windows\System32\DRIVERS\risdsnxc64.sys [104448 2012-02-23] (REDC)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2012-11-07] ()
S3 VSPerfDrv100; C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 VSPerfDrv100; C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-09 18:28 - 2013-10-09 18:28 - 00008584 _____ C:\UsbFix [Listing 1 ] GEL.txt
2013-10-09 18:22 - 2013-10-09 18:23 - 00003161 _____ C:\UsbFix [Scan 3] GEL.txt
2013-10-09 18:06 - 2013-10-09 18:07 - 00039125 _____ C:\Users\RichardS\Downloads\Addition.txt
2013-10-09 18:05 - 2013-10-09 18:05 - 00000000 ____D C:\FRST
2013-10-09 18:00 - 2013-10-09 18:23 - 00002110 _____ C:\Users\RichardS\Desktop\SosVirus On Facebook.lnk
2013-10-09 18:00 - 2013-10-09 18:23 - 00002102 _____ C:\Users\RichardS\Desktop\UsbFix Faire un Don.lnk
2013-10-09 18:00 - 2013-10-09 18:23 - 00002086 _____ C:\Users\RichardS\Desktop\SosVirus Forum.lnk
2013-10-09 17:49 - 2013-10-09 18:28 - 00000000 ____D C:\UsbFix
2013-10-09 17:48 - 2013-10-09 17:49 - 01540681 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\RichardS\Downloads\UsbFix (1).exe
2013-10-08 18:31 - 2013-10-08 18:32 - 01954124 _____ (Farbar) C:\Users\RichardS\Downloads\FRST64.exe
2013-10-08 18:16 - 2013-10-08 18:16 - 00657408 _____ C:\Users\RichardS\Downloads\MicrosoftFixit50475.msi
2013-10-08 18:16 - 2013-10-08 18:16 - 00655360 _____ C:\Users\RichardS\Downloads\MicrosoftFixit50471.msi
2013-10-08 17:58 - 2013-10-08 17:58 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-08 17:58 - 2013-10-08 17:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-08 17:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-08 17:48 - 2013-10-08 17:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\RichardS\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-10-07 22:37 - 2011-01-01 00:13 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\iolo
2013-10-07 18:03 - 2013-10-08 23:31 - 01881576 _____ C:\Users\RichardS\AppData\Roaming\ICARE.LOG
2013-10-07 18:02 - 2013-10-07 18:02 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Malwarebytes
2013-10-07 18:02 - 2013-10-07 18:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-07 18:01 - 2010-05-13 14:53 - 00047104 _____ (Inside Core) C:\Users\RichardS\Desktop\AutoRunExterminator.exe
2013-10-07 17:57 - 2013-10-07 17:57 - 00017028 _____ C:\Users\RichardS\Downloads\AutoRunExterminator-1.8.zip
2013-10-07 04:26 - 2013-08-17 23:16 - 00167773 ___SH C:\Users\RichardS\AppData\Roaming\kpcgrhynko..vbs
2013-10-06 23:09 - 2013-10-09 18:10 - 00000896 _____ C:\Windows\setupact.log
2013-10-06 23:09 - 2013-10-06 23:09 - 00000000 _____ C:\Windows\setuperr.log
2013-10-06 18:48 - 2013-10-06 18:48 - 00000000 ____D C:\Users\RichardS\Documents\New folder
2013-10-06 18:08 - 2013-10-06 19:21 - 589458084 _____ C:\Users\RichardS\Downloads\Insidious_Chapter_2_2013_CAM_X264-PLAYNOW.flv.mp4
2013-10-04 18:20 - 2013-10-04 18:20 - 00003126 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC
2013-10-04 18:19 - 2013-10-04 18:20 - 00000023 _____ C:\Windows\Model.txt
2013-10-04 18:04 - 2013-10-04 18:04 - 00000000 ____D C:\ProgramData\Oracle
2013-10-04 18:03 - 2013-10-04 05:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-04 18:03 - 2013-10-04 05:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-04 18:03 - 2013-10-04 05:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-04 18:03 - 2013-10-04 05:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-29 07:37 - 2013-09-29 07:37 - 00000000 ____D C:\Users\RichardS\Documents\VideoPad Projects
2013-09-29 07:29 - 2013-10-07 17:59 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-09-29 07:29 - 2013-09-29 07:29 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\NCH Software
2013-09-29 07:29 - 2013-09-29 07:29 - 00000000 ____D C:\ProgramData\NCH Software
2013-09-17 21:44 - 2013-09-17 21:44 - 00000000 ____D C:\SAVE
2013-09-17 21:43 - 2013-09-17 21:47 - 00001904 _____ C:\Users\RichardS\Desktop\Counter-Strike.lnk
2013-09-17 21:41 - 2013-09-17 21:41 - 00001774 _____ C:\Users\SALVE\Desktop\Half-Life.lnk
2013-09-17 21:41 - 2013-09-17 21:41 - 00000103 _____ C:\Windows\sierra.ini
2013-09-17 21:41 - 2013-09-17 21:41 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sierra
2013-09-17 21:41 - 2001-07-31 10:55 - 00217088 _____ C:\Windows\SysWOW64\libmySQL.dll
2013-09-17 21:40 - 2013-09-17 21:40 - 00000000 ____D C:\Program Files\Sierra
2013-09-17 21:37 - 2013-09-17 21:37 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\PowerISO
2013-09-17 21:36 - 2013-09-17 21:36 - 00000000 ____D C:\Users\Public\Documents\Adobe
2013-09-17 21:33 - 2013-09-17 21:33 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\POD-Bot 2.5
2013-09-17 21:33 - 1999-12-17 09:13 - 00086016 _____ (MindVision Software) C:\Windows\unvise32.exe
2013-09-17 21:32 - 2013-09-17 21:43 - 00001870 _____ C:\Users\SALVE\Desktop\Counter-Strike.lnk
2013-09-17 21:32 - 2013-09-17 21:43 - 00001159 _____ C:\Users\SALVE\Desktop\Counter-Strike Manual.lnk
2013-09-14 09:08 - 2013-09-14 09:08 - 00002067 _____ C:\Users\Public\Desktop\Remote PC Server.lnk
2013-09-14 09:08 - 2013-09-14 09:08 - 00000000 ____D C:\Program Files (x86)\Remote PC Server 1.0.4
2013-09-13 18:38 - 2013-08-10 13:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 18:38 - 2013-08-10 13:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 18:38 - 2013-08-10 13:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 18:38 - 2013-08-10 13:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 18:38 - 2013-08-10 13:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 18:38 - 2013-08-10 13:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 18:38 - 2013-08-10 11:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 18:38 - 2013-08-10 11:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-13 18:38 - 2013-08-10 11:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 18:38 - 2013-08-10 11:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 18:38 - 2013-08-10 10:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-13 18:38 - 2013-08-10 10:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-13 17:01 - 2013-09-13 17:01 - 00002296 _____ C:\Users\SALVE\Desktop\AutoWarkey.lnk
2013-09-13 17:01 - 2013-09-13 17:01 - 00002218 _____ C:\Users\SALVE\Desktop\Warkeys.lnk
2013-09-13 17:01 - 2013-09-13 17:01 - 00000991 _____ C:\Users\SALVE\Desktop\Warkeys Help.lnk
2013-09-13 16:32 - 2013-08-08 09:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 16:32 - 2013-08-05 10:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-13 16:32 - 2013-08-02 10:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-13 16:32 - 2013-08-02 10:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-13 16:32 - 2013-08-02 10:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-13 16:32 - 2013-08-02 10:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-13 16:32 - 2013-08-02 10:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-13 16:32 - 2013-08-02 10:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 16:32 - 2013-08-02 10:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-13 16:32 - 2013-08-02 10:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 16:32 - 2013-08-02 10:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-13 16:32 - 2013-08-02 09:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-13 16:32 - 2013-08-02 09:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-13 16:32 - 2013-08-02 09:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-13 16:32 - 2013-08-02 09:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-13 16:32 - 2013-08-02 09:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 16:32 - 2013-08-02 08:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-13 16:32 - 2013-08-02 08:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-13 16:32 - 2013-08-02 08:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-13 16:32 - 2013-08-02 08:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-13 16:32 - 2013-08-02 08:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-13 16:32 - 2013-08-02 08:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 08:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 08:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 08:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-13 16:32 - 2013-07-26 10:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 16:32 - 2013-07-26 10:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-13 16:32 - 2013-07-26 09:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-13 16:32 - 2013-07-26 09:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-10 22:49 - 2013-09-10 22:49 - 00000000 ____D C:\Users\RichardS\Documents\UE-Hasop
2013-09-10 22:40 - 2013-09-14 21:40 - 00000000 ____D C:\Users\RichardS\Documents\UE-Physics
2013-09-10 22:38 - 2013-09-10 22:41 - 00000000 ____D C:\Users\RichardS\Documents\UE-Dbms
2013-09-10 22:35 - 2011-01-01 00:04 - 00000000 ____D C:\Users\RichardS\Documents\UE-Others
2013-09-10 22:26 - 2013-09-10 22:51 - 00000000 ____D C:\Users\RichardS\Documents\UE-Opsys
2013-09-10 22:25 - 2013-10-05 16:04 - 00000000 ____D C:\Users\RichardS\Documents\UE-English
2013-09-10 22:25 - 2011-01-01 00:07 - 00000000 ____D C:\Users\RichardS\Documents\UE-Coarc
2013-09-10 22:24 - 2011-01-01 00:08 - 00000000 ____D C:\Users\RichardS\Documents\UE-Sweng
2013-09-10 17:48 - 2013-09-10 17:48 - 00000000 ____D C:\ProgramData\Steam
2013-09-10 16:20 - 2013-09-10 17:23 - 00000000 ____D C:\Program Files (x86)\Resident Evil 6
2013-09-09 22:32 - 2013-09-09 22:32 - 00000000 ____D C:\Users\RichardS\Documents\Red Alert 3 Uprising
2013-09-09 18:56 - 2013-09-09 22:32 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Red Alert 3 Uprising
2013-09-09 18:16 - 2013-09-09 18:16 - 00003138 _____ C:\Windows\System32\Tasks\{3302051F-5549-42DC-9157-66B7AA4470F5}
 
