Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus possibly infecting computer, mouse issues


  • This topic is locked This topic is locked
14 replies to this topic

#1 sth0

sth0

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 14 August 2016 - 03:34 AM

Mouse is behaving HORRIBLY. The mouse is a plug in optical mouse, works fine in other computers.

 

I ran a Windows defender scan, came up with viruses. I removed them. I ran a SUPERAntiSpyware scan, nothing came up.

 

There is some other behavior like programs closing without prompt. Then the program doesn't ask if I want to save. For instance, in Gimp, I opened another file at the file location (Edit with Gimp) and Gimp shut down then restarted. It has never done that before.

 

I am getting upset, the mouse is randomly double clicking, taking three and four clicks to click on something, and causing havok.



BC AdBot (Login to Remove)

 


#2 sth0

sth0
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 14 August 2016 - 11:13 PM

Bump, not sure what the TAT is for advice but figured it wouldn't hurt. Thanks to anyone who can help, in advance. 



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 PM

Posted 19 August 2016 - 03:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/623372 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:05 AM

Posted 19 August 2016 - 05:26 PM

Hi sth0,

 

My name is TsVk!, but as that's unpronounceable you can call me John. I'll be helping you with your issue. :)

 

Just a few ground rules before we get started.

  • Please don't run any malware removal programs unless directed.
  • Please don't make any system changes unless directed.
  • Please copy and paste all logs in plain text straight into your reply, do not quote or attach logs.

These things are to make it easier for me to help you.

 

Let's get some information together first, please follow this guide from step 6.

 

Also, please be aware that I am still in training and everything that I say needs to be covered in detail with my instructor. This is a bonus for you because you have two sets of eyes on your thread, but you need to be aware this can take some time so my responses may take a day or so.

 

TsVk!



#5 sth0

sth0
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 19 August 2016 - 07:50 PM

Attached are the logs. 

Attached Files



#6 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:05 AM

Posted 19 August 2016 - 08:02 PM

Please note the 3 ground rules I highlighted.

 

Thanks.



#7 sth0

sth0
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 19 August 2016 - 08:38 PM

