Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Button, effect hijacker? Broni referred me here


  • This topic is locked This topic is locked
6 replies to this topic

#1 digitalia

digitalia

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 16 October 2015 - 12:08 AM

Greetings.

 

Sony Vaio laptop w/ Pentium Dual Core T3200, Vista Home Premium SP2, 32-bit.

1. Automatically starts in Windows Boot Manager; Vista is the only OS listed. Haven't really bothered to deal with that, yet.
 
2. The HD is always being accessed - light is always running; sometimes solidly, sometimes flashing.

3. The problem won't allow normal opening of programs/destop items, e.g., if you push a "Yes" or "Start" button on a Menu item, it'll automatically light-up the button to the right and neither work; clicking the "x" on the Menu is the only way out - sometimes - other time a reboot is the only way to proceed.

Additionally, clicking on a desktop item automatically/immediately goes to whichever item happens to be at the very right-end of that row; sometimes that item can be opened, but most of the time not.

While I've been able to access many of the tools suggested, this issue prevents me from going any further on the secondary menus many of these tools present. If I'm asked to agree or proceed, when I click on the respective button action jumps immediately to whichever button's on the right, yet it doesn't engage that option, either.

4. When Start menu items are accessed, as soon as the mouse pointer touches them they start vibrating/flashing in appearance. You can still click on them and they'll open (sometimes), but then you're affected by the button problems listed above.

5. When this deal is at its worst, the computer is almost totally unreasonable to deal with. It seems immediately after running a MBAM scan (which finds nothing), the computer behaves normally, but then it eventually revert to its negative state.

Here's what I've done so far:

- Manually disabled/deleted a number of toolbars that I know to be either of no true use or gateways for malware, both in browers and Add/Remove.

- ran rkill which found no issues

- ran MAB which found a number of PUPs; deleted them

- ran EAM which found a number of "No Risks"; they're quarantined anyway.

After doing those steps a couple of days ago, the computer reverted back to running normally for a while, but then it regressed again.

Since then, it seems to take a very long time to load and, when it does, it is completely unstable. I've continually rebooted it to the same result.

I also accessed System/Advance Settings this to see if I could do a HD check, but the issue wouldn't allow me to Start.

I've also followed the advice of Broni, as much as I could, here.

I offer thanks in advance to any/all help which may be provided.


Started @ Step 6 as advised by Broni.

Note: before I could follow the next step(s), Windows Update chose then to begin downloading 162 updates. For the next two hours or so, that's what the computer has been doing. When it finished and I started the updated version of Internet Explorer to download FRST, the system operated normally - none of the habits described above are affecting it, and I was able to run FRST and capture the two logs without incident. I've now exited everything and the computer still seems to be acting normally. Nevertheless...

