Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-07-2016 02 Ran by breda (administrator) on BREDA-5S48NJN9B (15-07-2016 01:20:37) Running from C:\Documents and Settings\breda\My Documents\Downloads Loaded Profiles: breda (Available Profiles: breda & Administrator) Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Farbar) C:\Documents and Settings\breda\My Documents\Downloads\FRST(1).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKU\S-1-5-21-1614895754-1390067357-839522115-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6775512 2016-06-10] (Piriform Ltd) HKU\S-1-5-21-1614895754-1390067357-839522115-1004\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{BB03C876-98CB-45E9-B8F2-E1789924D2ED}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1614895754-1390067357-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=OIE8HP&PC=UP62 HKU\S-1-5-21-1614895754-1390067357-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1614895754-1390067357-839522115-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE8HP&PC=UP62 BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-09-04] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-09-04] (Oracle Corporation) Toolbar: HKU\S-1-5-21-1614895754-1390067357-839522115-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/nirvana/controls/pcmatic.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1354299807468 DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} hxxp://www.pcpitstop.com/beta/av/PitPav.cab Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2004-07-09] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Documents and Settings\breda\Application Data\Mozilla\Firefox\Profiles\1ova0mot.default-1454694043093 FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] () FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-09-04] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-09-04] (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin HKU\S-1-5-21-1614895754-1390067357-839522115-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\breda\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-07] (Unity Technologies ApS) FF user.js: detected! => C:\Documents and Settings\breda\Application Data\Mozilla\Firefox\Profiles\1ova0mot.default-1454694043093\user.js [2016-02-15] FF Extension: uBlock Origin - C:\Documents and Settings\breda\Application Data\Mozilla\Firefox\Profiles\1ova0mot.default-1454694043093\Extensions\uBlock0@raymondhill.net.xpi [2016-06-24] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-12-03] [not signed] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\breda\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll () CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\breda\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.) CHR Profile: C:\Documents and Settings\breda\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Documents and Settings\breda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-30] CHR Extension: (Google Docs) - C:\Documents and Settings\breda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-30] CHR Extension: (Google Drive) - C:\Documents and Settings\breda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-30] CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Documents and Settings\breda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2015-12-30] CHR Extension: (YouTube) - C:\Documents and Settings\breda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-30] CHR Extension: (Google Search) - C:\Documents and Settings\breda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-30] CHR Extension: (Google Sheets) - C:\Documents and Settings\breda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-30] CHR Extension: (Google Docs Offline) - C:\Documents and Settings\breda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-26] CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\breda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-26] CHR Extension: (Gmail) - C:\Documents and Settings\breda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-30] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppMgmt; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2015-09-04] (Oracle Corporation) S3 npggsvc; C:\WINDOWS\system32\GameMon.des [5085688 2013-07-22] (INCA Internet Co., Ltd.