==================== One Month Modified Files and Folders =======
 
2013-10-09 18:28 - 2013-10-09 18:28 - 00008584 _____ C:\UsbFix [Listing 1 ] GEL.txt
2013-10-09 18:28 - 2013-10-09 17:49 - 00000000 ____D C:\UsbFix
2013-10-09 18:27 - 2012-12-12 16:45 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-09 18:23 - 2013-10-09 18:22 - 00003161 _____ C:\UsbFix [Scan 3] GEL.txt
2013-10-09 18:23 - 2013-10-09 18:00 - 00002110 _____ C:\Users\RichardS\Desktop\SosVirus On Facebook.lnk
2013-10-09 18:23 - 2013-10-09 18:00 - 00002102 _____ C:\Users\RichardS\Desktop\UsbFix Faire un Don.lnk
2013-10-09 18:23 - 2013-10-09 18:00 - 00002086 _____ C:\Users\RichardS\Desktop\SosVirus Forum.lnk
2013-10-09 18:19 - 2009-07-14 12:45 - 00021200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-09 18:19 - 2009-07-14 12:45 - 00021200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-09 18:16 - 2013-08-13 07:25 - 01485514 _____ C:\Windows\WindowsUpdate.log
2013-10-09 18:12 - 2013-01-31 10:54 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-10-09 18:11 - 2013-08-28 16:00 - 00003496 _____ C:\Windows\System32\Tasks\gg_uac_daemon_RichardS
2013-10-09 18:11 - 2012-12-12 16:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-09 18:10 - 2013-10-06 23:09 - 00000896 _____ C:\Windows\setupact.log
2013-10-09 18:10 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-09 18:07 - 2013-10-09 18:06 - 00039125 _____ C:\Users\RichardS\Downloads\Addition.txt
2013-10-09 18:05 - 2013-10-09 18:05 - 00000000 ____D C:\FRST
2013-10-09 18:04 - 2009-07-14 13:13 - 00933982 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-09 18:03 - 2013-02-20 13:35 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2618486259-1879759754-354466961-1000UA.job
2013-10-09 17:58 - 2012-07-03 21:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-09 17:49 - 2013-10-09 17:48 - 01540681 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\RichardS\Downloads\UsbFix (1).exe
2013-10-09 16:09 - 2013-07-07 19:04 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2618486259-1879759754-354466961-1000UA.job
2013-10-08 23:31 - 2013-10-07 18:03 - 01881576 _____ C:\Users\RichardS\AppData\Roaming\ICARE.LOG
2013-10-08 20:04 - 2013-02-20 13:35 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2618486259-1879759754-354466961-1000Core.job
2013-10-08 19:30 - 2012-12-20 13:15 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\vlc
2013-10-08 19:11 - 2013-07-07 19:04 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2618486259-1879759754-354466961-1000Core.job
2013-10-08 18:32 - 2013-10-08 18:31 - 01954124 _____ (Farbar) C:\Users\RichardS\Downloads\FRST64.exe
2013-10-08 18:16 - 2013-10-08 18:16 - 00657408 _____ C:\Users\RichardS\Downloads\MicrosoftFixit50475.msi
2013-10-08 18:16 - 2013-10-08 18:16 - 00655360 _____ C:\Users\RichardS\Downloads\MicrosoftFixit50471.msi
2013-10-08 17:58 - 2013-10-08 17:58 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-08 17:58 - 2013-10-08 17:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-08 17:50 - 2013-10-08 17:48 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\RichardS\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-10-08 17:44 - 2013-01-31 11:03 - 00000000 ____D C:\Users\RichardS\AppData\Local\Adobe
2013-10-08 17:41 - 2013-01-31 10:54 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-10-07 21:25 - 2013-08-13 18:16 - 00000000 ____D C:\Users\RichardS\AppData\Local\TNT2
2013-10-07 19:36 - 2012-12-15 07:20 - 00000000 ____D C:\Program Files\Starcraft
2013-10-07 19:36 - 2012-12-15 07:19 - 00000000 ____D C:\Program Files\Warcraft III
2013-10-07 18:02 - 2013-10-07 18:02 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Malwarebytes
2013-10-07 18:02 - 2013-10-07 18:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-07 18:01 - 2012-07-03 21:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-07 18:01 - 2012-07-03 21:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-07 18:01 - 2012-07-03 21:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-07 17:59 - 2013-09-29 07:29 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-10-07 17:57 - 2013-10-07 17:57 - 00017028 _____ C:\Users\RichardS\Downloads\AutoRunExterminator-1.8.zip
2013-10-07 04:26 - 2012-10-11 05:00 - 00000000 ___RD C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-06 23:09 - 2013-10-06 23:09 - 00000000 _____ C:\Windows\setuperr.log
2013-10-06 19:21 - 2013-10-06 18:08 - 589458084 _____ C:\Users\RichardS\Downloads\Insidious_Chapter_2_2013_CAM_X264-PLAYNOW.flv.mp4
2013-10-06 18:48 - 2013-10-06 18:48 - 00000000 ____D C:\Users\RichardS\Documents\New folder
2013-10-06 14:14 - 2013-07-03 15:21 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Mozilla
2013-10-05 17:01 - 2012-12-28 12:41 - 00000000 ____D C:\Users\RichardS\Documents\MOVIES
2013-10-05 16:04 - 2013-09-10 22:25 - 00000000 ____D C:\Users\RichardS\Documents\UE-English
2013-10-04 18:20 - 2013-10-04 18:20 - 00003126 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC
2013-10-04 18:20 - 2013-10-04 18:19 - 00000023 _____ C:\Windows\Model.txt
2013-10-04 18:05 - 2012-12-20 13:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-04 18:05 - 2012-07-03 22:18 - 00000000 ____D C:\ProgramData\Skype
2013-10-04 18:04 - 2013-10-04 18:04 - 00000000 ____D C:\ProgramData\Oracle
2013-10-04 05:59 - 2013-10-04 18:03 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-04 05:59 - 2013-10-04 18:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-04 05:59 - 2013-10-04 18:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-04 05:59 - 2013-10-04 18:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-04 05:59 - 2013-04-06 23:18 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-04 05:59 - 2013-01-19 12:33 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-10-04 05:59 - 2012-07-03 21:04 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-01 23:23 - 2012-12-20 15:53 - 00000000 ___RD C:\Users\SALVE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-01 23:23 - 2012-12-20 15:53 - 00000000 ___RD C:\Users\SALVE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-29 07:37 - 2013-09-29 07:37 - 00000000 ____D C:\Users\RichardS\Documents\VideoPad Projects
2013-09-29 07:29 - 2013-09-29 07:29 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\NCH Software
2013-09-29 07:29 - 2013-09-29 07:29 - 00000000 ____D C:\ProgramData\NCH Software
2013-09-17 21:47 - 2013-09-17 21:43 - 00001904 _____ C:\Users\RichardS\Desktop\Counter-Strike.lnk
2013-09-17 21:44 - 2013-09-17 21:44 - 00000000 ____D C:\SAVE
2013-09-17 21:43 - 2013-09-17 21:32 - 00001870 _____ C:\Users\SALVE\Desktop\Counter-Strike.lnk
2013-09-17 21:43 - 2013-09-17 21:32 - 00001159 _____ C:\Users\SALVE\Desktop\Counter-Strike Manual.lnk
2013-09-17 21:43 - 2012-12-15 07:26 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-17 21:41 - 2013-09-17 21:41 - 00001774 _____ C:\Users\SALVE\Desktop\Half-Life.lnk
2013-09-17 21:41 - 2013-09-17 21:41 - 00000103 _____ C:\Windows\sierra.ini
2013-09-17 21:41 - 2013-09-17 21:41 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sierra
2013-09-17 21:40 - 2013-09-17 21:40 - 00000000 ____D C:\Program Files\Sierra
2013-09-17 21:37 - 2013-09-17 21:37 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\PowerISO
2013-09-17 21:36 - 2013-09-17 21:36 - 00000000 ____D C:\Users\Public\Documents\Adobe
2013-09-17 21:36 - 2013-07-18 11:47 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-09-17 21:36 - 2012-07-03 21:55 - 00000000 ____D C:\ProgramData\Adobe
2013-09-17 21:33 - 2013-09-17 21:33 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\POD-Bot 2.5
2013-09-15 17:05 - 2012-10-11 05:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-15 13:27 - 2013-08-13 11:02 - 00000000 ____D C:\Users\RichardS\Documents\THESIS
2013-09-15 08:19 - 2013-08-27 10:54 - 00001456 _____ C:\Users\RichardS\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-09-15 08:19 - 2013-08-27 09:55 - 00000000 ____D C:\Users\RichardS\Documents\PROTOTYPE
2013-09-14 21:40 - 2013-09-10 22:40 - 00000000 ____D C:\Users\RichardS\Documents\UE-Physics
2013-09-14 21:40 - 2011-02-11 06:48 - 00000000 ____D C:\Windows\Panther
2013-09-14 20:06 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2013-09-14 09:08 - 2013-09-14 09:08 - 00002067 _____ C:\Users\Public\Desktop\Remote PC Server.lnk
2013-09-14 09:08 - 2013-09-14 09:08 - 00000000 ____D C:\Program Files (x86)\Remote PC Server 1.0.4
2013-09-13 18:49 - 2012-10-11 05:00 - 00000000 ___RD C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-13 18:46 - 2009-07-14 12:45 - 05065624 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 18:38 - 2013-07-19 00:19 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 18:35 - 2012-12-29 12:56 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-13 17:01 - 2013-09-13 17:01 - 00002296 _____ C:\Users\SALVE\Desktop\AutoWarkey.lnk
2013-09-13 17:01 - 2013-09-13 17:01 - 00002218 _____ C:\Users\SALVE\Desktop\Warkeys.lnk
2013-09-13 17:01 - 2013-09-13 17:01 - 00000991 _____ C:\Users\SALVE\Desktop\Warkeys Help.lnk
2013-09-10 22:51 - 2013-09-10 22:26 - 00000000 ____D C:\Users\RichardS\Documents\UE-Opsys
2013-09-10 22:49 - 2013-09-10 22:49 - 00000000 ____D C:\Users\RichardS\Documents\UE-Hasop
2013-09-10 22:42 - 2013-03-19 12:27 - 00000000 ____D C:\Users\RichardS\Documents\UE-C sharp
2013-09-10 22:41 - 2013-09-10 22:38 - 00000000 ____D C:\Users\RichardS\Documents\UE-Dbms
2013-09-10 17:48 - 2013-09-10 17:48 - 00000000 ____D C:\ProgramData\Steam
2013-09-10 17:48 - 2013-04-02 02:30 - 00000000 ____D C:\Users\RichardS\Documents\CAPCOM
2013-09-10 17:23 - 2013-09-10 16:20 - 00000000 ____D C:\Program Files (x86)\Resident Evil 6
2013-09-09 22:32 - 2013-09-09 22:32 - 00000000 ____D C:\Users\RichardS\Documents\Red Alert 3 Uprising
2013-09-09 22:32 - 2013-09-09 18:56 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Red Alert 3 Uprising
2013-09-09 18:46 - 2013-08-19 18:17 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-09-09 18:16 - 2013-09-09 18:16 - 00003138 _____ C:\Windows\System32\Tasks\{3302051F-5549-42DC-9157-66B7AA4470F5}
 