That is fine but just an FYI, the link you supplied said to attach them.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-08-2016
Ran by Nat (administrator) on COMPY3000 (19-08-2016 17:44:08)
Running from C:\Users\Nat\Documents
Loaded Profiles: Nat (Available Profiles: Nat)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-24] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-363858802-2581318266-289504888-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-07-24] (SUPERAntiSpyware)
HKU\S-1-5-21-363858802-2581318266-289504888-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-363858802-2581318266-289504888-1000\...\Run: [Amazon Music] => C:\Users\Nat\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-07] ()
HKU\S-1-5-21-363858802-2581318266-289504888-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-363858802-2581318266-289504888-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-363858802-2581318266-289504888-1000\...\MountPoints2: {d9ec8a3f-5845-11e3-a940-2c27d72f50e9} - E:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [60688 2015-12-01] (Apple Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2013-11-15]
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1       PLTPC33367A.ITSDO.SBC.COM # LMS GENERATED LINE
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C06ADCD6-BDAC-47F7-AF3A-F7DC7A156945}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchbomb.info/?pid=1691&r=2013/12/04&hid=8648821454365672047&lg=EN&cc=US&unqvl=42
HKU\S-1-5-21-363858802-2581318266-289504888-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://bing.com/
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchbomb.info/?l=1&q={searchTerms}&pid=1691&r=2013/12/04&hid=8648821454365672047&lg=EN&cc=US&unqvl=42
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-27] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-27] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-27] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-27] (Oracle Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchbomb.info/?pid=1691&r=2013/12/04&hid=8648821454365672047&lg=EN&cc=US&unqvl=42&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxps://www.google.com/
FF Keyword.URL: hxxp://websearch.searchbomb.info/?pid=1691&r=2013/12/04&hid=8648821454365672047&lg=EN&cc=US&unqvl=42&l=1&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-22] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll [2013-11-25] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-26] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems)
FF Plugin HKU\S-1-5-21-363858802-2581318266-289504888-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF SearchPlugin: C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default\searchplugins\bing-zugo.xml [2011-04-18]
FF SearchPlugin: C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default\searchplugins\WebSearch.xml [2014-05-21]
FF Extension: F5 Networks Host Plugin - C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2013-11-08] [not signed]
FF Extension: NoScript - C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-07-04]
FF Extension: SearchNewTab - C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default\Extensions\lzwxinzd@ctqkb.net [2013-12-04] [not signed]
FF Extension: YoutubeAdblocker - C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default\Extensions\okc5lzjm@ay-.net [2013-12-04] [not signed]
FF Extension: sUrF  and. keEpa - C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default\Extensions\w.ai7njiu@bb-qrdzat.com [2013-12-04] [not signed]
FF Extension: Expat Shield  - C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default\Extensions\{a060276a-53be-45ec-8ebe-b94b1e803179} [2014-11-17] [not signed]
FF Extension: Adblock Plus - C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-10]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "","hxxp://websearch.searchbomb.info/?pid=1691&r=2013/12/04&hid=8648821454365672047&lg=EN&cc=US&unqvl=42"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.286\pepflashplayer.dll => No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Profile: C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-11-08]
CHR Extension: (YoutubeBookmark) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfghhmdhdkjfepgbpffpbpkckeliepnb [2013-12-03]
CHR Extension: (Honey) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-08-18]
CHR Extension: (Blur) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2016-08-11]
CHR Extension: (Facebook for Chrome) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp [2015-09-18]
CHR Extension: (AdBlock) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-11]
CHR Extension: (Flixster) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2013-11-08]
CHR Extension: (Mahjong Words) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmefkohhpkdnaieghlijadogfapogebe [2015-03-25]
CHR Extension: (Google Theme) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\imoaoigekmpoalkbfohhjgkcocjdapne [2013-11-08]
CHR Extension: (New Years Mahjong) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnibopfmhebomhlcocnfafjkgchiflmf [2015-05-17]
CHR Extension: (PadMapper) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lljagjbdinjommccodelnfmkepbdoafl [2013-11-08]
CHR Extension: (Poppit!) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-08-16]
CHR Extension: (Mahjong Solitaire) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2015-05-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15]
CHR Extension: (Do Not Track Me Facebook) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\npgoeghcjfckbdjcllhhjjaceehjjomg [2013-11-08]
CHR Extension: (ScriptSafe) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2016-08-06]
CHR Extension: (Spring Mahjong) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohmgpjbkliggjliakneoaedilbaihhl [2015-05-17]
CHR Extension: (Chrome Media Router) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-11-20] (SUPERAntiSpyware.com)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-07-24] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe [75040 2008-09-05] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe [210720 2008-09-05] (Ralink Technology, Corp.)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-24] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-19 17:44 - 2016-08-19 17:44 - 00019421 _____ C:\Users\Nat\Documents\FRST.txt
2016-08-19 17:43 - 2016-08-19 17:44 - 00000000 ____D C:\FRST
2016-08-19 17:43 - 2016-08-19 17:43 - 02395648 _____ (Farbar) C:\Users\Nat\Documents\FRST64.exe
2016-08-16 17:26 - 2016-07-08 08:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-16 17:26 - 2016-07-08 08:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-14 15:23 - 2016-08-14 15:23 - 00070432 _____ C:\Users\Nat\AppData\Local\recently-used.xbel
2016-08-13 22:45 - 2016-08-17 20:21 - 00000000 ____D C:\Users\Nat\Desktop\labels-bpal
2016-08-11 19:52 - 2016-08-02 07:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-11 19:52 - 2016-08-02 07:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-11 19:52 - 2016-08-01 23:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-11 19:52 - 2016-08-01 23:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-11 19:52 - 2016-08-01 23:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-11 19:52 - 2016-08-01 23:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-11 19:52 - 2016-08-01 23:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-11 19:52 - 2016-08-01 23:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-11 19:52 - 2016-08-01 23:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-11 19:52 - 2016-08-01 23:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-11 19:52 - 2016-08-01 23:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-11 19:52 - 2016-08-01 23:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-11 19:52 - 2016-08-01 23:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-11 19:52 - 2016-08-01 23:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-11 19:52 - 2016-08-01 23:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-11 19:52 - 2016-08-01 23:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-11 19:52 - 2016-08-01 23:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-11 19:52 - 2016-08-01 23:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-11 19:52 - 2016-08-01 23:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-11 19:52 - 2016-08-01 23:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-11 19:52 - 2016-08-01 23:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-11 19:52 - 2016-08-01 23:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-11 19:52 - 2016-08-01 23:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-11 19:52 - 2016-08-01 22:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-11 19:52 - 2016-08-01 22:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-11 19:52 - 2016-08-01 22:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-11 19:52 - 2016-08-01 22:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-11 19:52 - 2016-08-01 22:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-11 19:52 - 2016-08-01 22:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-11 19:52 - 2016-08-01 22:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-11 19:52 - 2016-08-01 22:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-11 19:52 - 2016-08-01 22:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-11 19:52 - 2016-08-01 22:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-11 19:52 - 2016-08-01 22:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-11 19:52 - 2016-08-01 22:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-11 19:52 - 2016-08-01 22:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-11 19:52 - 2016-08-01 22:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-11 19:52 - 2016-08-01 22:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-11 19:52 - 2016-08-01 22:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-11 19:52 - 2016-08-01 22:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-11 19:52 - 2016-08-01 22:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-11 19:52 - 2016-08-01 22:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-11 19:52 - 2016-08-01 22:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-11 19:52 - 2016-08-01 22:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-11 19:52 - 2016-08-01 22:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-11 19:52 - 2016-08-01 22:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-11 19:52 - 2016-08-01 22:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-11 19:52 - 2016-08-01 22:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-11 19:52 - 2016-08-01 22:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-11 19:52 - 2016-08-01 22:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-11 19:52 - 2016-08-01 22:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-11 19:52 - 2016-08-01 22:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-11 19:52 - 2016-08-01 22:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-11 19:52 - 2016-08-01 22:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-11 19:52 - 2016-08-01 22:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-11 19:52 - 2016-08-01 22:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-11 19:52 - 2016-08-01 22:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-11 19:52 - 2016-08-01 22:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-11 19:52 - 2016-08-01 22:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-11 19:52 - 2016-08-01 22:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-11 19:52 - 2016-08-01 22:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-11 19:52 - 2016-08-01 22:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-11 19:52 - 2016-08-01 21:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-11 19:52 - 2016-08-01 21:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-11 19:52 - 2016-08-01 21:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-11 19:52 - 2016-08-01 21:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-11 19:25 - 2016-07-08 08:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-11 19:25 - 2016-07-08 08:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-11 19:25 - 2016-07-08 08:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-11 19:25 - 2016-07-08 08:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-11 19:25 - 2016-07-08 08:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-11 19:25 - 2016-07-08 08:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-11 19:25 - 2016-07-08 08:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-11 19:25 - 2016-07-08 07:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-11 19:25 - 2016-07-08 07:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-11 19:25 - 2016-07-08 07:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-11 19:25 - 2016-07-08 07:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-11 19:25 - 2016-07-08 07:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-11 19:25 - 2016-07-08 07:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-07-30 12:08 - 2016-07-30 12:08 - 00510296 _____ C:\Windows\Minidump\073016-23774-01.dmp
2016-07-20 22:22 - 2016-07-20 22:22 - 00164352 _____ C:\Windows\SysWOW64\SpoonUninstall.exe
2016-07-20 22:22 - 2016-07-20 22:22 - 00012330 _____ C:\Windows\SysWOW64\SpoonUninstall-Jardinains!.dat
2016-07-20 22:22 - 2016-07-20 22:22 - 00001040 _____ C:\Users\Nat\Desktop\Play Jardinains!.lnk
2016-07-20 22:22 - 2016-07-20 22:22 - 00000000 ____D C:\Users\Nat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jardinains!
2016-07-20 22:22 - 2016-07-20 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jardinains!
2016-07-20 22:22 - 2016-07-20 22:21 - 00082996 _____ C:\Windows\SysWOW64\SpoonUninstall-Jardinains!.bmp
2016-07-20 22:21 - 2016-07-20 22:22 - 00000000 ____D C:\Program Files (x86)\Jardinains
2016-07-20 22:02 - 2016-07-20 22:04 - 04647761 _____ C:\Users\Nat\Documents\jardinains_1_2.exe
2016-07-20 21:49 - 2016-07-20 21:57 - 00000632 __RSH C:\Users\Nat\ntuser.pol
2016-07-20 03:01 - 2016-07-20 03:01 - 00000000 ____D C:\Windows\EOONotify
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-19 17:39 - 2013-11-08 14:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-19 17:39 - 2013-11-08 14:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-19 06:18 - 2009-07-13 21:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-19 06:18 - 2009-07-13 21:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-19 06:10 - 2014-06-15 20:58 - 00000000 ____D C:\Users\Nat\AppData\Local\Adobe
2016-08-18 21:03 - 2013-11-08 14:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-17 19:00 - 2013-11-08 18:34 - 00000000 ____D C:\Users\Nat\Desktop\stuff
2016-08-14 15:29 - 2013-11-10 09:01 - 00000000 ____D C:\Users\Nat\.gimp-2.8
2016-08-14 15:04 - 2013-11-13 16:36 - 00000000 ____D C:\Users\Nat\AppData\Local\gtk-2.0
2016-08-14 01:53 - 2013-11-08 13:24 - 00228200 _____ C:\Users\Nat\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-12 18:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-08-12 03:30 - 2009-07-13 21:45 - 00757728 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-12 03:26 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-12 03:08 - 2013-11-09 20:29 - 00000000 ____D C:\Windows\system32\MRT
2016-08-12 03:01 - 2013-11-09 20:29 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-08 16:49 - 2013-11-08 14:55 - 00002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 16:49 - 2013-11-08 14:55 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-07 12:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-05 05:45 - 2016-03-24 10:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-05 05:44 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicyUsers
2016-08-03 17:55 - 2013-11-08 18:26 - 00000000 ____D C:\Users\Nat\AppData\Roaming\Canon
2016-07-30 12:08 - 2013-11-09 18:53 - 00000000 ____D C:\Windows\Minidump
2016-07-30 12:07 - 2013-11-08 15:04 - 731267176 _____ C:\Windows\MEMORY.DMP
2016-07-28 18:08 - 2013-12-05 06:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-07-27 12:25 - 2010-11-20 20:27 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-26 20:58 - 2013-11-08 14:54 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-26 20:58 - 2013-11-08 14:54 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-20 21:57 - 2013-11-08 13:24 - 00000000 ____D C:\Users\Nat
2016-07-20 21:49 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-07-20 03:00 - 2015-04-05 00:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-20 03:00 - 2015-04-05 00:01 - 00000000 ___SD C:\Windows\system32\GWX
 