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-10-2015 01
Ran by AL (administrator) on AL-PC (15-10-2015 23:35:05)
Running from C:\Users\AL\Desktop
Loaded Profiles: AL (Available Profiles: AL & Guest)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\RacAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317280 2008-04-03] (Sony Corporation)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll [2008-07-15] (Sony Corporation)
HKU\S-1-5-21-3393406221-155843853-4252943505-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3393406221-155843853-4252943505-1000\...\MountPoints2: {308ffea0-d434-11de-a206-001dba27ca27} - H:\LaunchU3.exe -a
HKU\S-1-5-21-3393406221-155843853-4252943505-1000\...\MountPoints2: {995130ec-7eb0-11df-8ec3-001dba27ca27} - G:\Setup_FlipShare.exe
ShellIconOverlayIdentifiers: [AOLOverlayIcon] -> {AB0C8BE3-041C-47d6-8195-E089D32B38DD} => C:\DDI\overicon.dll [2008-06-13] (TODO: <Company name>)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AOLDDI.LNK [2015-10-13]
ShortcutTarget: AOLDDI.LNK -> C:\DDI\AOLICON.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1
Tcpip\..\Interfaces\{6CB7D6CF-F024-47B7-ADCD-397DC7796FB5}: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-3393406221-155843853-4252943505-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-3393406221-155843853-4252943505-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKLM - (No Name) - {3d881889-90cd-4595-810f-f9ff5068301e} -  No File
URLSearchHook: HKU\S-1-5-21-3393406221-155843853-4252943505-1000 - (No Name) - {3d881889-90cd-4595-810f-f9ff5068301e} -  No File
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3393406221-155843853-4252943505-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3393406221-155843853-4252943505-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3393406221-155843853-4252943505-1000 -> {6AC33889-4EDA-40B9-B550-366CE736D56E} URL = hxxp://query.nytimes.com/gst/handler.html?query={searchTerms}&opensearch=1
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  => No File
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-02-14] (RealPlayer)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-09-09] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-15] (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-09-09] (Sun Microsystems, Inc.)
BHO: Ziptionary BHO -> {F9FF8423-50F2-4f80-A31D-D1A03DBE9D86} -> C:\Program Files\Ziptionary\ziptionary.dll [2007-08-09] ()
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {3d881889-90cd-4595-810f-f9ff5068301e} -  No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-15] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-3393406221-155843853-4252943505-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3393406221-155843853-4252943505-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll [2007-11-12] (TODO: <Company name>)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2009-11-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\AL\AppData\Roaming\Mozilla\Firefox\Profiles\axa9rsxf.default
FF DefaultSearchUrl: hxxp://www.bing.com/search?FORM=IEFM1&q=
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?type=20151001-135-ff
FF Keyword.URL: hxxp://search.thechatphone.com/?q=
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-11-14] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 -> C:\Windows\system32\npdeployJava1.dll [2012-09-09] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-09-09] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2011-02-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2011-02-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-02-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2011-02-14] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-06] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2011-02-14] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2011-02-14] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2011-02-14] (RealNetworks, Inc.)
FF SearchPlugin: C:\Users\AL\AppData\Roaming\Mozilla\Firefox\Profiles\axa9rsxf.default\searchplugins\thechatphone-powered-by-google.xml [2011-04-03]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safesearch.xml [2015-10-01]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\AL\AppData\Roaming\Mozilla\Firefox\Profiles\axa9rsxf.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-02-19]
FF Extension: Google Toolbar for Firefox - C:\Users\AL\AppData\Roaming\Mozilla\Firefox\Profiles\axa9rsxf.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-02-19]
FF Extension: DownloadHelper - C:\Users\AL\AppData\Roaming\Mozilla\Firefox\Profiles\axa9rsxf.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-02-19]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010-03-30]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-05-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-11-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-07-08]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-04-15]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-02-14]
FF HKLM\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\AL\AppData\Roaming\Mozilla\Firefox\Profiles\axa9rsxf.default\extensions\{jid1-vS7biDmom8YxhA@jetpack} => not found
FF HKU\S-1-5-21-3393406221-155843853-4252943505-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
StartMenuInternet: FIREFOX.EXE - firefox.exe
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2012-01-15]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-02-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [7084784 2015-10-13] (Emsisoft Ltd)
R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [455944 2010-05-14] ()
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-22] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2007-11-12] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2007-05-24] (Intuit Inc.) [File not signed]
S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-05-20] (Sony Corporation)
S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [353568 2008-05-20] (Sony Corporation)
S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [62752 2008-05-20] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation) [File not signed]
S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.)
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [104960 2008-03-25] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-05-22] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-15] (Sony Corporation)
R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [411488 2008-06-19] (Sony Corporation)
S2 VCFw; C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [415744 2008-06-20] (Sony Corporation) [File not signed]
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [337184 2008-06-12] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-06-19] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-05-22] (Sony Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2008-01-30] (ArcSoft, Inc.)
R1 epp32; C:\Program Files\Emsisoft Anti-Malware\epp32.sys [114200 2015-10-13] (Emsisoft GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; no ImagePath
S3 NwlnkFlt; no ImagePath
S3 NwlnkFwd; no ImagePath
S4 UIUSys; no ImagePath
S3 wanatw; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-15 23:35 - 2015-10-15 23:38 - 00022972 _____ C:\Users\AL\Desktop\FRST.txt
2015-10-15 23:34 - 2015-10-15 23:35 - 00000000 ____D C:\FRST
2015-10-15 23:33 - 2015-10-15 23:33 - 01700352 _____ (Farbar) C:\Users\AL\Desktop\FRST.exe
2015-10-15 23:29 - 2015-10-15 23:29 - 01700352 _____ (Farbar) C:\Users\AL\Downloads\FRST.exe
2015-10-15 23:07 - 2015-10-15 23:07 - 00000448 _____ C:\Windows\PFRO.log
2015-10-15 22:59 - 2015-10-15 22:59 - 00000000 ____D C:\396ea30a7dd5a9288b1c
2015-10-15 22:57 - 2015-01-28 20:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-10-15 22:56 - 2015-08-13 09:15 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-10-15 22:56 - 2015-08-13 09:15 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-10-15 22:55 - 2015-01-28 20:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-10-15 22:51 - 2015-07-21 11:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-10-15 22:51 - 2015-07-21 11:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-10-15 22:51 - 2015-07-21 11:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-10-15 22:51 - 2015-07-21 11:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-10-15 22:51 - 2015-07-03 11:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-10-15 22:49 - 2015-09-02 16:26 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-10-15 22:49 - 2015-09-02 16:26 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-10-15 22:40 - 2014-06-26 17:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-10-15 22:40 - 2014-06-26 17:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-10-15 22:40 - 2014-06-26 17:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-10-15 22:39 - 2014-06-05 23:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-10-15 22:38 - 2015-07-31 14:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-10-15 22:35 - 2014-06-15 17:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-10-15 22:35 - 2014-06-13 13:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-10-15 22:35 - 2014-06-13 13:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-10-15 22:33 - 2015-06-17 11:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-10-15 22:33 - 2015-06-17 10:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-10-15 22:33 - 2014-06-02 05:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-10-15 22:33 - 2014-06-02 05:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-10-15 22:33 - 2014-06-02 05:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-10-15 22:33 - 2014-06-02 03:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-10-15 22:25 - 2014-10-09 20:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-10-15 22:25 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-15 22:25 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-15 22:24 - 2014-12-18 19:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-10-15 22:23 - 2015-06-12 11:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-10-15 22:11 - 2015-04-24 10:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-10-15 22:09 - 2015-07-10 14:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-10-15 21:50 - 2015-03-04 21:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-10-15 21:50 - 2015-03-04 21:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-10-15 21:48 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-10-15 21:35 - 2014-11-25 21:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-10-15 21:21 - 2015-07-18 11:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-10-15 21:21 - 2015-01-20 21:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-10-15 21:21 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-10-15 21:18 - 2015-10-15 21:18 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-10-15 21:16 - 2015-07-18 08:14 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00015200 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011104 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011104 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-15 21:16 - 2015-07-10 09:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-10-15 21:15 - 2015-09-02 16:26 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-10-15 21:15 - 2015-09-02 14:55 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-10-15 21:15 - 2015-09-02 14:54 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-10-15 20:57 - 2015-08-05 10:59 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-10-15 20:52 - 2015-09-28 12:17 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-15 20:52 - 2015-09-26 11:09 - 03606464 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-10-15 20:52 - 2015-09-26 11:09 - 03554240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-15 20:52 - 2015-07-21 11:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-15 20:52 - 2015-01-08 19:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-15 20:52 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-10-15 20:52 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-10-15 20:52 - 2014-10-02 20:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-10-15 20:52 - 2014-10-02 20:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-10-15 20:50 - 2015-07-28 19:46 - 11588096 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-15 20:50 - 2014-12-05 22:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-10-15 20:50 - 2014-12-05 22:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-10-15 20:50 - 2014-12-05 22:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-10-15 20:42 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-10-15 20:40 - 2015-05-31 03:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-10-15 20:37 - 2015-04-10 18:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-10-15 20:35 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-10-15 20:35 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-10-15 20:35 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-10-15 20:35 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-10-15 20:35 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-10-15 20:35 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-10-15 20:35 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-10-15 20:35 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-10-15 20:35 - 2015-07-31 15:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-10-15 20:25 - 2015-06-27 11:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-15 20:25 - 2015-06-27 11:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-15 20:25 - 2015-06-27 11:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-15 20:25 - 2015-06-27 11:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-10-15 20:25 - 2015-06-27 09:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-15 20:25 - 2015-06-27 09:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-15 20:25 - 2015-06-12 08:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-15 20:25 - 2015-04-30 11:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-15 20:25 - 2015-01-08 19:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-15 20:25 - 2014-10-09 20:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-15 20:24 - 2015-05-08 18:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-15 20:24 - 2014-09-04 18:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2015-10-15 20:17 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-10-15 20:17 - 2014-12-07 20:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-10-15 20:16 - 2012-07-25 22:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2015-10-15 20:16 - 2012-07-25 22:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2015-10-15 20:16 - 2012-07-25 22:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2015-10-15 20:16 - 2012-07-25 22:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2015-10-15 20:16 - 2012-07-25 22:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-10-15 20:16 - 2012-07-25 22:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2015-10-15 20:16 - 2012-07-25 21:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2015-10-15 20:16 - 2012-07-25 21:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2015-10-15 20:16 - 2012-07-25 21:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2015-10-15 20:16 - 2012-06-02 09:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-10-15 20:16 - 2009-07-14 07:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
2015-10-15 20:15 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-10-15 20:15 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-10-15 20:14 - 2015-05-04 17:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-10-15 20:14 - 2015-05-04 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-10-15 20:14 - 2015-05-04 17:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-10-15 20:14 - 2015-05-04 17:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-10-15 20:14 - 2015-05-04 16:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-10-15 19:58 - 2014-12-05 22:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-10-15 01:13 - 2015-10-15 01:14 - 00000000 ____D C:\ProgramData\Sophos
2015-10-15 01:12 - 2015-10-15 01:13 - 00002577 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-10-15 01:12 - 2015-10-15 01:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-10-15 01:12 - 2015-10-15 01:12 - 00000000 ____D C:\Program Files\Sophos
2015-10-15 01:04 - 2015-10-15 01:04 - 00090653 _____ C:\Users\AL\Desktop\JRT.txt
2015-10-15 01:04 - 2015-09-11 02:22 - 01814016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-15 01:04 - 2015-09-11 02:21 - 12388352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-15 01:04 - 2015-09-11 02:19 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-15 01:04 - 2015-09-11 02:17 - 09751552 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-15 01:04 - 2015-09-11 02:16 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-15 01:04 - 2015-09-11 02:16 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-15 01:04 - 2015-09-11 02:15 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-15 01:04 - 2015-09-11 02:15 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-15 01:04 - 2015-09-11 02:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-15 01:04 - 2015-09-11 02:14 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-15 01:04 - 2015-09-11 02:14 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-15 01:04 - 2015-09-11 02:14 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-15 01:04 - 2015-09-11 02:14 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-15 01:04 - 2015-09-11 02:14 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-10-15 01:04 - 2015-09-11 02:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-15 01:04 - 2015-09-11 02:14 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-15 01:04 - 2015-09-11 02:14 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-15 01:04 - 2015-09-11 02:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-15 01:04 - 2015-09-11 02:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-15 01:04 - 2015-09-11 02:14 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-10-15 01:04 - 2015-09-11 02:14 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-10-15 01:04 - 2015-09-11 02:14 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-10-14 22:46 - 2015-10-14 23:54 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-14 22:11 - 2014-04-26 11:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-10-14 22:11 - 2014-04-04 22:23 - 00915392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-10-14 22:11 - 2014-04-04 20:49 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2015-10-14 22:11 - 2013-06-15 08:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2015-10-14 22:11 - 2013-06-15 06:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-10-14 22:10 - 2013-04-17 07:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-10-14 22:09 - 2013-07-07 23:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-10-14 22:09 - 2013-07-07 23:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-10-14 22:09 - 2013-07-07 23:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-10-14 21:53 - 2013-10-29 21:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2015-10-14 21:53 - 2013-10-29 20:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2015-10-14 21:53 - 2013-10-29 19:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-10-14 21:53 - 2012-11-02 05:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2015-10-14 21:53 - 2012-11-02 03:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2015-10-14 21:52 - 2014-06-13 19:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-10-14 21:52 - 2014-06-13 19:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-10-14 21:52 - 2014-06-06 03:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-10-14 21:52 - 2012-08-21 06:47 - 00224640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2015-10-14 21:47 - 2014-05-30 01:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-10-14 21:47 - 2013-06-28 21:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-10-14 21:47 - 2013-06-28 21:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-10-14 21:47 - 2013-06-28 21:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2015-10-14 21:47 - 2013-06-28 21:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-10-14 21:47 - 2013-03-03 14:07 - 01082232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-10-14 21:47 - 2012-11-19 23:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 21:47 - 2011-05-05 08:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-10-14 21:47 - 2011-05-05 08:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-10-14 21:43 - 2013-07-12 04:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2015-10-14 21:43 - 2013-07-12 04:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2015-10-14 21:43 - 2013-05-01 23:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-10-14 21:43 - 2013-05-01 23:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2015-10-14 21:43 - 2012-11-21 22:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2015-10-14 21:43 - 2012-11-07 22:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-10-14 21:42 - 2013-10-10 21:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-10-14 21:42 - 2013-10-10 21:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-10-14 21:42 - 2013-10-10 21:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2015-10-14 21:42 - 2013-10-10 19:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-10-14 21:42 - 2013-10-10 19:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-10-14 21:42 - 2013-08-01 23:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-10-14 21:42 - 2013-04-23 23:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2015-10-14 21:42 - 2013-04-23 20:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2015-10-14 21:40 - 2013-10-03 07:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-10-14 21:38 - 2013-10-22 02:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-10-14 21:38 - 2013-10-10 21:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-10-14 21:38 - 2013-10-10 21:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-10-14 21:38 - 2013-10-10 19:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2015-10-14 21:38 - 2013-06-26 18:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-10-14 21:37 - 2013-07-15 23:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2015-10-14 21:36 - 2014-01-30 02:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-10-14 21:36 - 2013-07-02 21:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2015-10-14 21:36 - 2013-07-02 21:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2015-10-14 21:36 - 2013-03-07 22:53 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 21:36 - 2013-02-11 20:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-10-14 00:15 - 2015-10-14 00:15 - 00000000 ____D C:\ProgramData\Emsisoft
2015-10-13 23:49 - 2015-10-13 23:49 - 00000888 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-10-13 23:49 - 2015-10-13 23:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-10-13 23:49 - 2015-03-24 00:17 - 00111368 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp32.sys
2015-10-13 23:48 - 2015-10-15 23:37 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-10-13 23:36 - 2015-10-13 23:36 - 00000000 _____ C:\Windows\setuperr.log
2015-10-13 23:36 - 2015-10-13 23:36 - 00000000 _____ C:\Windows\setupact.log
2015-10-13 15:01 - 2015-10-13 15:01 - 00000804 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-10-13 15:01 - 2015-10-13 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-10-13 15:01 - 2015-10-13 15:01 - 00000000 ____D C:\Program Files\CCleaner
2015-10-13 14:53 - 2015-10-13 14:53 - 00000000 __SHD C:\found.001
2015-10-01 14:42 - 2015-10-01 14:42 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-01 13:11 - 2015-10-01 13:15 - 10367880 _____ (SurfRight B.V.) C:\Users\Public\Desktop\Hitman Pro_Installer.exe
2015-10-01 13:10 - 2015-10-01 13:10 - 00001992 _____ C:\Users\AL\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2015-10-01 13:10 - 2015-10-01 13:10 - 00001976 _____ C:\Users\AL\Desktop\Craigslist.lnk
2015-10-01 13:10 - 2015-10-01 13:10 - 00001970 _____ C:\Users\AL\Desktop\Netflix.lnk
2015-10-01 13:10 - 2015-10-01 13:10 - 00001968 _____ C:\Users\AL\Desktop\Amazon.lnk
2015-10-01 13:10 - 2015-10-01 13:10 - 00001966 _____ C:\Users\AL\Desktop\GMail.lnk
2015-10-01 13:10 - 2015-10-01 13:10 - 00001964 _____ C:\Users\AL\Desktop\ESPN.lnk
2015-10-01 13:10 - 2015-10-01 13:10 - 00001892 _____ C:\Users\Public\Desktop\Fast Browser.lnk
2015-10-01 13:10 - 2015-10-01 13:10 - 00000000 ____D C:\Users\AL\AppData\Local\Fast Browser
2015-10-01 13:10 - 2015-10-01 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast Browser
2015-10-01 13:09 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files\Fast Browser
2015-09-30 22:54 - 2015-09-30 22:54 - 00000000 __SHD C:\found.000