Some content of TEMP:
====================
C:\Users\RichardS\AppData\Local\Temp\GLF18D3.EXE
C:\Users\RichardS\AppData\Local\Temp\GLF25A0.EXE
C:\Users\RichardS\AppData\Local\Temp\GLF7A82.EXE
C:\Users\RichardS\AppData\Local\Temp\GLF7E1B.EXE
C:\Users\SALVE\AppData\Local\Temp\{F2991848-A4D9-4744-8544-09D5BA4C312D}-26.0.1410.43_25.0.1364.172_chrome_updater.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== BCD ================================
 
Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {51a65159-c511-11e1-9dda-e781ee3c2983}
                        {51a6515a-c511-11e1-9dda-e781ee3c2983}
                        {51a6515b-c511-11e1-9dda-e781ee3c2983}
                        {bootmgr}
                        {45ce28c9-f8ea-11e1-a866-806e6f6e6963}
                        {45ce28c8-f8ea-11e1-a866-806e6f6e6963}
timeout                 0
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {e58fed3e-f8c8-11e1-b29f-806e6f6e6963}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Firmware Application (101fffff)
-------------------------------
identifier              {45ce28c8-f8ea-11e1-a866-806e6f6e6963}
description             CD/DVD Drive 
 
Firmware Application (101fffff)
-------------------------------
identifier              {45ce28c9-f8ea-11e1-a866-806e6f6e6963}
description             Hard Drive 
 
Firmware Application (101fffff)
-------------------------------
identifier              {51a65159-c511-11e1-9dda-e781ee3c2983}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
 
Firmware Application (101fffff)
-------------------------------
identifier              {51a6515a-c511-11e1-9dda-e781ee3c2983}
description             Windows Boot Manager
 
Firmware Application (101fffff)
-------------------------------
identifier              {51a6515b-c511-11e1-9dda-e781ee3c2983}
description             Windows Boot Manager
 
Windows Boot Loader
-------------------
identifier              {51a6515d-c511-11e1-9dda-e781ee3c2983}
device                  unknown
path                    \Windows\system32\winload.efi
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
osdevice                unknown
systemroot              \Windows
resumeobject            {51a6515c-c511-11e1-9dda-e781ee3c2983}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.efi
description             Windows 7 Home Premium (recovered) 
locale                  en-US
osdevice                partition=C:
systemroot              \Windows
resumeobject            {e58fed3e-f8c8-11e1-b29f-806e6f6e6963}
 
Resume from Hibernate
---------------------
identifier              {51a6515c-c511-11e1-9dda-e781ee3c2983}
device                  unknown
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              unknown
filepath                \hiberfil.sys
debugoptionenabled      No
 
Resume from Hibernate
---------------------
identifier              {e58fed3e-f8c8-11e1-b29f-806e6f6e6963}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows 7 Home Premium (recovered) 
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by RichardS (administrator) on GEL on 09-10-2013 18:35:12
Running from C:\Users\RichardS\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Windows\SysWOW64\SupportAppXL\cdrom_mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Sony Corporation) c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
() C:\Program Files\Sony\VAIO Care\esrv\esrv.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Rozky) C:\Program Files (x86)\Remote PC Server 1.0.4\Remote PC Server.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-27] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2870032 2012-02-24] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Runonce: [] -  [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [kpcgrhynko] - C:\Users\RichardS\AppData\Roaming\kpcgrhynko..vbs [167773 2013-08-17] ()
MountPoints2: {4f8d6960-530d-11e2-bb1c-30f9edeed481} - E:\AutoRun.exe
MountPoints2: {4f8d6966-530d-11e2-bb1c-30f9edeed481} - E:\AutoRun.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-23] (Intel Corporation)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ContentTransferWMDetector.exe] - C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kpcgrhynko..vbs ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.search.us.com/v/2/?guid={9320909B-7EA0-45AB-813B-69F9DFA83306}&serpv=5
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.sony.ca
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.sony.ca
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {559BACC0-783D-4054-852E-85C8F8FA5060} URL = http://search.us.com/serp?guid={5B4DD82A-1A80-4357-9DEA-E852E6B0ABBB}&action=default_search&serpv=5&k={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10513
SearchScopes: HKCU - {F92404BC-893D-4D49-A276-0DCCCAD2CC09} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10511
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU -  No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7720B186-DB72-41C2-8BFA-0409BDFE7D89}: [NameServer]202.138.128.50 202.138.128.54
 
FireFox:
========
FF ProfilePath: C:\Users\RichardS\AppData\Roaming\Mozilla\Firefox\Profiles\wt0rsjfd.default
FF user.js: detected! => C:\Users\RichardS\AppData\Roaming\Mozilla\Firefox\Profiles\wt0rsjfd.default\user.js
FF NewTab: file:///C:\\Users\\RichardS\\AppData\\Local\\TNT2\\Common\\pinnedSearch.htm
FF DefaultSearchEngine: Search.us
FF Homepage: hxxp://start.search.us.com/v/2/?guid={9320909B-7EA0-45AB-813B-69F9DFA83306}&serpv=5
FF Keyword.URL: hxxp://search.us.com/serp?guid={5B4DD82A-1A80-4357-9DEA-E852E6B0ABBB}&action=default_search&serpv=5&k=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\RichardS\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\RichardS\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\RichardS\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\RichardS\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\RichardS\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\RichardS\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
 