==================== Files in the root of some directories =======
 
2015-12-03 17:10 - 2015-12-03 17:10 - 6420480 _____ () C:\Program Files (x86)\GUT1C35.tmp
2013-11-17 21:12 - 2013-11-17 21:12 - 12788736 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-11-08 18:24 - 2011-06-04 09:05 - 0001849 _____ () C:\Users\Nat\AppData\Roaming\GhostObjGAFix.xml
2013-11-08 20:58 - 2016-05-13 19:30 - 0022528 _____ () C:\Users\Nat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-14 15:23 - 2016-08-14 15:23 - 0070432 _____ () C:\Users\Nat\AppData\Local\recently-used.xbel
2013-11-08 20:58 - 2015-04-04 16:41 - 0007607 _____ () C:\Users\Nat\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Nat\AppData\Local\Temp\aacdec.exe
C:\Users\Nat\AppData\Local\Temp\burnsetup.exe
C:\Users\Nat\AppData\Local\Temp\flacdec2.exe
C:\Users\Nat\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Nat\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Nat\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Nat\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Nat\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Nat\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Nat\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Nat\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Nat\AppData\Local\Temp\SAS6_Update.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-16 06:23
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-08-2016
Ran by Nat (19-08-2016 17:44:53)
Running from C:\Users\Nat\Documents
Windows 7 Professional Service Pack 1 (X64) (2013-11-08 20:24:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-363858802-2581318266-289504888-500 - Administrator - Disabled)
Guest (S-1-5-21-363858802-2581318266-289504888-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-363858802-2581318266-289504888-1002 - Limited - Enabled)
Nat (S-1-5-21-363858802-2581318266-289504888-1000 - Administrator - Enabled) => C:\Users\Nat
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.6.147 - Adobe Systems, Inc.)
Amazon Music (HKU\S-1-5-21-363858802-2581318266-289504888-1000\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bookworm Deluxe (HKLM-x32\...\{1E3C853A-699D-4EDC-89C6-A58D69C05E61}) (Version: 1.13.0.0 - PopCap Games)
calibre (HKLM-x32\...\{17429B3C-DC4B-4ED8-BBEA-CF14BD6203C5}) (Version: 1.28.0 - Kovid Goyal)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - )
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
ComicRack v0.9.160 (HKLM\...\ComicRack) (Version: v0.9.160 - cYo Soft)
Core FTP LE (HKLM-x32\...\CoreFTP) (Version:  - )
FileZilla Client 3.10.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.0.2 - Tim Kosse)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP Softpaq SP45367  (HKLM-x32\...\SP45367) (Version:  - )
HP Softpaq SP45411  (HKLM-x32\...\SP45411) (Version:  - )
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
iMazing 1.1.0.0 (HKLM\...\iMazing_is1) (Version: 1.1.0.0 - DigiDNA)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel Processor Diagnostic Tool 64Bit (HKLM\...\{6D3B2650-6767-49B6-A63E-CD410C653B05}) (Version: 17.0.0 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Network Connections 18.7.28.0 (HKLM\...\PROSetDX) (Version: 18.7.28.0 - Intel)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Jardinains! (HKLM-x32\...\Jardinains!) (Version:  - )
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
MahJong Suite 2014 v11.0 (HKLM-x32\...\MahJong Suite_is1) (Version: 11.0 - TreeCardGames)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.2.0.6025 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 en-US)) (Version: 45.2.0 - Mozilla)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.0.9.0 - Ralink)
Shadowrun Returns version + Dragonfall v1.2.0 (HKLM-x32\...\Shadowrun Returns_is1) (Version: + Dragonfall v1.2.0 - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1042 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-363858802-2581318266-289504888-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {094A0E54-9DC6-45CC-A60C-FDC9B54BF9C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {4BEBAA95-5126-411F-892E-29B57B48BC21} - System32\Tasks\{C635E8B7-B3CD-4DB0-AE90-81D3E849EF0D} => pcalua.exe -a C:\Users\Nat\AppData\Local\Temp\Temp1_FWRT54G-TM_SetupWizard1.6.zip\WRT54G-TMSetupWizard1.6\SetupWizard.exe <==== ATTENTION
Task: {4E11D0FD-4B62-457A-B148-8BD91C7BA6D4} - System32\Tasks\{7528B3A3-2F54-4BBC-B864-4E769971A01E} => pcalua.exe -a C:\Users\Nat\Documents\MX_dreamweaver6-setup.exe -d C:\Users\Nat\Documents
Task: {5E7D6210-ED2B-4E61-B314-211153FD4751} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {85425A3E-CFA9-48D1-91F3-E2E7A3448B4B} - System32\Tasks\{0F19B017-8A98-4BE7-9CF5-1C1DA55F2619} => pcalua.exe -a C:\Users\Nat\Desktop\win7_64_1512754.exe -d C:\Users\Nat\Desktop
Task: {97BC1343-10AC-4C87-B3AE-C35E2EC0F703} - System32\Tasks\AdobeAAMUpdater-1.0-Compy3000-Nat => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {BD004557-B3C4-425D-92B4-57FA0D694E97} - System32\Tasks\{3D0C4F5A-2D43-47E3-A67F-F5BF9765F0F6} => Chrome.exe hxxp://ui.skype.com/ui/0/6.11.0.102/en/abandoninstall?source=lightinstaller&amp;page=tsPlugin
Task: {C0BD6BAC-E37C-478C-9CA5-B4814FA46464} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {E714576E-E7E9-425B-AB0A-9ECFC9EE1715} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {E9CE7D90-ECC7-45D8-AC6D-4EDBB4328A67} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Nat\AppData\Local\Microsoft\Windows\GameExplorer\{4922F54F-AE3E-46F7-8DD1-26BE8BDAF64D}\SupportTasks\1\Support.lnk -> hxxp://www.sierra.com/support/
Shortcut: C:\Users\Nat\AppData\Local\Microsoft\Windows\GameExplorer\{4922F54F-AE3E-46F7-8DD1-26BE8BDAF64D}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.pharaoh1.com/intro_index.shtml/
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-07-16 08:06 - 2014-07-16 08:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-12-08 03:10 - 2014-12-08 03:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2016-03-18 19:56 - 2016-03-18 19:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 19:56 - 2016-03-18 19:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-21 06:26 - 2009-07-24 11:29 - 00077824 _____ () C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2016-03-18 19:56 - 2016-03-18 19:56 - 01040656 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-18 19:56 - 2016-03-18 19:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-08-08 16:49 - 2016-08-02 17:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 16:49 - 2016-08-02 17:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2015-01-16 08:34 - 2015-01-16 08:34 - 00039200 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 09:41 - 2014-05-24 09:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 09:41 - 2014-05-24 09:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2013-03-21 06:26 - 00000888 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       PLTPC33367A.ITSDO.SBC.COM # LMS GENERATED LINE
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-363858802-2581318266-289504888-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass FF RunOnce.lnk => C:\Windows\pss\Install LastPass FF RunOnce.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{BCE0FA47-F121-4F85-B821-FEB7E0E86D03}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{5C50A118-56F5-4740-88D1-75564DCE8E12}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{479A0358-EE66-45C6-8BC7-A97EF9D24B7B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{E40F08F6-A0FA-4E0D-920E-7D68A96CF148}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{948B4139-377A-4ACB-A9E3-A16CCAE2827E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EAA78AD8-86C0-4C92-9CA8-79C81F5B3C75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6C09D935-D689-4E97-BAA0-4D32AA3E6F19}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B254C41E-A7BB-48A2-A797-B28210BBC1F2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{5C71DF14-34C4-48CB-97F9-4AD88EE26920}C:\program files (x86)\ea games\american mcgee's alice\alice.exe] => (Allow) C:\program files (x86)\ea games\american mcgee's alice\alice.exe
FirewallRules: [UDP Query User{E28129BE-04E7-4F7C-86B7-EC2E1C2390F0}C:\program files (x86)\ea games\american mcgee's alice\alice.exe] => (Allow) C:\program files (x86)\ea games\american mcgee's alice\alice.exe
FirewallRules: [{0877123F-D838-4686-AC7D-CD1EBDA6EB0B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{9FDD8FB9-6601-4BEC-9C2C-120DD9BCE3F8}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe
FirewallRules: [UDP Query User{2AE4ED55-8986-4C33-AFD0-8DD987A891D8}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe
FirewallRules: [TCP Query User{95FC2AA8-5F62-41E5-BB2C-756B8662E577}C:\users\nat\desktop\a cool philosophical game\the stanley parable\stanley.exe] => (Block) C:\users\nat\desktop\a cool philosophical game\the stanley parable\stanley.exe
FirewallRules: [UDP Query User{C070B6A6-2E96-4EDF-B55B-8B1E3698A78D}C:\users\nat\desktop\a cool philosophical game\the stanley parable\stanley.exe] => (Block) C:\users\nat\desktop\a cool philosophical game\the stanley parable\stanley.exe
FirewallRules: [{E2B30718-BE02-46E5-B996-583EE0B3D87F}] => (Allow) C:\Program Files (x86)\Origin Games\Bookworm Deluxe\Bookworm.exe
FirewallRules: [{F6541678-EE2A-42DD-81EF-475C7B708C19}] => (Allow) C:\Program Files (x86)\Origin Games\Bookworm Deluxe\Bookworm.exe
FirewallRules: [TCP Query User{FA64E88C-4147-4969-A07A-61DF9C70E9D6}C:\program files (x86)\shadowrun returns\shadowrun.exe] => (Block) C:\program files (x86)\shadowrun returns\shadowrun.exe
FirewallRules: [UDP Query User{4B3A002C-4FB1-4908-AF59-FC646D7CD8FD}C:\program files (x86)\shadowrun returns\shadowrun.exe] => (Block) C:\program files (x86)\shadowrun returns\shadowrun.exe
FirewallRules: [TCP Query User{BBEC80E2-F5F0-4778-B37E-EEABFA416B48}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe
FirewallRules: [UDP Query User{17D91D0A-258F-4153-9032-68F36ABE15F9}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe
FirewallRules: [TCP Query User{8C8617F3-E0F7-4C8C-8ED8-7C66C24D85C9}C:\program files (x86)\shadowrun returns\shadowrun.exe] => (Block) C:\program files (x86)\shadowrun returns\shadowrun.exe
FirewallRules: [UDP Query User{5D4F67E1-4694-4403-B90C-42858BDA2915}C:\program files (x86)\shadowrun returns\shadowrun.exe] => (Block) C:\program files (x86)\shadowrun returns\shadowrun.exe
FirewallRules: [{8A9A1FC1-C90E-4139-9D9E-36D2A62C5B41}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5AAD39B3-01D3-4C05-8F08-A135E19CD269}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B4FE136B-BBEF-40A9-8800-AC0C41CB7256}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0FA56742-3946-42AB-BB79-BC4A8BF760E4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DC051F7F-4831-4A7D-BCE0-4037066FD848}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0BC144DB-4F1D-4879-9165-1173B7BF39D0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
07-08-2016 12:51:54 Windows Update
12-08-2016 03:00:30 Windows Update
17-08-2016 03:00:32 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/19/2016 06:38:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8518
 