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ALCXWDM; C:\WINDOWS\System32\drivers\RTKVAC.SYS [4172832 2009-06-19] (Realtek Semiconductor Corp.) R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed] R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-01-09] (REALiX(tm)) R3 JAC97; C:\WINDOWS\System32\drivers\JAC97.sys [44032 2011-02-02] (Kontron) [File not signed] S3 klflt; C:\WINDOWS\System32\DRIVERS\klflt.sys [150408 2015-12-06] (AO Kaspersky Lab) R1 klhk; C:\WINDOWS\System32\DRIVERS\klhk.sys [44216 2015-12-06] (AO Kaspersky Lab) R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation) R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2001-08-18] (Microsoft Corporation) R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-18] (Microsoft Corporation) R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software) S3 BLKWGU(Belkin); System32\DRIVERS\BLKWGU.sys [X] S4 hpt3xx; no ImagePath S1 KLIF; system32\DRIVERS\klif.sys [X] S0 MpFilter; system32\DRIVERS\MpFilter.sys [X] U4 RemoteRegistry; no ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) S3 senfilt; system32\drivers\senfilt.sys [X] S3 smwdm; system32\drivers\smwdm.sys [X] S3 XDva415; \??\C:\WINDOWS\system32\XDva415.sys [X] S3 XDva423; \??\C:\WINDOWS\system32\XDva423.sys [X] S3 XDva424; \??\C:\WINDOWS\system32\XDva424.sys [X] S3 XDva425; \??\C:\WINDOWS\system32\XDva425.sys [X] S3 XDva511; \??\C:\WINDOWS\system32\XDva511.sys [X] S3 XDva513; \??\C:\WINDOWS\system32\XDva513.sys [X] R3 XDva534; \??\C:\WINDOWS\system32\XDva534.sys [X] S3 ZDPSp50; System32\Drivers\ZDPSp50.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-14 14:13 - 2016-07-14 14:13 - 00000653 _____ C:\Documents and Settings\breda\Desktop\FRST(1).exe.lnk 2016-07-14 03:48 - 2016-07-14 03:41 - 00000648 _____ C:\Documents and Settings\breda\My Documents\Search.txt.lnk 2016-07-14 03:35 - 2016-07-15 01:20 - 00000000 ____D C:\FRST 2016-07-14 03:27 - 2016-07-14 03:27 - 00000675 _____ C:\Documents and Settings\breda\Desktop\MiniToolBox.exe.lnk 2016-07-12 05:38 - 2016-07-12 06:00 - 00000000 ____D C:\Documents and Settings\breda\Application Data\IObit 2016-07-11 06:29 - 2016-07-11 06:29 - 00007500 _____ C:\Documents and Settings\breda\My Documents\cc_20160711_062921.reg 2016-07-11 06:25 - 2016-07-11 06:25 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk 2016-07-11 06:25 - 2016-07-11 06:25 - 00000000 ____D C:\Program Files\CCleaner 2016-07-11 06:25 - 2016-07-11 06:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner 2016-07-10 05:08 - 2012-06-05 08:37 - 00256904 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys 2016-07-07 21:59 - 2001-08-17 22:36 - 00081408 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\brmfcwia.dll 2016-07-07 21:59 - 2001-08-17 22:36 - 00041472 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brmfusb.dll 2016-07-07 21:59 - 2001-08-17 22:36 - 00032256 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brmfrsmg.exe 2016-07-07 21:59 - 2001-08-17 22:36 - 00029696 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brmflpt.dll 2016-07-07 21:59 - 2001-08-17 22:36 - 00019456 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brbidiif.dll 2016-07-07 21:59 - 2001-08-17 22:36 - 00015360 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brmfbidi.dll 2016-07-07 21:59 - 2001-08-17 22:36 - 00012800 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brevif.dll 2016-07-07 21:59 - 2001-08-17 22:36 - 00009728 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brcoinst.dll 2016-07-07 21:59 - 2001-08-17 13:12 - 00012160 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brfiltlo.sys 2016-07-07 21:59 - 2001-08-17 13:12 - 00003968 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brfiltup.sys 2016-07-07 21:59 - 2001-08-17 13:12 - 00002944 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brfilt.sys 2016-07-07 21:58 - 2008-04-14 00:16 - 00038912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avc.sys 2016-07-07 21:58 - 2008-04-14 00:16 - 00013696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avcstrm.sys 2016-07-07 21:58 - 2008-04-14 00:06 - 00014208 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\battc.sys 