Chrome: 
=======
CHR HomePage: hxxp://sony.msn.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.445_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.445_0\plugin/npABPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.445_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.10.8) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 7 U1) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Media Go Detector) - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
CHR Plugin: (PlayStation®Network Downloader Check Plug-in) - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.12.0.13601_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\RichardS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
 
==================== Services (Whitelisted) =================
 
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Autorun CDROM Monitor; C:\Windows\SysWow64\SupportAppXL\cdrom_mon.exe [81920 2009-10-11] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-23] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-23] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-23] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [210784 2011-04-24] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [61916000 2011-04-24] (Microsoft Corporation)
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe [54568288 2010-04-03] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-22] (Sony Corporation)
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2175328 2011-04-24] (Microsoft Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-12-01] (Sony Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [428384 2011-04-24] (Microsoft Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-24] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-23] ()
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-30] (Sony Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
R3 MSSQLFDLauncher; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.MSSQLSERVER [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-27] (ArcSoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 rimssne; C:\Windows\System32\DRIVERS\rimssne64.sys [102912 2012-02-24] (REDC)
R2 risdsnxc; C:\Windows\System32\DRIVERS\risdsnxc64.sys [104448 2012-02-23] (REDC)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2012-11-07] ()
S3 VSPerfDrv100; C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 VSPerfDrv100; C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-09 18:28 - 2013-10-09 18:28 - 00008584 _____ C:\UsbFix [Listing 1 ] GEL.txt
2013-10-09 18:22 - 2013-10-09 18:23 - 00003161 _____ C:\UsbFix [Scan 3] GEL.txt
2013-10-09 18:06 - 2013-10-09 18:07 - 00039125 _____ C:\Users\RichardS\Downloads\Addition.txt
2013-10-09 18:05 - 2013-10-09 18:05 - 00000000 ____D C:\FRST
2013-10-09 18:00 - 2013-10-09 18:23 - 00002110 _____ C:\Users\RichardS\Desktop\SosVirus On Facebook.lnk
2013-10-09 18:00 - 2013-10-09 18:23 - 00002102 _____ C:\Users\RichardS\Desktop\UsbFix Faire un Don.lnk
2013-10-09 18:00 - 2013-10-09 18:23 - 00002086 _____ C:\Users\RichardS\Desktop\SosVirus Forum.lnk
2013-10-09 17:49 - 2013-10-09 18:28 - 00000000 ____D C:\UsbFix
2013-10-09 17:48 - 2013-10-09 17:49 - 01540681 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\RichardS\Downloads\UsbFix (1).exe
2013-10-08 18:31 - 2013-10-08 18:32 - 01954124 _____ (Farbar) C:\Users\RichardS\Downloads\FRST64.exe
2013-10-08 18:16 - 2013-10-08 18:16 - 00657408 _____ C:\Users\RichardS\Downloads\MicrosoftFixit50475.msi
2013-10-08 18:16 - 2013-10-08 18:16 - 00655360 _____ C:\Users\RichardS\Downloads\MicrosoftFixit50471.msi
2013-10-08 17:58 - 2013-10-08 17:58 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-08 17:58 - 2013-10-08 17:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-08 17:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-08 17:48 - 2013-10-08 17:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\RichardS\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-10-07 22:37 - 2011-01-01 00:13 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\iolo
2013-10-07 18:03 - 2013-10-08 23:31 - 01881576 _____ C:\Users\RichardS\AppData\Roaming\ICARE.LOG
2013-10-07 18:02 - 2013-10-07 18:02 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Malwarebytes
2013-10-07 18:02 - 2013-10-07 18:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-07 18:01 - 2010-05-13 14:53 - 00047104 _____ (Inside Core) C:\Users\RichardS\Desktop\AutoRunExterminator.exe
2013-10-07 17:57 - 2013-10-07 17:57 - 00017028 _____ C:\Users\RichardS\Downloads\AutoRunExterminator-1.8.zip
2013-10-07 04:26 - 2013-08-17 23:16 - 00167773 ___SH C:\Users\RichardS\AppData\Roaming\kpcgrhynko..vbs
2013-10-06 23:09 - 2013-10-09 18:10 - 00000896 _____ C:\Windows\setupact.log
2013-10-06 23:09 - 2013-10-06 23:09 - 00000000 _____ C:\Windows\setuperr.log
2013-10-06 18:48 - 2013-10-06 18:48 - 00000000 ____D C:\Users\RichardS\Documents\New folder
2013-10-06 18:08 - 2013-10-06 19:21 - 589458084 _____ C:\Users\RichardS\Downloads\Insidious_Chapter_2_2013_CAM_X264-PLAYNOW.flv.mp4
2013-10-04 18:20 - 2013-10-04 18:20 - 00003126 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC
2013-10-04 18:19 - 2013-10-04 18:20 - 00000023 _____ C:\Windows\Model.txt
2013-10-04 18:04 - 2013-10-04 18:04 - 00000000 ____D C:\ProgramData\Oracle
2013-10-04 18:03 - 2013-10-04 05:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-04 18:03 - 2013-10-04 05:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-04 18:03 - 2013-10-04 05:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-04 18:03 - 2013-10-04 05:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-29 07:37 - 2013-09-29 07:37 - 00000000 ____D C:\Users\RichardS\Documents\VideoPad Projects
2013-09-29 07:29 - 2013-10-07 17:59 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-09-29 07:29 - 2013-09-29 07:29 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\NCH Software
2013-09-29 07:29 - 2013-09-29 07:29 - 00000000 ____D C:\ProgramData\NCH Software
2013-09-17 21:44 - 2013-09-17 21:44 - 00000000 ____D C:\SAVE
2013-09-17 21:43 - 2013-09-17 21:47 - 00001904 _____ C:\Users\RichardS\Desktop\Counter-Strike.lnk
2013-09-17 21:41 - 2013-09-17 21:41 - 00001774 _____ C:\Users\SALVE\Desktop\Half-Life.lnk
2013-09-17 21:41 - 2013-09-17 21:41 - 00000103 _____ C:\Windows\sierra.ini
2013-09-17 21:41 - 2013-09-17 21:41 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sierra
2013-09-17 21:41 - 2001-07-31 10:55 - 00217088 _____ C:\Windows\SysWOW64\libmySQL.dll
2013-09-17 21:40 - 2013-09-17 21:40 - 00000000 ____D C:\Program Files\Sierra
2013-09-17 21:37 - 2013-09-17 21:37 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\PowerISO
2013-09-17 21:36 - 2013-09-17 21:36 - 00000000 ____D C:\Users\Public\Documents\Adobe
2013-09-17 21:33 - 2013-09-17 21:33 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\POD-Bot 2.5
2013-09-17 21:33 - 1999-12-17 09:13 - 00086016 _____ (MindVision Software) C:\Windows\unvise32.exe
2013-09-17 21:32 - 2013-09-17 21:43 - 00001870 _____ C:\Users\SALVE\Desktop\Counter-Strike.lnk
2013-09-17 21:32 - 2013-09-17 21:43 - 00001159 _____ C:\Users\SALVE\Desktop\Counter-Strike Manual.lnk
2013-09-14 09:08 - 2013-09-14 09:08 - 00002067 _____ C:\Users\Public\Desktop\Remote PC Server.lnk
2013-09-14 09:08 - 2013-09-14 09:08 - 00000000 ____D C:\Program Files (x86)\Remote PC Server 1.0.4
2013-09-13 18:38 - 2013-08-10 13:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 18:38 - 2013-08-10 13:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 18:38 - 2013-08-10 13:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 18:38 - 2013-08-10 13:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 18:38 - 2013-08-10 13:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 18:38 - 2013-08-10 13:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 18:38 - 2013-08-10 13:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 18:38 - 2013-08-10 11:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 18:38 - 2013-08-10 11:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 18:38 - 2013-08-10 11:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-13 18:38 - 2013-08-10 11:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 18:38 - 2013-08-10 11:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 18:38 - 2013-08-10 10:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-13 18:38 - 2013-08-10 10:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-13 17:01 - 2013-09-13 17:01 - 00002296 _____ C:\Users\SALVE\Desktop\AutoWarkey.lnk
2013-09-13 17:01 - 2013-09-13 17:01 - 00002218 _____ C:\Users\SALVE\Desktop\Warkeys.lnk
2013-09-13 17:01 - 2013-09-13 17:01 - 00000991 _____ C:\Users\SALVE\Desktop\Warkeys Help.lnk
2013-09-13 16:32 - 2013-08-08 09:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 16:32 - 2013-08-05 10:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-13 16:32 - 2013-08-02 10:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-13 16:32 - 2013-08-02 10:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-13 16:32 - 2013-08-02 10:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-13 16:32 - 2013-08-02 10:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-13 16:32 - 2013-08-02 10:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-13 16:32 - 2013-08-02 10:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 16:32 - 2013-08-02 10:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-13 16:32 - 2013-08-02 10:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 16:32 - 2013-08-02 10:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-13 16:32 - 2013-08-02 09:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-13 16:32 - 2013-08-02 09:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-13 16:32 - 2013-08-02 09:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-13 16:32 - 2013-08-02 09:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-13 16:32 - 2013-08-02 09:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 09:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 16:32 - 2013-08-02 08:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-13 16:32 - 2013-08-02 08:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-13 16:32 - 2013-08-02 08:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-13 16:32 - 2013-08-02 08:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-13 16:32 - 2013-08-02 08:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-13 16:32 - 2013-08-02 08:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 08:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 08:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 16:32 - 2013-08-02 08:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-13 16:32 - 2013-07-26 10:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 16:32 - 2013-07-26 10:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-13 16:32 - 2013-07-26 09:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-13 16:32 - 2013-07-26 09:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-10 22:49 - 2013-09-10 22:49 - 00000000 ____D C:\Users\RichardS\Documents\UE-Hasop
2013-09-10 22:40 - 2013-09-14 21:40 - 00000000 ____D C:\Users\RichardS\Documents\UE-Physics
2013-09-10 22:38 - 2013-09-10 22:41 - 00000000 ____D C:\Users\RichardS\Documents\UE-Dbms
2013-09-10 22:35 - 2011-01-01 00:04 - 00000000 ____D C:\Users\RichardS\Documents\UE-Others
2013-09-10 22:26 - 2013-09-10 22:51 - 00000000 ____D C:\Users\RichardS\Documents\UE-Opsys
2013-09-10 22:25 - 2013-10-05 16:04 - 00000000 ____D C:\Users\RichardS\Documents\UE-English
2013-09-10 22:25 - 2011-01-01 00:07 - 00000000 ____D C:\Users\RichardS\Documents\UE-Coarc
2013-09-10 22:24 - 2011-01-01 00:08 - 00000000 ____D C:\Users\RichardS\Documents\UE-Sweng
2013-09-10 17:48 - 2013-09-10 17:48 - 00000000 ____D C:\ProgramData\Steam
2013-09-10 16:20 - 2013-09-10 17:23 - 00000000 ____D C:\Program Files (x86)\Resident Evil 6
2013-09-09 22:32 - 2013-09-09 22:32 - 00000000 ____D C:\Users\RichardS\Documents\Red Alert 3 Uprising
2013-09-09 18:56 - 2013-09-09 22:32 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Red Alert 3 Uprising
2013-09-09 18:16 - 2013-09-09 18:16 - 00003138 _____ C:\Windows\System32\Tasks\{3302051F-5549-42DC-9157-66B7AA4470F5}
 