Error: (08/19/2016 06:38:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8518
 
Error: (08/19/2016 06:38:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/19/2016 06:38:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7395
 
Error: (08/19/2016 06:38:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7395
 
Error: (08/19/2016 06:38:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/19/2016 06:38:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6365
 
Error: (08/19/2016 06:38:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6365
 
Error: (08/19/2016 06:38:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/19/2016 06:38:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5367
 
 
System errors:
=============
Error: (08/15/2016 06:15:23 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.225.3926.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.9.0218.00
 
Source Path: 4.9.0218.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (08/15/2016 06:15:23 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.225.3926.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.9.0218.00
 
Source Path: 4.9.0218.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (08/12/2016 03:31:50 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (08/12/2016 03:29:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PROSet Monitoring Service service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
Error: (08/12/2016 03:29:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® PROSet Monitoring Service service to connect.
 
Error: (08/12/2016 03:29:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
Error: (08/12/2016 03:29:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device Service service to connect.
 
Error: (08/12/2016 03:28:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
 
Error: (07/30/2016 12:08:06 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8006653660, 0xfffff800040054d0)C:\Windows\MEMORY.DMP073016-23774-01
 
Error: (07/30/2016 12:08:06 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:06:09 PM on ‎7/‎30/‎2016 was unexpected.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E8500 @ 3.16GHz
Percentage of memory in use: 28%
Total physical RAM: 8063.25 MB
Available physical RAM: 5731.16 MB
Total Virtual: 16124.68 MB
Available Virtual: 11273.36 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:698.54 GB) (Free:524.54 GB) NTFS
Drive l: (System) (Fixed) (Total:0.09 GB) (Free:0.05 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 843CCCC5)
Partition 1: (Active) - (Size=95 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#8 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:05 AM

Posted 20 August 2016 - 06:22 PM

Hi sth0,

 

Let's fix your mouse problem first.

  • Click the Windows start button and search for "Device Manager.", click it.
  • Click the arrow next to "Mice and Other Pointing Devices."
  • Right-click the mouse and select "Properties."
  • Click the "Driver" tab in the Properties window.
  • Click "Uninstall" from the bottom of the list, click "OK."
  • OK the warning that you are about to uninstall the device.

Your machine will automatically shut down after about 10 seconds. Your mouse will reinstall on next boot.