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-15 23:38 - 2011-11-09 13:29 - 01718644 _____ C:\Windows\WindowsUpdate.log
2015-10-15 23:19 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-10-15 23:19 - 2006-11-02 05:33 - 00005900 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-15 23:18 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-15 23:18 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-15 23:09 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-15 23:08 - 2006-11-02 07:47 - 00421608 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-15 23:07 - 2009-10-31 19:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-10-15 23:03 - 2006-11-02 08:01 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-15 23:01 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-10-15 23:01 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-15 22:55 - 2008-08-20 14:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-15 22:48 - 2010-06-05 05:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-10-15 22:23 - 2012-05-01 05:02 - 00001826 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-10-15 22:23 - 2011-09-27 05:03 - 00001945 _____ C:\Windows\epplauncher.mif
2015-10-15 22:22 - 2011-09-27 05:03 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-10-15 01:19 - 2008-01-01 13:47 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-15 00:55 - 2008-11-09 17:05 - 00000000 ____D C:\Users\AL
2015-10-14 22:44 - 2008-01-01 13:46 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-14 00:40 - 2010-01-30 23:43 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-14 00:40 - 2010-01-30 23:43 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-13 23:09 - 2010-04-24 20:51 - 00000000 ____D C:\Users\AL\Tracing
2015-10-13 23:04 - 2011-11-10 17:16 - 00000000 ____D C:\Windows\pss
2015-10-13 15:35 - 2011-08-11 14:10 - 00000000 ____D C:\Windows\Minidump
2015-10-13 15:35 - 2008-08-01 13:06 - 00000000 ____D C:\Windows\Panther
2015-10-13 14:56 - 2009-09-19 10:12 - 00000000 ____D C:\Program Files\Google
2015-10-13 14:45 - 2010-04-08 11:08 - 00000000 ____D C:\Program Files\Yahoo!
2015-10-13 14:45 - 2009-09-19 10:13 - 00000000 ____D C:\Users\AL\AppData\Local\Google
2015-10-13 14:43 - 2009-09-19 10:12 - 00000000 ____D C:\ProgramData\Google
2015-10-01 13:10 - 2006-11-02 06:18 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-10-01 08:21 - 2010-04-01 10:42 - 00003319 _____ C:\ProgramData\hpzinstall.log
2015-10-01 08:09 - 2010-10-23 22:43 - 00000000 ____D C:\Users\AL\AppData\Local\Windows Live
2015-09-30 21:35 - 2008-08-01 12:50 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2015-09-30 21:35 - 2008-08-01 12:50 - 00000000 ____D C:\Windows\system32\RTCOM
2015-09-30 21:35 - 2008-08-01 12:49 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-09-30 21:34 - 2009-12-19 09:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-30 21:33 - 2010-07-14 18:47 - 00000000 ____D C:\Users\AL\AppData\Roaming\mjusbsp