==================== One Month Modified Files and Folders =======
 
2013-10-09 18:28 - 2013-10-09 18:28 - 00008584 _____ C:\UsbFix [Listing 1 ] GEL.txt
2013-10-09 18:28 - 2013-10-09 17:49 - 00000000 ____D C:\UsbFix
2013-10-09 18:27 - 2012-12-12 16:45 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-09 18:23 - 2013-10-09 18:22 - 00003161 _____ C:\UsbFix [Scan 3] GEL.txt
2013-10-09 18:23 - 2013-10-09 18:00 - 00002110 _____ C:\Users\RichardS\Desktop\SosVirus On Facebook.lnk
2013-10-09 18:23 - 2013-10-09 18:00 - 00002102 _____ C:\Users\RichardS\Desktop\UsbFix Faire un Don.lnk
2013-10-09 18:23 - 2013-10-09 18:00 - 00002086 _____ C:\Users\RichardS\Desktop\SosVirus Forum.lnk
2013-10-09 18:19 - 2009-07-14 12:45 - 00021200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-09 18:19 - 2009-07-14 12:45 - 00021200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-09 18:16 - 2013-08-13 07:25 - 01485514 _____ C:\Windows\WindowsUpdate.log
2013-10-09 18:12 - 2013-01-31 10:54 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-10-09 18:11 - 2013-08-28 16:00 - 00003496 _____ C:\Windows\System32\Tasks\gg_uac_daemon_RichardS
2013-10-09 18:11 - 2012-12-12 16:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-09 18:10 - 2013-10-06 23:09 - 00000896 _____ C:\Windows\setupact.log
2013-10-09 18:10 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-09 18:07 - 2013-10-09 18:06 - 00039125 _____ C:\Users\RichardS\Downloads\Addition.txt
2013-10-09 18:05 - 2013-10-09 18:05 - 00000000 ____D C:\FRST
2013-10-09 18:04 - 2009-07-14 13:13 - 00933982 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-09 18:03 - 2013-02-20 13:35 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2618486259-1879759754-354466961-1000UA.job
2013-10-09 17:58 - 2012-07-03 21:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-09 17:49 - 2013-10-09 17:48 - 01540681 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\RichardS\Downloads\UsbFix (1).exe
2013-10-09 16:09 - 2013-07-07 19:04 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2618486259-1879759754-354466961-1000UA.job
2013-10-08 23:31 - 2013-10-07 18:03 - 01881576 _____ C:\Users\RichardS\AppData\Roaming\ICARE.LOG
2013-10-08 20:04 - 2013-02-20 13:35 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2618486259-1879759754-354466961-1000Core.job
2013-10-08 19:30 - 2012-12-20 13:15 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\vlc
2013-10-08 19:11 - 2013-07-07 19:04 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2618486259-1879759754-354466961-1000Core.job
2013-10-08 18:32 - 2013-10-08 18:31 - 01954124 _____ (Farbar) C:\Users\RichardS\Downloads\FRST64.exe
2013-10-08 18:16 - 2013-10-08 18:16 - 00657408 _____ C:\Users\RichardS\Downloads\MicrosoftFixit50475.msi
2013-10-08 18:16 - 2013-10-08 18:16 - 00655360 _____ C:\Users\RichardS\Downloads\MicrosoftFixit50471.msi
2013-10-08 17:58 - 2013-10-08 17:58 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-08 17:58 - 2013-10-08 17:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-08 17:50 - 2013-10-08 17:48 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\RichardS\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-10-08 17:44 - 2013-01-31 11:03 - 00000000 ____D C:\Users\RichardS\AppData\Local\Adobe
2013-10-08 17:41 - 2013-01-31 10:54 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-10-07 21:25 - 2013-08-13 18:16 - 00000000 ____D C:\Users\RichardS\AppData\Local\TNT2
2013-10-07 19:36 - 2012-12-15 07:20 - 00000000 ____D C:\Program Files\Starcraft
2013-10-07 19:36 - 2012-12-15 07:19 - 00000000 ____D C:\Program Files\Warcraft III
2013-10-07 18:02 - 2013-10-07 18:02 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Malwarebytes
2013-10-07 18:02 - 2013-10-07 18:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-07 18:01 - 2012-07-03 21:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-07 18:01 - 2012-07-03 21:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-07 18:01 - 2012-07-03 21:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-07 17:59 - 2013-09-29 07:29 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-10-07 17:57 - 2013-10-07 17:57 - 00017028 _____ C:\Users\RichardS\Downloads\AutoRunExterminator-1.8.zip
2013-10-07 04:26 - 2012-10-11 05:00 - 00000000 ___RD C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-06 23:09 - 2013-10-06 23:09 - 00000000 _____ C:\Windows\setuperr.log
2013-10-06 19:21 - 2013-10-06 18:08 - 589458084 _____ C:\Users\RichardS\Downloads\Insidious_Chapter_2_2013_CAM_X264-PLAYNOW.flv.mp4
2013-10-06 18:48 - 2013-10-06 18:48 - 00000000 ____D C:\Users\RichardS\Documents\New folder
2013-10-06 14:14 - 2013-07-03 15:21 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Mozilla
2013-10-05 17:01 - 2012-12-28 12:41 - 00000000 ____D C:\Users\RichardS\Documents\MOVIES
2013-10-05 16:04 - 2013-09-10 22:25 - 00000000 ____D C:\Users\RichardS\Documents\UE-English
2013-10-04 18:20 - 2013-10-04 18:20 - 00003126 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC
2013-10-04 18:20 - 2013-10-04 18:19 - 00000023 _____ C:\Windows\Model.txt
2013-10-04 18:05 - 2012-12-20 13:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-04 18:05 - 2012-07-03 22:18 - 00000000 ____D C:\ProgramData\Skype
2013-10-04 18:04 - 2013-10-04 18:04 - 00000000 ____D C:\ProgramData\Oracle
2013-10-04 05:59 - 2013-10-04 18:03 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-04 05:59 - 2013-10-04 18:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-04 05:59 - 2013-10-04 18:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-04 05:59 - 2013-10-04 18:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-04 05:59 - 2013-04-06 23:18 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-04 05:59 - 2013-01-19 12:33 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-10-04 05:59 - 2012-07-03 21:04 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-01 23:23 - 2012-12-20 15:53 - 00000000 ___RD C:\Users\SALVE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-01 23:23 - 2012-12-20 15:53 - 00000000 ___RD C:\Users\SALVE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-29 07:37 - 2013-09-29 07:37 - 00000000 ____D C:\Users\RichardS\Documents\VideoPad Projects
2013-09-29 07:29 - 2013-09-29 07:29 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\NCH Software
2013-09-29 07:29 - 2013-09-29 07:29 - 00000000 ____D C:\ProgramData\NCH Software
2013-09-17 21:47 - 2013-09-17 21:43 - 00001904 _____ C:\Users\RichardS\Desktop\Counter-Strike.lnk
2013-09-17 21:44 - 2013-09-17 21:44 - 00000000 ____D C:\SAVE
2013-09-17 21:43 - 2013-09-17 21:32 - 00001870 _____ C:\Users\SALVE\Desktop\Counter-Strike.lnk
2013-09-17 21:43 - 2013-09-17 21:32 - 00001159 _____ C:\Users\SALVE\Desktop\Counter-Strike Manual.lnk
2013-09-17 21:43 - 2012-12-15 07:26 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-17 21:41 - 2013-09-17 21:41 - 00001774 _____ C:\Users\SALVE\Desktop\Half-Life.lnk
2013-09-17 21:41 - 2013-09-17 21:41 - 00000103 _____ C:\Windows\sierra.ini
2013-09-17 21:41 - 2013-09-17 21:41 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sierra
2013-09-17 21:40 - 2013-09-17 21:40 - 00000000 ____D C:\Program Files\Sierra
2013-09-17 21:37 - 2013-09-17 21:37 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\PowerISO
2013-09-17 21:36 - 2013-09-17 21:36 - 00000000 ____D C:\Users\Public\Documents\Adobe
2013-09-17 21:36 - 2013-07-18 11:47 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-09-17 21:36 - 2012-07-03 21:55 - 00000000 ____D C:\ProgramData\Adobe
2013-09-17 21:33 - 2013-09-17 21:33 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\POD-Bot 2.5
2013-09-15 17:05 - 2012-10-11 05:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-15 13:27 - 2013-08-13 11:02 - 00000000 ____D C:\Users\RichardS\Documents\THESIS
2013-09-15 08:19 - 2013-08-27 10:54 - 00001456 _____ C:\Users\RichardS\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-09-15 08:19 - 2013-08-27 09:55 - 00000000 ____D C:\Users\RichardS\Documents\PROTOTYPE
2013-09-14 21:40 - 2013-09-10 22:40 - 00000000 ____D C:\Users\RichardS\Documents\UE-Physics
2013-09-14 21:40 - 2011-02-11 06:48 - 00000000 ____D C:\Windows\Panther
2013-09-14 20:06 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2013-09-14 09:08 - 2013-09-14 09:08 - 00002067 _____ C:\Users\Public\Desktop\Remote PC Server.lnk
2013-09-14 09:08 - 2013-09-14 09:08 - 00000000 ____D C:\Program Files (x86)\Remote PC Server 1.0.4
2013-09-13 18:49 - 2012-10-11 05:00 - 00000000 ___RD C:\Users\RichardS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-13 18:46 - 2009-07-14 12:45 - 05065624 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 18:38 - 2013-07-19 00:19 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 18:35 - 2012-12-29 12:56 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-13 17:01 - 2013-09-13 17:01 - 00002296 _____ C:\Users\SALVE\Desktop\AutoWarkey.lnk
2013-09-13 17:01 - 2013-09-13 17:01 - 00002218 _____ C:\Users\SALVE\Desktop\Warkeys.lnk
2013-09-13 17:01 - 2013-09-13 17:01 - 00000991 _____ C:\Users\SALVE\Desktop\Warkeys Help.lnk
2013-09-10 22:51 - 2013-09-10 22:26 - 00000000 ____D C:\Users\RichardS\Documents\UE-Opsys
2013-09-10 22:49 - 2013-09-10 22:49 - 00000000 ____D C:\Users\RichardS\Documents\UE-Hasop
2013-09-10 22:42 - 2013-03-19 12:27 - 00000000 ____D C:\Users\RichardS\Documents\UE-C sharp
2013-09-10 22:41 - 2013-09-10 22:38 - 00000000 ____D C:\Users\RichardS\Documents\UE-Dbms
2013-09-10 17:48 - 2013-09-10 17:48 - 00000000 ____D C:\ProgramData\Steam
2013-09-10 17:48 - 2013-04-02 02:30 - 00000000 ____D C:\Users\RichardS\Documents\CAPCOM
2013-09-10 17:23 - 2013-09-10 16:20 - 00000000 ____D C:\Program Files (x86)\Resident Evil 6
2013-09-09 22:32 - 2013-09-09 22:32 - 00000000 ____D C:\Users\RichardS\Documents\Red Alert 3 Uprising
2013-09-09 22:32 - 2013-09-09 18:56 - 00000000 ____D C:\Users\RichardS\AppData\Roaming\Red Alert 3 Uprising
2013-09-09 18:46 - 2013-08-19 18:17 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-09-09 18:16 - 2013-09-09 18:16 - 00003138 _____ C:\Windows\System32\Tasks\{3302051F-5549-42DC-9157-66B7AA4470F5}
 