 

 

i5r8d1.jpg  Please create a new text file located in the same directory as FRST.exe, copy these lines into it and then save it.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchbomb.info/?pid=1691&r=2013/12/04&hid=8648821454365672047&lg=EN&cc=US&unqvl=42
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchbomb.info/?l=1&q={searchTerms}&pid=1691&r=2013/12/04&hid=8648821454365672047&lg=EN&cc=US&unqvl=42
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchbomb.info/?pid=1691&r=2013/12/04&hid=8648821454365672047&lg=EN&cc=US&unqvl=42&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Keyword.URL: hxxp://websearch.searchbomb.info/?pid=1691&r=2013/12/04&hid=8648821454365672047&lg=EN&cc=US&unqvl=42&l=1&q=
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-363858802-2581318266-289504888-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF SearchPlugin: C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default\searchplugins\WebSearch.xml [2014-05-21]
FF Extension: SearchNewTab - C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default\Extensions\lzwxinzd@ctqkb.net [2013-12-04] [not signed]
FF Extension: sUrF and. keEpa - C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default\Extensions\w.ai7njiu@bb-qrdzat.com [2013-12-04] [not signed]
FF Extension: Expat Shield - C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default\Extensions\{a060276a-53be-45ec-8ebe-b94b1e803179} [2014-11-17] [not signed]
CHR StartupUrls: Default -> "","hxxp://websearch.searchbomb.info/?pid=1691&r=2013/12/04&hid=8648821454365672047&lg=EN&cc=US&unqvl=42"
CHR Plugin: (Shockwave Flash) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.286\pepflashplayer.dll => No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CustomCLSID: HKU\S-1-5-21-363858802-2581318266-289504888-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll => No File
FirewallRules: [{BCE0FA47-F121-4F85-B821-FEB7E0E86D03}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{5C50A118-56F5-4740-88D1-75564DCE8E12}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{479A0358-EE66-45C6-8BC7-A97EF9D24B7B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{E40F08F6-A0FA-4E0D-920E-7D68A96CF148}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [TCP Query User{5C71DF14-34C4-48CB-97F9-4AD88EE26920}C:\program files (x86)\ea games\american mcgee's alice\alice.exe] => (Allow) C:\program files (x86)\ea games\american mcgee's alice\alice.exe
FirewallRules: [UDP Query User{E28129BE-04E7-4F7C-86B7-EC2E1C2390F0}C:\program files (x86)\ea games\american mcgee's alice\alice.exe] => (Allow) C:\program files (x86)\ea games\american mcgee's alice\alice.exe
FirewallRules: [TCP Query User{95FC2AA8-5F62-41E5-BB2C-756B8662E577}C:\users\nat\desktop\a cool philosophical game\the stanley parable\stanley.exe] => (Block) C:\users\nat\desktop\a cool philosophical game\the stanley parable\stanley.exe
FirewallRules: [UDP Query User{C070B6A6-2E96-4EDF-B55B-8B1E3698A78D}C:\users\nat\desktop\a cool philosophical game\the stanley parable\stanley.exe] => (Block) C:\users\nat\desktop\a cool philosophical game\the stanley parable\stanley.exe
  • Now name that file fixlist.txt
  • Please run FRST
  • Click the "fix" button.
  • Please note the removal log.

Now let's run an additional scan just to be sure.

  • Click on "Scan"
  • Wait for the results to appear.

Please note the logs to copy and paste into your next reply.

 

29bgcgg.jpg  Please download AdwCleaner and save to your Desktop.

  • Right click and "Run as Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Report button...a logfile will open in Notepad for review.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool, or you can save it to the desktop to be easily found for your reply.

Please let me know if this application removes something you want to keep on your system

 

Please copy and paste the logs.

 

TsVk!