==================== Files in the root of some directories =======

2008-11-29 12:09 - 2012-06-21 15:54 - 0001060 _____ () C:\Users\AL\AppData\Roaming\wklnhst.dat
2009-06-11 22:59 - 2010-08-03 11:18 - 0015872 _____ () C:\Users\AL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-04-01 10:42 - 2015-10-01 08:21 - 0003319 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\AL\AppData\Local\Temp\sqlite3.dll
C:\Users\Guest\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chra_aih.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-15 23:15

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:29 PM

Posted 16 October 2015 - 08:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

No malware was found on your logs. This is just a cleanup.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShortcutTarget: AOLDDI.LNK -> C:\DDI\AOLICON.exe (No File)
HKU\S-1-5-21-3393406221-155843853-4252943505-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKLM - (No Name) - {3d881889-90cd-4595-810f-f9ff5068301e} -  No File
URLSearchHook: HKU\S-1-5-21-3393406221-155843853-4252943505-1000 - (No Name) - {3d881889-90cd-4595-810f-f9ff5068301e} -  No File
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  => No File
Toolbar: HKLM - No Name - {3d881889-90cd-4595-810f-f9ff5068301e} -  No File
Toolbar: HKU\S-1-5-21-3393406221-155843853-4252943505-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3393406221-155843853-4252943505-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safesearch.xml [2015-10-01]
FF HKLM\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\AL\AppData\Roaming\Mozilla\Firefox\Profiles\axa9rsxf.default\extensions\{jid1-vS7biDmom8YxhA@jetpack} => not found
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; no ImagePath
S3 NwlnkFlt; no ImagePath
S3 NwlnkFwd; no ImagePath
S4 UIUSys; no ImagePath
S3 wanatw; no ImagePath

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

===

How is the computer running now?