2016-07-07 21:58 - 2008-04-13 22:05 - 00036224 ____C (ADMtek Incorporated.) C:\WINDOWS\system32\dllcache\an983.sys 2016-07-07 21:58 - 2001-08-17 22:37 - 00024576 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\agcgauge.ax 2016-07-07 21:58 - 2001-08-17 22:36 - 00144384 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\avmenum.dll 2016-07-07 21:58 - 2001-08-17 22:36 - 00102400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\binlsvc.dll 2016-07-07 21:58 - 2001-08-17 22:36 - 00087552 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\avmcoxp.dll 2016-07-07 21:58 - 2001-08-17 22:36 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\atievxx.exe 2016-07-07 21:58 - 2001-08-17 14:56 - 00342336 ____C (3Dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\banshee.dll 2016-07-07 21:58 - 2001-08-17 14:56 - 00268160 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidvai.dll 2016-07-07 21:58 - 2001-08-17 14:56 - 00137216 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidrae.dll 2016-07-07 21:58 - 2001-08-17 14:56 - 00104832 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atiraged.dll 2016-07-07 21:58 - 2001-08-17 14:55 - 00382592 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidrab.dll 2016-07-07 21:58 - 2001-08-17 14:55 - 00096128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ati.dll 2016-07-07 21:58 - 2001-08-17 14:07 - 00056960 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aic78xx.sys 2016-07-07 21:58 - 2001-08-17 14:07 - 00055168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aic78u2.sys 2016-07-07 21:58 - 2001-08-17 14:01 - 00036096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avcaudio.sys 2016-07-07 21:58 - 2001-08-17 13:57 - 00077568 ____C (ATI Technologies, Inc.) C:\WINDOWS\system32\dllcache\ati.sys 2016-07-07 21:58 - 2001-08-17 13:52 - 00026496 ____C (Advanced System Products, Inc.) C:\WINDOWS\system32\dllcache\asc.sys 2016-07-07 21:58 - 2001-08-17 13:52 - 00022400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\asc3350p.sys 2016-07-07 21:58 - 2001-08-17 13:52 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aha154x.sys 2016-07-07 21:58 - 2001-08-17 13:52 - 00012032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\amsint.sys 2016-07-07 21:58 - 2001-08-17 13:51 - 00014848 ____C (Advanced System Products, Inc.) C:\WINDOWS\system32\dllcache\asc3550.sys 2016-07-07 21:58 - 2001-08-17 13:51 - 00005248 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\aliide.sys 2016-07-07 21:58 - 2001-08-17 13:49 - 00026624 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\alifir.sys 2016-07-07 21:58 - 2001-08-17 13:47 - 00006272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\apmbatt.sys 2016-07-07 21:58 - 2001-08-17 13:28 - 00871388 ____C (BCM) C:\WINDOWS\system32\dllcache\bcmdm.sys 2016-07-07 21:58 - 2001-08-17 12:49 - 00075136 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimpae.sys 2016-07-07 21:58 - 2001-08-17 12:49 - 00049920 ____C C:\WINDOWS\system32\dllcache\atirtcap.sys 2016-07-07 21:58 - 2001-08-17 12:49 - 00046464 ____C C:\WINDOWS\system32\dllcache\atibt829.sys 2016-07-07 21:58 - 2001-08-17 12:49 - 00026880 ____C C:\WINDOWS\system32\dllcache\atirtsnd.sys 2016-07-07 21:58 - 2001-08-17 12:49 - 00026624 ____C C:\WINDOWS\system32\dllcache\ativxbar.sys 2016-07-07 21:58 - 2001-08-17 12:49 - 00023552 ____C C:\WINDOWS\system32\dllcache\atixbar.sys 2016-07-07 21:58 - 2001-08-17 12:49 - 00019456 ____C C:\WINDOWS\system32\dllcache\ativttxx.sys 2016-07-07 21:58 - 2001-08-17 12:49 - 00017152 ____C C:\WINDOWS\system32\dllcache\atitvsnd.sys 2016-07-07 21:58 - 2001-08-17 12:49 - 00017152 ____C C:\WINDOWS\system32\dllcache\atitunep.sys 2016-07-07 21:58 - 2001-08-17 12:49 - 00010240 ____C C:\WINDOWS\system32\dllcache\atipcxxx.sys 2016-07-07 21:58 - 2001-08-17 12:49 - 00009472 ____C C:\WINDOWS\system32\dllcache\ativmdcd.sys 2016-07-07 21:58 - 2001-08-17 12:48 - 00289664 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimpab.sys 2016-07-07 21:58 - 2001-08-17 12:48 - 00281600 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimtai.sys 2016-07-07 21:58 - 2001-08-17 12:48 - 00070528 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atiragem.sys 2016-07-07 21:58 - 2001-08-17 12:48 - 00036128 ____C (3Dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\banshee.sys 2016-07-07 21:58 - 2001-08-17 12:19 - 00036992 ____C (Aztech Systems Ltd) C:\WINDOWS\system32\dllcache\aztw2320.sys 2016-07-07 21:58 - 2001-08-17 12:13 - 00089952 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\b1cbase.sys 2016-07-07 21:58 - 2001-08-17 12:13 - 00037568 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\avmwan.sys 2016-07-07 21:58 - 2001-08-17 12:12 - 00097354 ____C (Bay Networks, Inc.) C:\WINDOWS\system32\dllcache\aspndis3.sys 2016-07-07 21:58 - 2001-08-17 12:11 - 00066557 ____C (Broadcom Corporation) C:\WINDOWS\system32\dllcache\bcm42u.sys 2016-07-07 21:58 - 2001-08-17 12:11 - 00054271 ____C (Broadcom Corporation) C:\WINDOWS\system32\dllcache\bcm42xx5.sys 2016-07-07 21:58 - 2001-08-17 12:11 - 00027678 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\ali5261.sys 2016-07-07 21:58 - 2001-08-17 12:11 - 00026568 ____C (Broadcom Corporation) C:\WINDOWS\system32\dllcache\bcm4e5.sys 2016-07-07 21:58 - 2001-08-17 12:11 - 00016969 ____C (AmbiCom, Inc.) C:\WINDOWS\system32\dllcache\amb8002.sys 2016-07-07 21:57 - 2008-04-14 00:16 - 00053376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\1394bus.sys 2016-07-07 21:57 - 2008-04-14 00:16 - 00048128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\61883.sys 2016-07-07 21:57 - 2008-04-14 00:10 - 00012288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\4mmdat.sys 2016-07-07 21:57 - 2008-04-13 22:06 - 00231552 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\ac97ali.sys 2016-07-07 21:57 - 2008-04-13 22:06 - 00084480 ____C (VIA Technologies, Inc.) C:\WINDOWS\system32\dllcache\ac97via.sys 2016-07-07 21:57 - 2008-04-13 22:06 - 00010880 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\admjoy.sys 2016-07-07 21:57 - 2001-08-17 22:36 - 00462848 ____C (Aureal Inc.) C:\WINDOWS\system32\dllcache\a3dapi.dll 2016-07-07 21:57 - 2001-08-17 22:36 - 00098304 ____C (Aureal Semiconductor) C:\WINDOWS\system32\dllcache\a3d.dll 2016-07-07 21:57 - 2001-08-17 22:36 - 00061440 ____C (Color Flatbed Scanner) C:\WINDOWS\system32\dllcache\acerscad.dll 2016-07-07 21:57 - 2001-08-17 14:56 - 00066048 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\s3legacy.dll 2016-07-07 21:57 - 2001-08-17 14:55 - 00689216 ____C (3dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\3dfxvs.dll 2016-07-07 21:57 - 2001-08-17 14:55 - 00038400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\8514a.dll 2016-07-07 21:57 - 2001-08-17 14:07 - 00101888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\adpu160m.sys 2016-07-07 21:57 - 2001-08-17 14:06 - 00011264 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\1394vdbg.sys 2016-07-07 21:57 - 2001-08-17 13:53 - 00007424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\adicvls.sys 2016-07-07 21:57 - 2001-08-17 13:52 - 00023552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\abp480n5.sys 2016-07-07 21:57 - 2001-08-17 13:28 - 00762780 ____C (3Com, Inc.) C:\WINDOWS\system32\dllcache\3cwmcru.sys 2016-07-07 21:57 - 2001-08-17 12:48 - 00148352 ____C (3dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\3dfxvsm.sys 2016-07-07 21:57 - 2001-08-17 12:20 - 00297728 ____C (Silicon Integrated Systems Corp.) C:\WINDOWS\system32\dllcache\ac97sis.sys 2016-07-07 21:57 - 2001-08-17 12:20 - 00096256 ____C (Intel Corporation) C:\WINDOWS\system32\dllcache\ac97intc.sys 2016-07-07 21:57 - 2001-08-17 12:19 - 00747392 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8830.sys 2016-07-07 21:57 - 2001-08-17 12:19 - 00584448 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8810.sys 2016-07-07 21:57 - 2001-08-17 12:19 - 00553984 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8820.sys 2016-07-07 21:57 - 2001-08-17 12:11 - 00046112 ____C (Adaptec, Inc ) C:\WINDOWS\system32\dllcache\adptsf50.sys 2016-07-07 21:57 - 2001-08-17 12:11 - 00020160 ____C (ADMtek Incorporated) C:\WINDOWS\system32\dllcache\adm8511.sys 2016-07-07 04:15 - 2016-07-07 04:15 - 00000000 ____D C:\Documents and Settings\breda\Application Data\KSafe 2016-07-07 04:15 - 2016-07-07 04:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\KSafe 2016-07-01 18:58 - 2016-07-14 21:02 - 00032518 _____ C:\WINDOWS\SchedLgU.Txt 2016-06-26 21:57 - 