#9 sth0

sth0
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 22 August 2016 - 08:45 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Nat (administrator) on COMPY3000 (22-08-2016 18:35:12)
Running from C:\Users\Nat\Documents
Loaded Profiles: Nat (Available Profiles: Nat)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Users\Nat\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-24] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-363858802-2581318266-289504888-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-07-24] (SUPERAntiSpyware)
HKU\S-1-5-21-363858802-2581318266-289504888-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-363858802-2581318266-289504888-1000\...\Run: [Amazon Music] => C:\Users\Nat\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-07] ()
HKU\S-1-5-21-363858802-2581318266-289504888-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-363858802-2581318266-289504888-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-363858802-2581318266-289504888-1000\...\MountPoints2: {d9ec8a3f-5845-11e3-a940-2c27d72f50e9} - E:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [60688 2015-12-01] (Apple Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2013-11-15]
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1       PLTPC33367A.ITSDO.SBC.COM # LMS GENERATED LINE
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C06ADCD6-BDAC-47F7-AF3A-F7DC7A156945}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-363858802-2581318266-289504888-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://bing.com/
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchbomb.info/?l=1&q={searchTerms}&pid=1691&r=2013/12/04&hid=8648821454365672047&lg=EN&cc=US&unqvl=42
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-27] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-27] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-27] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-27] (Oracle Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default
FF Homepage: hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-22] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll [2013-11-25] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-26] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems)
FF SearchPlugin: C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default\searchplugins\bing-zugo.xml [2011-04-18]
FF SearchPlugin: C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default\searchplugins\WebSearch.xml [2014-05-21]
FF Extension: F5 Networks Host Plugin - C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2013-11-08] [not signed]
FF Extension: NoScript - C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-07-04]
FF Extension: YoutubeAdblocker - C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default\Extensions\okc5lzjm@ay-.net [2013-12-04] [not signed]
FF Extension: Adblock Plus - C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-10]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.286\pepflashplayer.dll => No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Profile: C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-11-08]
CHR Extension: (YoutubeBookmark) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfghhmdhdkjfepgbpffpbpkckeliepnb [2013-12-03]
CHR Extension: (Honey) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-08-22]
CHR Extension: (Blur) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2016-08-11]
CHR Extension: (Facebook for Chrome) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp [2015-09-18]
CHR Extension: (AdBlock) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-11]
CHR Extension: (Flixster) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2013-11-08]
CHR Extension: (Mahjong Words) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmefkohhpkdnaieghlijadogfapogebe [2015-03-25]
CHR Extension: (Google Theme) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\imoaoigekmpoalkbfohhjgkcocjdapne [2013-11-08]
CHR Extension: (New Years Mahjong) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnibopfmhebomhlcocnfafjkgchiflmf [2015-05-17]
CHR Extension: (PadMapper) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lljagjbdinjommccodelnfmkepbdoafl [2013-11-08]
CHR Extension: (Poppit!) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-08-16]
CHR Extension: (Mahjong Solitaire) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2015-05-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15]
CHR Extension: (Do Not Track Me Facebook) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\npgoeghcjfckbdjcllhhjjaceehjjomg [2013-11-08]
CHR Extension: (ScriptSafe) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2016-08-06]
CHR Extension: (Spring Mahjong) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohmgpjbkliggjliakneoaedilbaihhl [2015-05-17]
CHR Extension: (Chrome Media Router) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-11-20] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-07-24] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe [75040 2008-09-05] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe [210720 2008-09-05] (Ralink Technology, Corp.)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-24] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-22 18:34 - 2016-08-22 18:34 - 00007967 _____ C:\Users\Nat\Documents\Fixlog.txt
2016-08-22 18:34 - 2016-08-22 18:34 - 00000000 ____D C:\Users\Nat\Documents\FRST-OlderVersion
2016-08-21 22:00 - 2016-08-21 22:00 - 00092805 _____ C:\Users\Nat\AppData\Local\recently-used.xbel
2016-08-21 16:36 - 2016-08-21 16:36 - 00023898 _____ C:\Users\Nat\Desktop\HipsterishFontNormal.zip
2016-08-21 16:26 - 2016-08-21 16:26 - 01835305 _____ C:\Users\Nat\Desktop\Nita.zip
2016-08-21 16:26 - 2016-08-21 16:26 - 00010535 _____ C:\Users\Nat\Desktop\Nevis-Bold.zip
2016-08-21 16:25 - 2016-08-21 16:25 - 00019050 _____ C:\Users\Nat\Desktop\kara_ben_nemsi.zip
2016-08-21 16:20 - 2016-08-21 16:20 - 00027071 _____ C:\Users\Nat\Desktop\Arabic-Magic.zip
2016-08-21 16:18 - 2016-08-21 16:18 - 00022307 _____ C:\Users\Nat\Desktop\Aaron-with-a-Marker.zip
2016-08-21 16:17 - 2016-08-21 16:17 - 00123324 _____ C:\Users\Nat\Desktop\A-Brush-No.zip
2016-08-21 16:15 - 2016-08-21 16:15 - 00175191 _____ C:\Users\Nat\Desktop\1873-Winchester.zip
2016-08-21 16:12 - 2016-08-21 16:12 - 00075982 _____ C:\Users\Nat\Desktop\Achilles.zip
2016-08-21 16:11 - 2016-08-21 16:11 - 00018409 _____ C:\Users\Nat\Desktop\nu.zip
2016-08-21 16:10 - 2016-08-21 16:10 - 00150365 _____ C:\Users\Nat\Desktop\Carnivalee-Freakshow.zip
2016-08-21 16:10 - 2016-08-21 16:10 - 00089442 _____ C:\Users\Nat\Desktop\CBGBFontSolid.zip
2016-08-21 16:10 - 2016-08-21 16:10 - 00036978 _____ C:\Users\Nat\Desktop\Brandywine.zip
2016-08-21 16:10 - 2016-08-21 16:10 - 00026562 _____ C:\Users\Nat\Desktop\Fraulein.zip
2016-08-21 16:07 - 2016-08-21 16:07 - 00028827 _____ C:\Users\Nat\Desktop\Antartic.zip
2016-08-21 16:07 - 2016-08-21 16:07 - 00011063 _____ C:\Users\Nat\Desktop\BikerfromHell.zip
2016-08-21 16:06 - 2016-08-21 16:06 - 00177573 _____ C:\Users\Nat\Desktop\Bosox.zip
2016-08-21 16:01 - 2016-08-21 16:01 - 00017876 _____ C:\Users\Nat\Desktop\initials_with_curls.zip
2016-08-21 15:54 - 2016-08-21 15:54 - 00044298 _____ C:\Users\Nat\Desktop\RomanWoodcut.zip
2016-08-21 15:53 - 2016-08-21 15:53 - 00131889 _____ C:\Users\Nat\Desktop\20th Century Woodcut.zip
2016-08-19 17:44 - 2016-08-22 18:35 - 00016178 _____ C:\Users\Nat\Documents\FRST.txt
2016-08-19 17:44 - 2016-08-19 17:45 - 00027315 _____ C:\Users\Nat\Documents\Addition.txt
2016-08-19 17:43 - 2016-08-22 18:35 - 00000000 ____D C:\FRST
2016-08-19 17:43 - 2016-08-22 18:34 - 02396672 _____ (Farbar) C:\Users\Nat\Documents\FRST64.exe
2016-08-16 17:26 - 2016-07-08 08:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-16 17:26 - 2016-07-08 08:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-13 22:45 - 2016-08-17 20:21 - 00000000 ____D C:\Users\Nat\Desktop\labels-bpal
2016-08-11 19:52 - 2016-08-02 07:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-11 19:52 - 2016-08-02 07:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-11 19:52 - 2016-08-01 23:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-11 19:52 - 2016-08-01 23:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-11 19:52 - 2016-08-01 23:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-11 19:52 - 2016-08-01 23:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-11 19:52 - 2016-08-01 23:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-11 19:52 - 2016-08-01 23:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-11 19:52 - 2016-08-01 23:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-11 19:52 - 2016-08-01 23:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-11 19:52 - 2016-08-01 23:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-11 19:52 - 2016-08-01 23:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-11 19:52 - 2016-08-01 23:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-11 19:52 - 2016-08-01 23:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-11 19:52 - 2016-08-01 23:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-11 19:52 - 2016-08-01 23:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-11 19:52 - 2016-08-01 23:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-11 19:52 - 2016-08-01 23:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-11 19:52 - 2016-08-01 23:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-11 19:52 - 2016-08-01 23:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-11 19:52 - 2016-08-01 23:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-11 19:52 - 2016-08-01 23:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-11 19:52 - 2016-08-01 23:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-11 19:52 - 2016-08-01 22:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-11 19:52 - 2016-08-01 22:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-11 19:52 - 2016-08-01 22:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-11 19:52 - 2016-08-01 22:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-11 19:52 - 2016-08-01 22:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-11 19:52 - 2016-08-01 22:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-11 19:52 - 2016-08-01 22:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-11 19:52 - 2016-08-01 22:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-11 19:52 - 2016-08-01 22:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-11 19:52 - 2016-08-01 22:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-11 19:52 - 2016-08-01 22:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-11 19:52 - 2016-08-01 22:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-11 19:52 - 2016-08-01 22:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-11 19:52 - 2016-08-01 22:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-11 19:52 - 2016-08-01 22:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-11 19:52 - 2016-08-01 22:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-11 19:52 - 2016-08-01 22:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-11 19:52 - 2016-08-01 22:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-11 19:52 - 2016-08-01 22:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-11 19:52 - 2016-08-01 22:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-11 19:52 - 2016-08-01 22:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-11 19:52 - 2016-08-01 22:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-11 19:52 - 2016-08-01 22:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-11 19:52 - 2016-08-01 22:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-11 19:52 - 2016-08-01 22:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-11 19:52 - 2016-08-01 22:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-11 19:52 - 2016-08-01 22:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-11 19:52 - 2016-08-01 22:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-11 19:52 - 2016-08-01 22:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-11 19:52 - 2016-08-01 22:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-11 19:52 - 2016-08-01 22:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-11 19:52 - 2016-08-01 22:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-11 19:52 - 2016-08-01 22:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-11 19:52 - 2016-08-01 22:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-11 19:52 - 2016-08-01 22:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-11 19:52 - 2016-08-01 22:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-11 19:52 - 2016-08-01 22:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-11 19:52 - 2016-08-01 22:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-11 19:52 - 2016-08-01 22:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-11 19:52 - 2016-08-01 21:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-11 19:52 - 2016-08-01 21:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-11 19:52 - 2016-08-01 21:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-11 19:52 - 2016-08-01 21:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-11 19:25 - 2016-07-08 08:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-11 19:25 - 2016-07-08 08:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-11 19:25 - 2016-07-08 08:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-11 19:25 - 2016-07-08 08:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-11 19:25 - 2016-07-08 08:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-11 19:25 - 2016-07-08 08:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-11 19:25 - 2016-07-08 08:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-11 19:25 - 2016-07-08 08:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-11 19:25 - 2016-07-08 08:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-11 19:25 - 2016-07-08 07:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-11 19:25 - 2016-07-08 07:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-11 19:25 - 2016-07-08 07:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-11 19:25 - 2016-07-08 07:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-11 19:25 - 2016-07-08 07:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-11 19:25 - 2016-07-08 07:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-07-30 12:08 - 2016-07-30 12:08 - 00510296 _____ C:\Windows\Minidump\073016-23774-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-22 18:30 - 2013-11-08 14:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-22 18:29 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-22 18:28 - 2009-07-13 21:45 - 00759360 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-22 18:23 - 2013-11-10 09:01 - 00000000 ____D C:\Users\Nat\.gimp-2.8
2016-08-22 18:03 - 2013-11-08 14:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-22 17:49 - 2013-11-08 14:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-22 17:15 - 2009-07-13 21:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-22 17:15 - 2009-07-13 21:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-22 17:10 - 2014-06-15 20:58 - 00000000 ____D C:\Users\Nat\AppData\Local\Adobe
2016-08-21 21:57 - 2013-11-13 16:36 - 00000000 ____D C:\Users\Nat\AppData\Local\gtk-2.0
2016-08-21 19:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-17 19:00 - 2013-11-08 18:34 - 00000000 ____D C:\Users\Nat\Desktop\stuff
2016-08-14 01:53 - 2013-11-08 13:24 - 00228200 _____ C:\Users\Nat\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-12 18:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-08-12 03:08 - 2013-11-09 20:29 - 00000000 ____D C:\Windows\system32\MRT
2016-08-12 03:01 - 2013-11-09 20:29 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-08 16:49 - 2013-11-08 14:55 - 00002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 16:49 - 2013-11-08 14:55 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-05 05:45 - 2016-03-24 10:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-05 05:44 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicyUsers
2016-08-03 17:55 - 2013-11-08 18:26 - 00000000 ____D C:\Users\Nat\AppData\Roaming\Canon
2016-07-30 12:08 - 2013-11-09 18:53 - 00000000 ____D C:\Windows\Minidump
2016-07-30 12:07 - 2013-11-08 15:04 - 731267176 _____ C:\Windows\MEMORY.DMP
2016-07-28 18:08 - 2013-12-05 06:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-07-27 12:25 - 2010-11-20 20:27 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-26 20:58 - 2013-11-08 14:54 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-26 20:58 - 2013-11-08 14:54 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2015-12-03 17:10 - 2015-12-03 17:10 - 6420480 _____ () C:\Program Files (x86)\GUT1C35.tmp
2013-11-17 21:12 - 2013-11-17 21:12 - 12788736 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-11-08 18:24 - 2011-06-04 09:05 - 0001849 _____ () C:\Users\Nat\AppData\Roaming\GhostObjGAFix.xml
2013-11-08 20:58 - 2016-05-13 19:30 - 0022528 _____ () C:\Users\Nat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-21 22:00 - 2016-08-21 22:00 - 0092805 _____ () C:\Users\Nat\AppData\Local\recently-used.xbel
2013-11-08 20:58 - 2015-04-04 16:41 - 0007607 _____ () C:\Users\Nat\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Nat\AppData\Local\Temp\aacdec.exe
C:\Users\Nat\AppData\Local\Temp\burnsetup.exe
C:\Users\Nat\AppData\Local\Temp\flacdec2.exe
C:\Users\Nat\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Nat\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Nat\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Nat\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Nat\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Nat\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Nat\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Nat\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Nat\AppData\Local\Temp\SAS6_Update.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-16 06:23
 