#3 digitalia

digitalia
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 16 October 2015 - 12:29 PM

Hello, nasdaq - thank you for your help.

The computer is back to running irregularly after stablizing once I downloaded those 162 Windows updates last evening (at least stable enough to run FRST then without any problem whatsoever); it's running so irregularly now that I couldn't get FRST to run (as administrator) the first and second times I tried to load it by double clicking it with the left button.

Double clicking its desktop icon brings up the "Open File - Security Warning" menu, but then clicking on its Run (or Cancel) button has no effect - although the little, cursor swirling circle continues to swirl. After clicking Run, I wait for awhile, but nothing. What's strange is that while clicking Run and Cancel is effectless, I can click on and off the option to "Always ask before opening this file", and the X to dismiss the menu works.

I can tell if the computer is going to act straight easy enough: if the touchpad is responsive to mouse-like click commands, then everything works okay. If not, and I have to use the left mouse button to click most calls to action, then things don't work so well at all. Another aspect which has remained constant is that the HD never ceases to stop: the light is virtually and endlessly either flickering or solidly lit.

OK - I used the command prompt to start frst.exe and it immediately runs.

After Fix and Restart, the mousepad is working: it accepts the tap to open Windows on a Users icon; Windows takes 3-4 minutes to fully load. But when it does, everything seems to be working normally - except the HD is being continually accessed.

 

Oops: I accidently deleted the frst txt file. I will run frst.exe and Fix again...