Some content of TEMP:
====================
C:\Users\RichardS\AppData\Local\Temp\GLF18D3.EXE
C:\Users\RichardS\AppData\Local\Temp\GLF25A0.EXE
C:\Users\RichardS\AppData\Local\Temp\GLF7A82.EXE
C:\Users\RichardS\AppData\Local\Temp\GLF7E1B.EXE
C:\Users\SALVE\AppData\Local\Temp\{F2991848-A4D9-4744-8544-09D5BA4C312D}-26.0.1410.43_25.0.1364.172_chrome_updater.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== BCD ================================
 
Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {51a65159-c511-11e1-9dda-e781ee3c2983}
                        {51a6515a-c511-11e1-9dda-e781ee3c2983}
                        {51a6515b-c511-11e1-9dda-e781ee3c2983}
                        {bootmgr}
                        {45ce28c9-f8ea-11e1-a866-806e6f6e6963}
                        {45ce28c8-f8ea-11e1-a866-806e6f6e6963}
timeout                 0
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {e58fed3e-f8c8-11e1-b29f-806e6f6e6963}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Firmware Application (101fffff)
-------------------------------
identifier              {45ce28c8-f8ea-11e1-a866-806e6f6e6963}
description             CD/DVD Drive 
 
Firmware Application (101fffff)
-------------------------------
identifier              {45ce28c9-f8ea-11e1-a866-806e6f6e6963}
description             Hard Drive 
 
Firmware Application (101fffff)
-------------------------------
identifier              {51a65159-c511-11e1-9dda-e781ee3c2983}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
 
Firmware Application (101fffff)
-------------------------------
identifier              {51a6515a-c511-11e1-9dda-e781ee3c2983}
description             Windows Boot Manager
 
Firmware Application (101fffff)
-------------------------------
identifier              {51a6515b-c511-11e1-9dda-e781ee3c2983}
description             Windows Boot Manager
 
Windows Boot Loader
-------------------
identifier              {51a6515d-c511-11e1-9dda-e781ee3c2983}
device                  unknown
path                    \Windows\system32\winload.efi
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
osdevice                unknown
systemroot              \Windows
resumeobject            {51a6515c-c511-11e1-9dda-e781ee3c2983}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.efi
description             Windows 7 Home Premium (recovered) 
locale                  en-US
osdevice                partition=C:
systemroot              \Windows
resumeobject            {e58fed3e-f8c8-11e1-b29f-806e6f6e6963}
 
Resume from Hibernate
---------------------
identifier              {51a6515c-c511-11e1-9dda-e781ee3c2983}
device                  unknown
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              unknown
filepath                \hiberfil.sys
debugoptionenabled      No
 
Resume from Hibernate
---------------------
identifier              {e58fed3e-f8c8-11e1-b29f-806e6f6e6963}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows 7 Home Premium (recovered) 
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
 