==================== End of FRST.txt ============================
 
# AdwCleaner v6.000 - Logfile created 22/08/2016 at 18:39:25
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-22.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Nat - COMPY3000
# Running from : C:\Users\Nat\Desktop\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\ProgramData\3c266bb0e2526684
Folder Found:  C:\ProgramData\surf and keep
Folder Found:  C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfghhmdhdkjfepgbpffpbpkckeliepnb
Folder Found:  C:\Users\Nat\AppData\Local\Conduit
Folder Found:  C:\Users\Nat\AppData\LocalLow\Conduit
Folder Found:  C:\Users\Nat\AppData\LocalLow\PriceGong
Folder Found:  C:\ProgramData\QuickSet
Folder Found:  C:\ProgramData\Application Data\QuickSet
 
 
***** [ Files ] *****
 
File Found:  C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default\searchplugins\WebSearch.xml
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKU\S-1-5-21-363858802-2581318266-289504888-1000\Software\Softonic
Key Found:  HKU\S-1-5-21-363858802-2581318266-289504888-1000\Software\AppDataLow\SProtector
Key Found:  HKCU\Software\Softonic
Key Found:  HKCU\Software\AppDataLow\SProtector
Key Found:  HKLM\SOFTWARE\SP Global
Key Found:  HKLM\SOFTWARE\SProtector
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [2028 Bytes] - [22/08/2016 18:39:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2101 Bytes] ##########
 


#10 sth0

sth0
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 22 August 2016 - 08:46 PM

Also, my computer did not reboot when I uninstalled the mouse. I rebooted it manually and my mouse continues to malfunction.



#11 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:05 AM

Posted 23 August 2016 - 09:30 PM

Hi sth0,

 

Could you please post the fix log that was generated by FRST when you ran the fixlist.

 

TsVk!