2016-06-26 21:57 - 00000000 ____D C:\KVRT_Data 2016-06-26 21:42 - 2015-12-06 01:12 - 00150408 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys 2016-06-26 21:42 - 2015-12-06 01:12 - 00044216 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys 2016-06-26 21:41 - 2016-06-26 21:41 - 00000000 ____D C:\Documents and Settings\All Users\Kaspersky Lab Setup Files 2016-06-26 21:30 - 2016-06-26 21:30 - 00001090 _____ C:\Documents and Settings\breda\Desktop\Shortcut to BlueScreenView.exe (2).lnk 2016-06-24 12:04 - 2016-06-24 12:04 - 00000000 ____D C:\Program Files\Analog Devices 2016-06-24 12:04 - 2004-09-23 07:55 - 00311296 _____ (Analog Devices Incorporated) C:\WINDOWS\system32\Edcrypt.dll 2016-06-22 17:40 - 2016-06-22 23:13 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-06-22 04:10 - 2016-06-22 04:10 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2016-06-22 04:10 - 2016-06-22 04:10 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2016-06-22 03:54 - 2016-06-22 03:54 - 00000000 ____D C:\Documents and Settings\breda\Start Menu\Programs\SpeedFan 2016-06-22 03:38 - 2016-06-22 03:54 - 00000000 ____D C:\Program Files\Mozilla Firefox(2) 2016-06-22 02:54 - 2016-06-22 03:37 - 00000000 ____D C:\Program Files\Dell Support Center 2016-06-22 02:54 - 2016-06-22 02:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCDr 2016-06-22 02:53 - 2016-06-22 02:53 - 00000000 ____D C:\Program Files\Dell 2016-06-22 02:52 - 2016-06-22 02:55 - 00000000 ____D C:\Documents and Settings\breda\Application Data\PCDr ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-15 01:20 - 2012-11-29 18:45 - 00000000 ____D C:\Documents and Settings\breda\Local Settings\Temp 2016-07-15 01:08 - 2012-11-30 19:21 - 00000422 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{46326FC0-C325-4341-869A-C246C8B695B6}.job 2016-07-15 00:32 - 2016-04-11 14:59 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-07-15 00:02 - 2013-02-12 21:57 - 00000998 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1614895754-1390067357-839522115-1004UA.job 2016-07-14 21:02 - 2013-02-12 21:57 - 00000976 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1614895754-1390067357-839522115-1004Core.job 2016-07-14 20:32 - 2016-05-13 14:32 - 19527360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2016-07-14 20:32 - 2016-04-11 14:59 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-07-14 20:32 - 2016-04-11 14:59 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-07-14 15:50 - 2012-11-29 18:27 - 00000000 ____D C:\WINDOWS\system32\ias 2016-07-14 15:49 - 2012-11-29 18:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-07-14 15:44 - 2012-11-29 18:45 - 00000178 ___SH C:\Documents and Settings\breda\ntuser.ini 2016-07-14 03:48 - 2012-11-29 18:45 - 00000000 ___RD C:\Documents and Settings\breda\My Documents 2016-07-13 15:07 - 2013-08-04 10:40 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-07-13 15:02 - 2012-11-30 22:23 - 141983760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-07-12 16:32 - 2012-11-29 18:41 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-07-12 06:14 - 2014-12-20 17:17 - 00000000 ____D C:\Program Files\Common Files\IObit 2016-07-12 05:49 - 2012-11-29 18:45 - 00000000 ____D C:\Documents and Settings\breda 2016-07-12 05:40 - 2012-11-29 18:27 - 00000000 ___HD C:\WINDOWS\inf 2016-07-12 05:39 - 2013-11-20 15:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData 2016-07-12 05:37 - 2012-12-03 21:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit 2016-07-12 03:54 - 2015-03-29 19:54 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-07-11 06:26 - 2012-12-03 19:25 - 00000000 ____D C:\WINDOWS\Minidump 2016-07-10 05:04 - 2014-12-31 19:01 - 00265350 _____ C:\Documents and Settings\breda\Local Settings\Application Data\census.cache 2016-07-10 05:04 - 2014-12-31 19:01 - 00152534 _____ C:\Documents and Settings\breda\Local Settings\Application Data\ars.cache 2016-07-08 15:13 - 2001-08-18 13:00 - 00001374 _____ C:\WINDOWS\system32\wpa.dbl 2016-07-08 15:00 - 2014-03-10 18:58 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2016-07-08 12:10 - 2012-11-29 18:27 - 00000000 RSHDC C:\WINDOWS\system32\dllcache 2016-07-08 12:04 - 2012-11-29 18:27 - 00000000 ____D C:\WINDOWS\system 