 
LastRegBack: 2013-09-24 19:18
 
==================== End Of Log ============================
 
 
LastRegBack: 2013-09-24 19:18
 
==================== End Of Log ============================


#4 bulex

bulex
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 09 October 2013 - 05:43 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by RichardS at 2013-10-09 18:06:39
Running from C:\Users\RichardS\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
µTorrent (HKCU Version: 3.3.1.30017)
ACID Music Studio 8.0 (x32 Version: 8.0.178)
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.7)
Adobe AIR (x32 Version: 3.8.0.1430)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)
Android SDK Tools (x32 Version: 1.16)
ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.1.161)
ArcSoft WebCam Companion 4 (x32 Version: 4.0.21.457)
Arduino (x32 Version: 1.0.5)
avast! Free Antivirus (x32 Version: 8.0.1497.0)
AviSynth 2.5 (x32)
Bing Bar (x32 Version: 7.2.241.0)
CCleaner (Version: 4.06)
Chikka Messenger (HKCU)
Command & Conquer Generals (x32 Version: 0.50.0000)
Command & Conquer™ Red Alert™ 3 (x32 Version: 1.0.1.0)
Command & Conquer™ Red Alert™ 3 Uprising (x32 Version: 1.0.1.0)
Content Transfer (x32 Version: 1.3.0.23190)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240)
CyberLink PowerDVD (x32 Version: 9.0.5009.52)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dolby Home Theater v4 (x32 Version: 7.2.7000.6)
Dotfuscator Software Services - Community Edition (x32 Version: 5.0.2300.0)
DVD Architect Studio 5.0 (x32 Version: 5.0.157)
Evernote v. 4.5.2 (x32 Version: 4.5.2.5904)
EZ-Builder (x32 Version: 13.07.29)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
FDUx86 (x32 Version: 1.0.0)
Foxit Reader (x32 Version: 6.0.6.722)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Garena - Heroes of Newerth (x32 Version: 2011)
Garena Plus (x32 Version: 2011)
GDR 1617 for SQL Server 2008 R2 (KB2494088) (64-bit) (Version: 10.50.1617.0)
GlassFish Server Open Source Edition 3.1.2.2 (x32)
Google Chrome (x32 Version: 30.0.1599.69)
Google Talk Plugin (x32 Version: 4.7.0.15362)
Google Update Helper (x32 Version: 1.3.21.153)
Half-Life (x32)
Intel PROSet Wireless
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 8.0.2.1410)
Intel® OpenCL CPU Runtime (x32)
Intel® Processor Graphics (x32 Version: 8.15.10.2618)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.0.0.0083)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.0.0.0086)
Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214)
Intel® WiDi (x32 Version: 3.0.13.0)
Intel® Wireless Display
Intel® PROSet/Wireless WiFi Software (Version: 15.00.0000.0708)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
Internet Download Manager (x32)
Java 7 Update 40 (x32 Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.8)
Java SE Development Kit 7 Update 17 (x32 Version: 1.7.0.170)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
KUx86 (x32 Version: 1.0.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Media Gallery (Version: 2.1.0.13300)
Media Go (x32 Version: 2.0.317)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (x32 Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (x32 Version: 2.0.50217.0)
Microsoft Games for Windows - LIVE  (x32 Version: 2.0.687.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 2.0.687.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office 2003 Web Components (x32 Version: 12.0.6213.1000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Report Viewer Redistributable 2008 (KB971119) (x32 Version: 9.0.30731)
Microsoft Report Viewer Redistributable 2008 SP1 (x32)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Silverlight 3 SDK (x32 Version: 3.0.40818.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2008 R2 (64-bit)
Microsoft SQL Server 2008 R2 Books Online (x32 Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Native Client (Version: 10.50.1617.0)
Microsoft SQL Server 2008 R2 Policies (x32 Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.50.1617.0)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2731.0)
Microsoft SQL Server Browser (x32 Version: 10.50.1600.1)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (x32 Version: 10.1.2512.8)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1600.1)
Microsoft SQL Server VSS Writer (Version: 10.50.1600.1)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 (x32 Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (x32 Version: 9.0.30729)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Performance Collection Tools - ENU (Version: 10.0.30319)
Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Ultimate - ENU (x32 Version: 10.0.30319)
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (x32 Version: 9.0.35191)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT Redists (x32 Version: 1.0)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
NetBeans IDE 7.2.1 (Version: 7.2.1)
NetBeans IDE 7.3 (x32 Version: 7.3)
Notepad++ (x32 Version: 6.3)
PDF Settings CS6 (x32 Version: 11.0)
PlayMemories Home (x32 Version: 6.1.01.14210)
PlayStation®Network Downloader (x32 Version: 2.07.00849)
PlayStation®Store (x32 Version: 4.5.15.13232)
POD-Bot 2.5 (x32)
PowerISO (x32 Version: 5.5)
PSP Video 9 6 (x32 Version: 6)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6573)
Remote Keyboard (x32 Version: 1.2.0.09270)
Remote PC Server (x32 Version: 1.0.4)
Remote Play with PlayStation®3 (x32 Version: 1.1.0.21090)
RESIDENT EVIL 5 (x32 Version: 1.0.0.129)
Resident Evil 6 (x32 Version: 1.0.0.0)
Skype Click to Call (x32 Version: 6.12.13601)
Skype™ 6.6 (x32 Version: 6.6.106)
SMART BRO (x32 Version: 1.0.0.0)
Sound Forge Audio Studio 10.0 (x32 Version: 10.0.176)
SQL Server 2008 R2 Analysis Services (Version: 10.50.1600.1)
SQL Server 2008 R2 BI Development Studio (Version: 10.50.1600.1)
SQL Server 2008 R2 Client Tools (Version: 10.50.1600.1)
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1)
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1)
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1)
SQL Server 2008 R2 Full text search (Version: 10.50.1600.1)
SQL Server 2008 R2 Integration Services (Version: 10.50.1600.1)
SQL Server 2008 R2 Management Studio (Version: 10.50.1600.1)
SQL Server 2008 R2 Reporting Services (Version: 10.50.1600.1)
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1)
SSLx64 (Version: 1.0.0)
SSLx86 (x32 Version: 1.0.0)
Sun Broadband Wireless (x32 Version: 11.002.03.08.256)
Synaptics Pointing Device Driver (Version: 15.3.44.1)
TrackID™ with BRAVIA (x32 Version: 1.2.0.09270)
TriDef 3D (Sony) 2.0.5 (x32 Version: 2.0.5)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
UsbFix By El Desaparecido (x32)
V3DPx86 (x32 Version: 1.0.0)
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (Version: 1.0.00.01300)
VAIO - PlayMemories Home Plug-in (Version: 2.0.00.14200)
VAIO - Remote Keyboard (x32 Version: 1.2.0.09270)
VAIO - Remote Keyboard with PlayStation®3 (x32 Version: 1.2.0.09210)
VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.21090)
VAIO - TrackID™ with BRAVIA (x32 Version: 1.2.0.09270)
VAIO 3D Portal (x32 Version: 1.2.0.10131)
VAIO Care (Version: 7.3.0.14170)
VAIO Control Center (x32 Version: 5.2.0.14230)
VAIO CPU Fan Diagnostic (x32 Version: 1.1.0.09200)
VAIO Data Restore Tool (x32 Version: 1.9.0.13190)
VAIO Easy Connect (x32 Version: 1.1.2.01120)
VAIO Gate (x32 Version: 2.4.1.09230)
VAIO Gate Default (x32 Version: 2.5.2.02090)
VAIO Gesture Control (x32 Version: 1.0.0.12300)
VAIO Help and Support (x32 Version: 17.00.0109)
VAIO Improvement (x32 Version: 1.3.0.12280)
VAIO Manual (x32 Version: 2.3.0.12300)
VAIO OOBE (x32 Version: 12.2.1.2483)
VAIO Sample Contents (x32 Version: 1.4.0.09010)
VAIO Satisfaction Survey. (x32 Version: 3.0)
VAIO Smart Network (x32 Version: 3.11.0.13150)
VAIO Transfer Support (x32 Version: 1.7.1.06040)
VAIO Update (x32 Version: 5.7.0.13130)
VAIO Update Merge Module x64 (Version: 5.7.13130)
VCCx64 (Version: 1.0.0)
VCCx86 (x32 Version: 1.0.0)
Vegas Movie Studio HD Platinum 11.0 (x32 Version: 11.0.256)
VHD (x32 Version: 1.0.0)
Visual Studio 2010 Prerequisites - English (Version: 10.0.30319)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (x32 Version: 4.0.8080.0)
VIx64 (Version: 1.0.0)
VIx86 (x32 Version: 1.0.0)
VLC media player 2.1.0 (x32 Version: 2.1.0)
VMLx86 (x32 Version: 1.0.0)
VPMx64 (Version: 1.0.0)
VSNx64 (Version: 1.0.0)
VSNx86 (x32 Version: 1.0.0)
VSSTx64 (Version: 1.0.0)
VSSTx86 (x32 Version: 1.0.0)
VU5x64 (Version: 1.0.0)
VU5x86 (x32 Version: 1.0.0)
VWSTx86 (x32 Version: 1.0.0)
Web Deployment Tool (Version: 1.1.0618)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR archiver (x32)
XAMPP 1.8.1 (x32)
Yahoo! Messenger (x32)
 
==================== Restore Points  =========================
 
08-10-2013 09:45:12 Windows Update
09-10-2013 09:30:23 Installed Microsoft Fix it 50471
 