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-10-2015 01
Ran by AL (administrator) on AL-PC (16-10-2015 11:23:34)
Running from C:\Users\AL\Desktop
Loaded Profiles: AL (Available Profiles: AL & Guest)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317280 2008-04-03] (Sony Corporation)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll [2008-07-15] (Sony Corporation)
HKU\S-1-5-21-3393406221-155843853-4252943505-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3393406221-155843853-4252943505-1000\...\MountPoints2: {308ffea0-d434-11de-a206-001dba27ca27} - H:\LaunchU3.exe -a
HKU\S-1-5-21-3393406221-155843853-4252943505-1000\...\MountPoints2: {995130ec-7eb0-11df-8ec3-001dba27ca27} - G:\Setup_FlipShare.exe
ShellIconOverlayIdentifiers: [AOLOverlayIcon] -> {AB0C8BE3-041C-47d6-8195-E089D32B38DD} => C:\DDI\overicon.dll [2008-06-13] (TODO: <Company name>)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AOLDDI.LNK [2015-10-13]
ShortcutTarget: AOLDDI.LNK -> C:\DDI\AOLICON.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1
Tcpip\..\Interfaces\{6CB7D6CF-F024-47B7-ADCD-397DC7796FB5}: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-3393406221-155843853-4252943505-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-21-3393406221-155843853-4252943505-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3393406221-155843853-4252943505-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3393406221-155843853-4252943505-1000 -> {6AC33889-4EDA-40B9-B550-366CE736D56E} URL = hxxp://query.nytimes.com/gst/handler.html?query={searchTerms}&opensearch=1
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-02-14] (RealPlayer)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-09-09] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-15] (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-09-09] (Sun Microsystems, Inc.)
BHO: Ziptionary BHO -> {F9FF8423-50F2-4f80-A31D-D1A03DBE9D86} -> C:\Program Files\Ziptionary\ziptionary.dll [2007-08-09] ()
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-15] (Microsoft Corporation.)
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll [2007-11-12] (TODO: <Company name>)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2009-11-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\AL\AppData\Roaming\Mozilla\Firefox\Profiles\axa9rsxf.default
FF DefaultSearchUrl: hxxp://www.bing.com/search?FORM=IEFM1&q=
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?type=20151001-135-ff
FF Keyword.URL: hxxp://search.thechatphone.com/?q=
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-11-14] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 -> C:\Windows\system32\npdeployJava1.dll [2012-09-09] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-09-09] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2011-02-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2011-02-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-02-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2011-02-14] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-06] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2011-02-14] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2011-02-14] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2011-02-14] (RealNetworks, Inc.)
FF SearchPlugin: C:\Users\AL\AppData\Roaming\Mozilla\Firefox\Profiles\axa9rsxf.default\searchplugins\thechatphone-powered-by-google.xml [2011-04-03]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\AL\AppData\Roaming\Mozilla\Firefox\Profiles\axa9rsxf.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-02-19]
FF Extension: Google Toolbar for Firefox - C:\Users\AL\AppData\Roaming\Mozilla\Firefox\Profiles\axa9rsxf.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-02-19]
FF Extension: DownloadHelper - C:\Users\AL\AppData\Roaming\Mozilla\Firefox\Profiles\axa9rsxf.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-02-19]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010-03-30]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-05-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-11-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-07-08]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-04-15]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-02-14]
FF HKU\S-1-5-21-3393406221-155843853-4252943505-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
StartMenuInternet: FIREFOX.EXE - firefox.exe
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2012-01-15]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-02-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [7084784 2015-10-13] (Emsisoft Ltd)
R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [455944 2010-05-14] ()
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-22] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2007-11-12] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2007-05-24] (Intuit Inc.) [File not signed]
S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-05-20] (Sony Corporation)
S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [353568 2008-05-20] (Sony Corporation)
S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [62752 2008-05-20] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation) [File not signed]
S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.)
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [104960 2008-03-25] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-05-22] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-15] (Sony Corporation)
R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [411488 2008-06-19] (Sony Corporation)
S2 VCFw; C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [415744 2008-06-20] (Sony Corporation) [File not signed]
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [337184 2008-06-12] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-06-19] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-05-22] (Sony Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2008-01-30] (ArcSoft, Inc.)
R1 epp32; C:\Program Files\Emsisoft Anti-Malware\epp32.sys [114200 2015-10-13] (Emsisoft GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-16 11:23 - 2015-10-16 11:23 - 00021197 _____ C:\Users\AL\Desktop\FRST.txt
2015-10-16 11:22 - 2015-10-16 10:19 - 00001434 _____ C:\Users\AL\Desktop\fixlist.txt
2015-10-15 23:39 - 2015-10-15 23:44 - 00049435 _____ C:\Users\AL\Desktop\Addition.txt
2015-10-15 23:34 - 2015-10-16 11:23 - 00000000 ____D C:\FRST
2015-10-15 23:33 - 2015-10-15 23:33 - 01700352 _____ (Farbar) C:\Users\AL\Desktop\FRST.exe
2015-10-15 23:29 - 2015-10-15 23:29 - 01700352 _____ (Farbar) C:\Users\AL\Downloads\FRST.exe
2015-10-15 23:07 - 2015-10-16 11:14 - 00003036 _____ C:\Windows\PFRO.log
2015-10-15 22:59 - 2015-10-15 22:59 - 00000000 ____D C:\396ea30a7dd5a9288b1c
2015-10-15 22:57 - 2015-01-28 20:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-10-15 22:56 - 2015-08-13 09:15 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-10-15 22:56 - 2015-08-13 09:15 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-10-15 22:55 - 2015-01-28 20:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-10-15 22:51 - 2015-07-21 11:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-10-15 22:51 - 2015-07-21 11:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-10-15 22:51 - 2015-07-21 11:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-10-15 22:51 - 2015-07-21 11:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-10-15 22:51 - 2015-07-03 11:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-10-15 22:49 - 2015-09-02 16:26 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-10-15 22:49 - 2015-09-02 16:26 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-10-15 22:40 - 2014-06-26 17:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-10-15 22:40 - 2014-06-26 17:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-10-15 22:40 - 2014-06-26 17:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-10-15 22:39 - 2014-06-05 23:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-10-15 22:38 - 2015-07-31 14:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-10-15 22:35 - 2014-06-15 17:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-10-15 22:35 - 2014-06-13 13:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-10-15 22:35 - 2014-06-13 13:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-10-15 22:33 - 2015-06-17 11:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-10-15 22:33 - 2015-06-17 10:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-10-15 22:33 - 2014-06-02 05:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-10-15 22:33 - 2014-06-02 05:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-10-15 22:33 - 2014-06-02 05:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-10-15 22:33 - 2014-06-02 03:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-10-15 22:25 - 2014-10-09 20:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-10-15 22:25 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-15 22:25 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-15 22:24 - 2014-12-18 19:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-10-15 22:23 - 2015-06-12 11:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-10-15 22:11 - 2015-04-24 10:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-10-15 22:09 - 2015-07-10 14:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-10-15 21:50 - 2015-03-04 21:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-10-15 21:50 - 2015-03-04 21:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-10-15 21:48 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-10-15 21:35 - 2014-11-25 21:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-10-15 21:21 - 2015-07-18 11:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-10-15 21:21 - 2015-01-20 21:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-10-15 21:21 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-10-15 21:18 - 2015-10-15 21:18 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-10-15 21:16 - 2015-07-18 08:14 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00015200 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011104 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-15 21:16 - 2015-07-18 08:14 - 00011104 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-15 21:16 - 2015-07-10 09:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-10-15 21:15 - 2015-09-02 16:26 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-10-15 21:15 - 2015-09-02 14:55 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-10-15 21:15 - 2015-09-02 14:54 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-10-15 20:57 - 2015-08-05 10:59 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-10-15 20:52 - 2015-09-28 12:17 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-15 20:52 - 2015-09-26 11:09 - 03606464 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-10-15 20:52 - 2015-09-26 11:09 - 03554240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-15 20:52 - 2015-07-21 11:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-15 20:52 - 2015-01-08 19:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-15 20:52 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-10-15 20:52 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-10-15 20:52 - 2014-10-02 20:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-10-15 20:52 - 2014-10-02 20:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-10-15 20:50 - 2015-07-28 19:46 - 11588096 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-15 20:50 - 2014-12-05 22:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-10-15 20:50 - 2014-12-05 22:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-10-15 20:50 - 2014-12-05 22:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-10-15 20:42 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-10-15 20:40 - 2015-05-31 03:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-10-15 20:37 - 2015-04-10 18:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-10-15 20:35 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-10-15 20:35 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-10-15 20:35 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-10-15 20:35 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-10-15 20:35 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-10-15 20:35 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-10-15 20:35 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-10-15 20:35 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-10-15 20:35 - 2015-07-31 15:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-10-15 20:25 - 2015-06-27 11:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-15 20:25 - 2015-06-27 11:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-15 20:25 - 2015-06-27 11:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-15 20:25 - 2015-06-27 11:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-10-15 20:25 - 2015-06-27 09:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-15 20:25 - 2015-06-27 09:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-15 20:25 - 2015-06-12 08:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-15 20:25 - 2015-04-30 11:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-15 20:25 - 2015-01-08 19:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-15 20:25 - 2014-10-09 20:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-15 20:24 - 2015-05-08 18:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-15 20:24 - 2014-09-04 18:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2015-10-15 20:17 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-10-15 20:17 - 2014-12-07 20:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-10-15 20:16 - 2012-07-25 22:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2015-10-15 20:16 - 2012-07-25 22:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2015-10-15 20:16 - 2012-07-25 22:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2015-10-15 20:16 - 2012-07-25 22:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2015-10-15 20:16 - 2012-07-25 22:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-10-15 20:16 - 2012-07-25 22:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2015-10-15 20:16 - 2012-07-25 21:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2015-10-15 20:16 - 2012-07-25 21:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2015-10-15 20:16 - 2012-07-25 21:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2015-10-15 20:16 - 2012-06-02 09:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-10-15 20:16 - 2009-07-14 07:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
2015-10-15 20:15 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-10-15 20:15 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-10-15 20:14 - 2015-05-04 17:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-10-15 20:14 - 2015-05-04 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-10-15 20:14 - 2015-05-04 17:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-10-15 20:14 - 2015-05-04 17:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-10-15 20:14 - 2015-05-04 16:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-10-15 19:58 - 2014-12-05 22:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-10-15 01:13 - 2015-10-15 01:14 - 00000000 ____D C:\ProgramData\Sophos
2015-10-15 01:12 - 2015-10-15 01:13 - 00002577 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-10-15 01:12 - 2015-10-15 01:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-10-15 01:12 - 2015-10-15 01:12 - 00000000 ____D C:\Program Files\Sophos
2015-10-15 01:04 - 2015-09-11 02:22 - 01814016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-15 01:04 - 2015-09-11 02:21 - 12388352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-15 01:04 - 2015-09-11 02:19 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-15 01:04 - 2015-09-11 02:17 - 09751552 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-15 01:04 - 2015-09-11 02:16 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-15 01:04 - 2015-09-11 02:16 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-15 01:04 - 2015-09-11 02:15 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-15 01:04 - 2015-09-11 02:15 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-15 01:04 - 2015-09-11 02:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-15 01:04 - 2015-09-11 02:14 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-15 01:04 - 2015-09-11 02:14 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-15 01:04 - 2015-09-11 02:14 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-15 01:04 - 2015-09-11 02:14 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-15 01:04 - 2015-09-11 02:14 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-10-15 01:04 - 2015-09-11 02:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-15 01:04 - 2015-09-11 02:14 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-15 01:04 - 2015-09-11 02:14 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-15 01:04 - 2015-09-11 02:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-15 01:04 - 2015-09-11 02:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-15 01:04 - 2015-09-11 02:14 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-10-15 01:04 - 2015-09-11 02:14 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-10-15 01:04 - 2015-09-11 02:14 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-10-14 22:46 - 2015-10-14 23:54 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-14 22:11 - 2014-04-26 11:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-10-14 22:11 - 2014-04-04 22:23 - 00915392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-10-14 22:11 - 2014-04-04 20:49 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2015-10-14 22:11 - 2013-06-15 08:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2015-10-14 22:11 - 2013-06-15 06:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-10-14 22:10 - 2013-04-17 07:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-10-14 22:09 - 2013-07-07 23:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-10-14 22:09 - 2013-07-07 23:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-10-14 22:09 - 2013-07-07 23:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-10-14 21:53 - 2013-10-29 21:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2015-10-14 21:53 - 2013-10-29 20:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2015-10-14 21:53 - 2013-10-29 19:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-10-14 21:53 - 2012-11-02 05:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2015-10-14 21:53 - 2012-11-02 03:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2015-10-14 21:52 - 2014-06-13 19:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-10-14 21:52 - 2014-06-13 19:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-10-14 21:52 - 2014-06-06 03:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-10-14 21:52 - 2012-08-21 06:47 - 00224640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2015-10-14 21:47 - 2014-05-30 01:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-10-14 21:47 - 2013-06-28 21:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-10-14 21:47 - 2013-06-28 21:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-10-14 21:47 - 2013-06-28 21:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2015-10-14 21:47 - 2013-06-28 21:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-10-14 21:47 - 2013-03-03 14:07 - 01082232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-10-14 21:47 - 2012-11-19 23:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 21:47 - 2011-05-05 08:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-10-14 21:47 - 2011-05-05 08:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-10-14 21:43 - 2013-07-12 04:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2015-10-14 21:43 - 2013-07-12 04:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2015-10-14 21:43 - 2013-05-01 23:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-10-14 21:43 - 2013-05-01 23:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2015-10-14 21:43 - 2012-11-21 22:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2015-10-14 21:43 - 2012-11-07 22:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-10-14 21:42 - 2013-10-10 21:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-10-14 21:42 - 2013-10-10 21:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-10-14 21:42 - 2013-10-10 21:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2015-10-14 21:42 - 2013-10-10 19:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-10-14 21:42 - 2013-10-10 19:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-10-14 21:42 - 2013-08-01 23:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-10-14 21:42 - 2013-04-23 23:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2015-10-14 21:42 - 2013-04-23 20:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2015-10-14 21:40 - 2013-10-03 07:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-10-14 21:38 - 2013-10-22 02:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-10-14 21:38 - 2013-10-10 21:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-10-14 21:38 - 2013-10-10 21:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-10-14 21:38 - 2013-10-10 19:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2015-10-14 21:38 - 2013-06-26 18:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-10-14 21:37 - 2013-07-15 23:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2015-10-14 21:36 - 2014-01-30 02:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-10-14 21:36 - 2013-07-02 21:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2015-10-14 21:36 - 2013-07-02 21:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2015-10-14 21:36 - 2013-03-07 22:53 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 21:36 - 2013-02-11 20:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-10-14 00:15 - 2015-10-14 00:15 - 00000000 ____D C:\ProgramData\Emsisoft
2015-10-13 23:49 - 2015-10-13 23:49 - 00000888 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-10-13 23:49 - 2015-10-13 23:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-10-13 23:49 - 2015-03-24 00:17 - 00111368 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp32.sys
2015-10-13 23:48 - 2015-10-16 11:23 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-10-13 23:36 - 2015-10-13 23:36 - 00000000 _____ C:\Windows\setuperr.log
2015-10-13 23:36 - 2015-10-13 23:36 - 00000000 _____ C:\Windows\setupact.log
2015-10-13 15:01 - 2015-10-13 15:01 - 00000804 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-10-13 15:01 - 2015-10-13 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-10-13 15:01 - 2015-10-13 15:01 - 00000000 ____D C:\Program Files\CCleaner
2015-10-13 14:53 - 2015-10-13 14:53 - 00000000 __SHD C:\found.001
2015-10-01 14:42 - 2015-10-01 14:42 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-01 13:11 - 2015-10-01 13:15 - 10367880 _____ (SurfRight B.V.) C:\Users\Public\Desktop\Hitman Pro_Installer.exe
2015-10-01 13:10 - 2015-10-01 13:10 - 00001992 _____ C:\Users\AL\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2015-10-01 13:10 - 2015-10-01 13:10 - 00001976 _____ C:\Users\AL\Desktop\Craigslist.lnk
2015-10-01 13:10 - 2015-10-01 13:10 - 00001970 _____ C:\Users\AL\Desktop\Netflix.lnk
2015-10-01 13:10 - 2015-10-01 13:10 - 00001968 _____ C:\Users\AL\Desktop\Amazon.lnk
2015-10-01 13:10 - 2015-10-01 13:10 - 00001966 _____ C:\Users\AL\Desktop\GMail.lnk
2015-10-01 13:10 - 2015-10-01 13:10 - 00001964 _____ C:\Users\AL\Desktop\ESPN.lnk
2015-10-01 13:10 - 2015-10-01 13:10 - 00001892 _____ C:\Users\Public\Desktop\Fast Browser.lnk
2015-10-01 13:10 - 2015-10-01 13:10 - 00000000 ____D C:\Users\AL\AppData\Local\Fast Browser
2015-10-01 13:10 - 2015-10-01 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast Browser
2015-10-01 13:09 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files\Fast Browser
2015-09-30 22:54 - 2015-09-30 22:54 - 00000000 __SHD C:\found.000