2016-07-07 03:59 - 2013-03-05 19:20 - 00408336 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1614895754-1390067357-839522115-1004-0.dat 2016-07-07 03:59 - 2013-03-05 03:51 - 00083246 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2016-07-06 05:24 - 2013-11-16 19:54 - 24612864 _____ C:\WINDOWS\system32\config\software.iobit 2016-07-06 05:24 - 2013-11-16 19:54 - 00307200 _____ C:\WINDOWS\system32\config\default.iobit 2016-07-06 05:24 - 2013-11-16 19:54 - 00057344 _____ C:\WINDOWS\system32\config\SECURITY.iobit 2016-07-06 05:24 - 2013-11-16 19:54 - 00024576 _____ C:\WINDOWS\system32\config\SAM.iobit 2016-07-06 05:24 - 2012-11-29 18:45 - 00000000 __SHD C:\Documents and Settings\NetworkService 2016-07-06 05:24 - 2012-11-29 18:45 - 00000000 __SHD C:\Documents and Settings\LocalService 2016-07-01 19:32 - 2016-01-23 19:12 - 00109856 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll 2016-07-01 18:22 - 2013-04-18 00:29 - 00000000 ____D C:\Program Files\WhoCrashed 2016-06-26 21:43 - 2012-11-29 18:31 - 00000000 ____D C:\Documents and Settings\All Users 2016-06-24 12:04 - 2012-11-30 16:34 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2016-06-24 12:01 - 2014-05-29 17:29 - 00000000 ____D C:\Documents and Settings\breda\Local Settings\Application Data\Deployment 2016-06-23 03:35 - 2016-01-14 01:32 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-06-22 03:57 - 2014-02-18 00:35 - 00000000 ____D C:\Documents and Settings\Administrator 2016-06-22 03:57 - 2012-11-29 18:40 - 00000000 ____D C:\WINDOWS\Registration 2016-06-22 03:54 - 2016-06-07 03:58 - 00000000 ____D C:\Program Files\SpeedFan 2016-06-22 03:54 - 2015-07-27 20:55 - 00000000 ____D C:\Documents and Settings\breda\Application Data\CyberLink 2016-06-22 03:38 - 2015-03-22 07:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache 2016-06-22 03:03 - 2013-04-24 17:15 - 00000000 ____D C:\temp 2016-06-20 15:37 - 2016-02-26 12:18 - 00000124 _____ C:\Documents and Settings\All Users\Desktop\LastChaos Homepage.url 2016-06-20 15:13 - 2015-07-27 20:52 - 00000000 ____D C:\Program Files\CyberLink ==================== Files in the root of some directories ======= 2014-11-29 16:11 - 2014-11-29 16:12 - 0000115 _____ () C:\Documents and Settings\breda\Application Data\LogFile.txt 2014-12-31 19:01 - 2016-07-10 05:04 - 0152534 _____ () C:\Documents and Settings\breda\Local Settings\Application Data\ars.cache 2014-12-31 19:01 - 2016-07-10 05:04 - 0265350 _____ () C:\Documents and Settings\breda\Local Settings\Application Data\census.cache 2014-12-31 18:34 - 2014-12-31 18:34 - 0000036 _____ () C:\Documents and Settings\breda\Local Settings\Application Data\housecall.guid.cache 2015-03-29 20:07 - 2015-03-29 20:07 - 0000010 _____ () C:\Documents and Settings\breda\Local Settings\Application Data\sponge.last.runtime.cache 2015-03-31 00:11 - 2015-03-31 00:11 - 0220638 _____ () C:\Documents and Settings\All Users\Application Data\1427756901.bdinstall.bin 2015-05-27 23:38 - 2015-05-27 23:38 - 0037173 _____ () C:\Documents and Settings\All Users\Application Data\1432766320.bdinstall.bin 2015-05-27 23:39 - 2015-05-27 23:39 - 0178249 _____ () C:\Documents and Settings\All Users\Application Data\1432766324.bdinstall.bin 2015-05-30 18:23 - 2015-05-30 18:23 - 0037190 _____ () C:\Documents and Settings\All Users\Application Data\1433006601.bdinstall.bin 2015-05-30 18:26 - 2015-05-30 18:26 - 0093097 _____ () C:\Documents and Settings\All Users\Application Data\1433006606.bdinstall.bin 2015-09-18 09:25 - 2015-09-18 09:25 - 0202433 _____ () C:\Documents and Settings\All Users\Application Data\1442564605.bdinstall.bin 2015-09-18 09:28 - 2015-09-18 09:28 - 0037174 _____ () C:\Documents and Settings\All Users\Application Data\1442564892.bdinstall.bin 2015-09-18 09:29 - 2015-09-18 09:29 - 0058535 _____ () C:\Documents and Settings\All Users\Application Data\1442564897.bdinstall.bin Some files in TEMP: ==================== C:\Documents and Settings\breda\Local Settings\Temp\msvcp110.dll C:\Documents and Settings\breda\Local Settings\Temp\msvcr110.dll C:\Documents and Settings\breda\Local Settings\Temp\pc-decrapifier.exe C:\Documents and Settings\breda\Local Settings\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================