==================== Hosts content: ==========================
 
2009-07-14 10:34 - 2013-07-18 13:15 - 00001028 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0FC1C17F-D39C-4D68-81B1-BCC555AB09ED} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-02-01] (Sony Corporation)
Task: {12BDE9B7-D4BB-46DF-BBFE-C1EBD97836EA} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-02-01] (Sony Corporation)
Task: {15156C4F-3F6B-4135-985D-435E86B94FD6} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-28] (Sony Corporation)
Task: {1D65AE7D-5A62-423D-B2C4-ABB755AF9497} - System32\Tasks\Sony Corporation\VAIO Care\AutoCheckMessage => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-02-01] (Sony Corporation)
Task: {1E9DDFF1-6414-41F2-A28E-716A15578980} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-02-01] (Sony Corporation)
Task: {23A5CE10-8CC2-47D2-8533-636FF3C7B7ED} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2618486259-1879759754-354466961-1000Core => C:\Users\RichardS\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-20] (Google Inc.)
Task: {25F391C4-D106-41A4-A608-7168FFFA4828} - System32\Tasks\AdobeAAMUpdater-1.0-GEL-RichardS => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {53C4B042-5E7D-4FA5-9585-73F4DA2BEDDC} - System32\Tasks\{B354326E-0E50-4625-BC06-0C4037D65C49} => C:\Users\RichardS\Desktop\Dolphin1\Dolphin.exe
Task: {5D03CE47-E281-44DC-9091-A8EA5C15F2FB} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-11] (Sony Corporation)
Task: {61470A9A-EED0-42FC-AE36-2B73A71FB0D6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {679CC90C-E6EC-44DF-B18B-E75A5D1DBC1B} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-28] (Sony Corporation)
Task: {6F34846D-80F1-464A-82C6-7BDC025D5613} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-09-24] (Sony Corporation)
Task: {73BB54DB-94BA-48D3-AB1D-5C46FBA3F744} - System32\Tasks\gg_uac_daemon_RichardS => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2013-07-10] ()
Task: {8F14C232-98B7-4CC3-A5F3-ACA4163C38F9} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-12-28] (Sony Corporation)
Task: {8FDB796A-0DF4-4415-8EFC-8B5C652DD37F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-12] (Google Inc.)
Task: {AD4A0411-2771-4B7C-84ED-DA405C7E1A8E} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-09-24] (Sony Corporation)
Task: {AF825C40-AA1E-4CA9-8E0B-5DD212E7B57F} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Windows\System32\net
Task: {AFF0AF79-B66E-44EC-B253-FA55DD0D9AA7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {B3A0254A-B9F9-48A3-96BA-6C05DDD3B782} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-02-01] (Sony Corporation)
Task: {B80AB257-C4BF-45D7-810B-44DDDAFD7487} - System32\Tasks\Sony Corporation\VAIO Care\VAU => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-02-01] (Sony Corporation)
Task: {C1097A7E-9096-4B2F-8578-94440F9C97D2} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-02-01] (Sony Corporation)
Task: {C416000C-5B04-4C68-AC51-74FFB11E91B6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2618486259-1879759754-354466961-1000Core => C:\Users\RichardS\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-07] (Facebook Inc.)
Task: {C7A30E62-59FF-4984-98B4-637768789C52} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-11] (Sony Corporation)
Task: {C7F1C168-9894-4353-A984-51086879F4AF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-07] (Adobe Systems Incorporated)
Task: {CB5B9E00-EA7B-49FD-87BB-6A3CA3519659} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-11] (Sony Corporation)
Task: {D08C1549-738C-4F23-AD1F-EC3BE3AB27B8} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-02-24] (Sony Corporation)
Task: {D155956A-40CA-40CC-8541-E0A49C502728} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-02-24] (Sony Corporation)
Task: {E593D03F-4FF8-4056-BA42-61A1AFD73985} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-28] (Sony Corporation)
Task: {E8F679ED-47CF-47C0-9567-728BEEC7E154} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-20] (Piriform Ltd)
Task: {EC09AE3C-2D9E-43D9-931B-2D2400729297} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2618486259-1879759754-354466961-1000UA => C:\Users\RichardS\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-07] (Facebook Inc.)
Task: {F1F5CA57-1660-43EF-A90B-3F84BE63DEC5} - System32\Tasks\USER_ESRV_SVC => C:\Program Files\Sony\VAIO Care\esrv\task.vbs [2013-10-04] ()
Task: {F3890957-DF9A-457E-9714-A38778C46F69} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
Task: {FCFF29C1-E720-4FC3-86C6-79FD6809F602} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2618486259-1879759754-354466961-1000UA => C:\Users\RichardS\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-20] (Google Inc.)
Task: {FEB40A54-77D1-4361-8AFB-2D1B8D9A3930} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-12] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2618486259-1879759754-354466961-1000Core.job => C:\Users\RichardS\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2618486259-1879759754-354466961-1000UA.job => C:\Users\RichardS\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2618486259-1879759754-354466961-1000Core.job => C:\Users\RichardS\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2618486259-1879759754-354466961-1000UA.job => C:\Users\RichardS\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-03-17 12:07 - 2011-03-17 12:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-06-18 23:24 - 2012-06-18 23:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2012-02-22 10:39 - 2012-02-22 00:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-23 07:30 - 2013-02-23 04:02 - 00528296 _____ () C:\Program Files\Sony\VAIO Care\esrv\intel_modeler.dll
2013-02-23 07:30 - 2013-02-23 04:02 - 00148904 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_foreground_window_input.dll
2011-12-01 06:49 - 2011-12-01 06:49 - 00276992 _____ () C:\Program Files\Sony\VAIO Care\READ\RecoveryPartitionManagerREAD.dll
2013-10-09 17:27 - 2013-10-08 19:07 - 02105344 _____ () C:\Program Files\AVAST Software\Avast\defs\13100800\algo.dll
2012-11-08 19:28 - 2013-08-23 17:10 - 00553776 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2012-07-03 21:46 - 2012-02-24 05:35 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2011-03-17 12:11 - 2011-03-17 12:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-01-01 00:31 - 2013-10-03 14:02 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
2011-01-01 00:31 - 2013-10-03 14:02 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libegl.dll
2011-01-01 00:31 - 2013-10-03 14:03 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
2011-01-01 00:31 - 2013-10-03 14:03 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
2011-01-01 00:31 - 2013-10-03 14:02 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
2011-01-01 00:31 - 2013-10-03 14:03 - 13611984 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
2013-08-26 17:04 - 2013-08-26 17:04 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\fb5c42d5dec0349cb8710146b189cd6b\IsdiInterop.ni.dll
2012-07-03 20:38 - 2011-11-30 08:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-07-03 20:48 - 2012-02-23 10:12 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/09/2013 05:46:53 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.
 
Error: (10/09/2013 05:46:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/09/2013 05:41:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/09/2013 05:33:24 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.
 
Error: (10/09/2013 05:33:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/09/2013 04:09:06 PM) (Source: Google Update) (User: GEL)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (10/09/2013 04:05:43 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.
 
Error: (10/09/2013 04:05:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/09/2013 06:55:21 AM) (Source: Report Server Windows Service (MSSQLSERVER)) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.
 
Error: (10/09/2013 06:55:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (10/09/2013 05:54:25 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (10/09/2013 05:49:43 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (10/09/2013 05:49:42 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (10/09/2013 05:49:41 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (10/09/2013 05:49:41 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (10/09/2013 05:43:18 PM) (Source: DCOM) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}
 
Error: (10/09/2013 05:41:24 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (10/09/2013 05:41:15 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (10/09/2013 05:41:09 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (10/09/2013 05:41:09 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (10/09/2013 05:46:53 PM) (Source: Report Server Windows Service (MSSQLSERVER))(User: )
Description: Report Server Windows Service (MSSQLSERVER)
 
Error: (10/09/2013 05:46:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/09/2013 05:41:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/09/2013 05:33:24 PM) (Source: Report Server Windows Service (MSSQLSERVER))(User: )
Description: Report Server Windows Service (MSSQLSERVER)
 
Error: (10/09/2013 05:33:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/09/2013 04:09:06 PM) (Source: Google Update)(User: GEL)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (10/09/2013 04:05:43 PM) (Source: Report Server Windows Service (MSSQLSERVER))(User: )
Description: Report Server Windows Service (MSSQLSERVER)
 
Error: (10/09/2013 04:05:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/09/2013 06:55:21 AM) (Source: Report Server Windows Service (MSSQLSERVER))(User: )
Description: Report Server Windows Service (MSSQLSERVER)
 
Error: (10/09/2013 06:55:19 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


#5 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:01:09 AM

Posted 12 October 2013 - 11:32 PM

bulex,

 

:welcome: to the BC forums!

Would appreciate your providing a link as to what instructions were used, to see what you did, and provide the logs posted.

 

Apparently UBBFix Research option was run, but a great portion of the report is missing!

>> Need to post the entire report, please.

 

>> Also need to know if you stopped the Autorun feature by downloading and running the following:
Microsoft Fix It 50471:
http://support.microsoft.com/kb/967715

>> And last, also need to know if you went to Control Panel, selected Folder Options.
Clicked on the View tab in the Folder Options window.
In the Advanced settings: area, located the Hidden files and folders category.

Checked: Show hidden files, folders, and drives
Unchecked: Hide protected operating system files (Recommended)
Clicked Apply and OK at the bottom of the Folder Options window.

Thanks!

 

 

 

 


Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users