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-16 11:15 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-16 11:14 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-16 11:14 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-16 11:13 - 2011-11-09 13:29 - 01761099 _____ C:\Windows\WindowsUpdate.log
2015-10-16 11:13 - 2006-11-02 08:01 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-16 11:10 - 2011-11-15 10:06 - 00000000 ____D C:\Users\AL\AppData\LocalLow\Temp
2015-10-16 10:55 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache
2015-10-16 00:08 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-10-15 23:19 - 2006-11-02 05:33 - 00005900 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-15 23:08 - 2006-11-02 07:47 - 00421608 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-15 23:07 - 2009-10-31 19:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-10-15 23:01 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-10-15 23:01 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-15 22:55 - 2008-08-20 14:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-15 22:48 - 2010-06-05 05:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-10-15 22:23 - 2012-05-01 05:02 - 00001826 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-10-15 22:23 - 2011-09-27 05:03 - 00001945 _____ C:\Windows\epplauncher.mif
2015-10-15 22:22 - 2011-09-27 05:03 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-10-15 01:19 - 2008-01-01 13:47 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-15 00:55 - 2008-11-09 17:05 - 00000000 ____D C:\Users\AL
2015-10-14 22:44 - 2008-01-01 13:46 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-14 00:40 - 2010-01-30 23:43 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-14 00:40 - 2010-01-30 23:43 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-13 23:09 - 2010-04-24 20:51 - 00000000 ____D C:\Users\AL\Tracing
2015-10-13 23:04 - 2011-11-10 17:16 - 00000000 ____D C:\Windows\pss
2015-10-13 15:35 - 2011-08-11 14:10 - 00000000 ____D C:\Windows\Minidump
2015-10-13 15:35 - 2008-08-01 13:06 - 00000000 ____D C:\Windows\Panther
2015-10-13 14:56 - 2009-09-19 10:12 - 00000000 ____D C:\Program Files\Google
2015-10-13 14:45 - 2010-04-08 11:08 - 00000000 ____D C:\Program Files\Yahoo!
2015-10-13 14:45 - 2009-09-19 10:13 - 00000000 ____D C:\Users\AL\AppData\Local\Google
2015-10-13 14:43 - 2009-09-19 10:12 - 00000000 ____D C:\ProgramData\Google
2015-10-01 13:10 - 2006-11-02 06:18 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-10-01 08:21 - 2010-04-01 10:42 - 00003319 _____ C:\ProgramData\hpzinstall.log
2015-10-01 08:09 - 2010-10-23 22:43 - 00000000 ____D C:\Users\AL\AppData\Local\Windows Live
2015-09-30 21:35 - 2008-08-01 12:50 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2015-09-30 21:35 - 2008-08-01 12:50 - 00000000 ____D C:\Windows\system32\RTCOM
2015-09-30 21:35 - 2008-08-01 12:49 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-09-30 21:34 - 2009-12-19 09:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-30 21:33 - 2010-07-14 18:47 - 00000000 ____D C:\Users\AL\AppData\Roaming\mjusbsp

==================== Files in the root of some directories =======

2008-11-29 12:09 - 2012-06-21 15:54 - 0001060 _____ () C:\Users\AL\AppData\Roaming\wklnhst.dat
2009-06-11 22:59 - 2010-08-03 11:18 - 0015872 _____ () C:\Users\AL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-04-01 10:42 - 2015-10-01 08:21 - 0003319 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-16 11:24

==================== End of FRST.txt ============================


 Results of screen317's Security Check version 1.009  
 Windows Vista Service Pack 2 x86 (UAC is disabled!)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
Emsisoft Anti-Malware           
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 CCleaner     
 Java™ 6 Update 35  
 Java™ SE Runtime Environment 6
 Java version 32-bit out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Emsisoft Anti-Malware a2service.exe   
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 7 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

I truly hope I didn't screw your evaluation process up by rerunning FRST and Fix again.

After Restart now, the computer boots right into Vista without offering the former Boot Menu; everything seems to be fine except the HD is still constantly running.

Upon start after a Shut Down, it boots straight into Vista @ 1207...5 minutes later, without touching anything, the HD stops being constant and settles into a blink-blink for a half a minute or so, then switches into a rapidly blinking pattern. After a minute or two of that, the light goes back to a constant blink-blink, pauses that to steadily access the HD for 10-15 seconds, begins a constant single blink, and now the light is solidly lit with no blinks/interruptions. So, for 10 minutes now, the HD hasn't stopped being accessed.

One more Restart and it again loads straight into Vista, the touchpad is clicking normally, everything loads a little quicker this time - but the HD access issue remains.

If it wasn't for that issue, I'd say this computer is working fine.



#4 digitalia

digitalia
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 16 October 2015 - 01:26 PM

nasdaq:

 

Upon researching, I learn the HD is continually being accessed by Vista as a normal operating condition, so my concerns about that have been greatly alleviated.

 

Plus, this user has what I considered to be a gluttonous amount of programs on this computer, some of which I'm sure are always looking for attention. My advice to him will be to take the time to cleanup what he doesn't what to keep on it by uninstalling unnecessaries correctly (I'm confident he's technically able enough to fully handle that).

 

After all this time in constant use since my last post, with a number of Restarts and Shutdowns also, the computer seems to be consistently operating fine.

 

I consider this issue resolved, and I most surely cannot thank both you and Broni enough.

 

 

 

 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:29 PM

Posted 17 October 2015 - 08:05 AM

Your FRST log is clean.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.


You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 6 Update 35
Java SE Runtime Environment 6

===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#6 digitalia

digitalia
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 17 October 2015 - 01:54 PM

Will do, nasdaq. And thank you, again.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:29 PM

Posted 18 October 2015 - 08:29 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users