#12 sth0

sth0
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 25 August 2016 - 08:00 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-08-2016
Ran by Nat (19-08-2016 17:44:53)
Running from C:\Users\Nat\Documents
Windows 7 Professional Service Pack 1 (X64) (2013-11-08 20:24:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-363858802-2581318266-289504888-500 - Administrator - Disabled)
Guest (S-1-5-21-363858802-2581318266-289504888-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-363858802-2581318266-289504888-1002 - Limited - Enabled)
Nat (S-1-5-21-363858802-2581318266-289504888-1000 - Administrator - Enabled) => C:\Users\Nat
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.6.147 - Adobe Systems, Inc.)
Amazon Music (HKU\S-1-5-21-363858802-2581318266-289504888-1000\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bookworm Deluxe (HKLM-x32\...\{1E3C853A-699D-4EDC-89C6-A58D69C05E61}) (Version: 1.13.0.0 - PopCap Games)
calibre (HKLM-x32\...\{17429B3C-DC4B-4ED8-BBEA-CF14BD6203C5}) (Version: 1.28.0 - Kovid Goyal)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - )
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
ComicRack v0.9.160 (HKLM\...\ComicRack) (Version: v0.9.160 - cYo Soft)
Core FTP LE (HKLM-x32\...\CoreFTP) (Version:  - )
FileZilla Client 3.10.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.0.2 - Tim Kosse)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP Softpaq SP45367  (HKLM-x32\...\SP45367) (Version:  - )
HP Softpaq SP45411  (HKLM-x32\...\SP45411) (Version:  - )
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
iMazing 1.1.0.0 (HKLM\...\iMazing_is1) (Version: 1.1.0.0 - DigiDNA)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel Processor Diagnostic Tool 64Bit (HKLM\...\{6D3B2650-6767-49B6-A63E-CD410C653B05}) (Version: 17.0.0 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Network Connections 18.7.28.0 (HKLM\...\PROSetDX) (Version: 18.7.28.0 - Intel)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Jardinains! (HKLM-x32\...\Jardinains!) (Version:  - )
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
MahJong Suite 2014 v11.0 (HKLM-x32\...\MahJong Suite_is1) (Version: 11.0 - TreeCardGames)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.2.0.6025 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 en-US)) (Version: 45.2.0 - Mozilla)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.0.9.0 - Ralink)
Shadowrun Returns version + Dragonfall v1.2.0 (HKLM-x32\...\Shadowrun Returns_is1) (Version: + Dragonfall v1.2.0 - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1042 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-363858802-2581318266-289504888-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {094A0E54-9DC6-45CC-A60C-FDC9B54BF9C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {4BEBAA95-5126-411F-892E-29B57B48BC21} - System32\Tasks\{C635E8B7-B3CD-4DB0-AE90-81D3E849EF0D} => pcalua.exe -a C:\Users\Nat\AppData\Local\Temp\Temp1_FWRT54G-TM_SetupWizard1.6.zip\WRT54G-TMSetupWizard1.6\SetupWizard.exe <==== ATTENTION
Task: {4E11D0FD-4B62-457A-B148-8BD91C7BA6D4} - System32\Tasks\{7528B3A3-2F54-4BBC-B864-4E769971A01E} => pcalua.exe -a C:\Users\Nat\Documents\MX_dreamweaver6-setup.exe -d C:\Users\Nat\Documents
Task: {5E7D6210-ED2B-4E61-B314-211153FD4751} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {85425A3E-CFA9-48D1-91F3-E2E7A3448B4B} - System32\Tasks\{0F19B017-8A98-4BE7-9CF5-1C1DA55F2619} => pcalua.exe -a C:\Users\Nat\Desktop\win7_64_1512754.exe -d C:\Users\Nat\Desktop
Task: {97BC1343-10AC-4C87-B3AE-C35E2EC0F703} - System32\Tasks\AdobeAAMUpdater-1.0-Compy3000-Nat => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {BD004557-B3C4-425D-92B4-57FA0D694E97} - System32\Tasks\{3D0C4F5A-2D43-47E3-A67F-F5BF9765F0F6} => Chrome.exe hxxp://ui.skype.com/ui/0/6.11.0.102/en/abandoninstall?source=lightinstaller&amp;page=tsPlugin
Task: {C0BD6BAC-E37C-478C-9CA5-B4814FA46464} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {E714576E-E7E9-425B-AB0A-9ECFC9EE1715} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {E9CE7D90-ECC7-45D8-AC6D-4EDBB4328A67} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Nat\AppData\Local\Microsoft\Windows\GameExplorer\{4922F54F-AE3E-46F7-8DD1-26BE8BDAF64D}\SupportTasks\1\Support.lnk -> hxxp://www.sierra.com/support/
Shortcut: C:\Users\Nat\AppData\Local\Microsoft\Windows\GameExplorer\{4922F54F-AE3E-46F7-8DD1-26BE8BDAF64D}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.pharaoh1.com/intro_index.shtml/
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-07-16 08:06 - 2014-07-16 08:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-12-08 03:10 - 2014-12-08 03:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2016-03-18 19:56 - 2016-03-18 19:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 19:56 - 2016-03-18 19:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-21 06:26 - 2009-07-24 11:29 - 00077824 _____ () C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2016-03-18 19:56 - 2016-03-18 19:56 - 01040656 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-18 19:56 - 2016-03-18 19:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-08-08 16:49 - 2016-08-02 17:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 16:49 - 2016-08-02 17:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2015-01-16 08:34 - 2015-01-16 08:34 - 00039200 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 09:41 - 2014-05-24 09:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 09:41 - 2014-05-24 09:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2013-03-21 06:26 - 00000888 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       PLTPC33367A.ITSDO.SBC.COM # LMS GENERATED LINE
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-363858802-2581318266-289504888-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass FF RunOnce.lnk => C:\Windows\pss\Install LastPass FF RunOnce.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{BCE0FA47-F121-4F85-B821-FEB7E0E86D03}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{5C50A118-56F5-4740-88D1-75564DCE8E12}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{479A0358-EE66-45C6-8BC7-A97EF9D24B7B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{E40F08F6-A0FA-4E0D-920E-7D68A96CF148}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{948B4139-377A-4ACB-A9E3-A16CCAE2827E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EAA78AD8-86C0-4C92-9CA8-79C81F5B3C75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6C09D935-D689-4E97-BAA0-4D32AA3E6F19}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B254C41E-A7BB-48A2-A797-B28210BBC1F2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{5C71DF14-34C4-48CB-97F9-4AD88EE26920}C:\program files (x86)\ea games\american mcgee's alice\alice.exe] => (Allow) C:\program files (x86)\ea games\american mcgee's alice\alice.exe
FirewallRules: [UDP Query User{E28129BE-04E7-4F7C-86B7-EC2E1C2390F0}C:\program files (x86)\ea games\american mcgee's alice\alice.exe] => (Allow) C:\program files (x86)\ea games\american mcgee's alice\alice.exe
FirewallRules: [{0877123F-D838-4686-AC7D-CD1EBDA6EB0B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{9FDD8FB9-6601-4BEC-9C2C-120DD9BCE3F8}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe
FirewallRules: [UDP Query User{2AE4ED55-8986-4C33-AFD0-8DD987A891D8}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe
FirewallRules: [TCP Query User{95FC2AA8-5F62-41E5-BB2C-756B8662E577}C:\users\nat\desktop\a cool philosophical game\the stanley parable\stanley.exe] => (Block) C:\users\nat\desktop\a cool philosophical game\the stanley parable\stanley.exe
FirewallRules: [UDP Query User{C070B6A6-2E96-4EDF-B55B-8B1E3698A78D}C:\users\nat\desktop\a cool philosophical game\the stanley parable\stanley.exe] => (Block) C:\users\nat\desktop\a cool philosophical game\the stanley parable\stanley.exe
FirewallRules: [{E2B30718-BE02-46E5-B996-583EE0B3D87F}] => (Allow) C:\Program Files (x86)\Origin Games\Bookworm Deluxe\Bookworm.exe
FirewallRules: [{F6541678-EE2A-42DD-81EF-475C7B708C19}] => (Allow) C:\Program Files (x86)\Origin Games\Bookworm Deluxe\Bookworm.exe
FirewallRules: [TCP Query User{FA64E88C-4147-4969-A07A-61DF9C70E9D6}C:\program files (x86)\shadowrun returns\shadowrun.exe] => (Block) C:\program files (x86)\shadowrun returns\shadowrun.exe
FirewallRules: [UDP Query User{4B3A002C-4FB1-4908-AF59-FC646D7CD8FD}C:\program files (x86)\shadowrun returns\shadowrun.exe] => (Block) C:\program files (x86)\shadowrun returns\shadowrun.exe
FirewallRules: [TCP Query User{BBEC80E2-F5F0-4778-B37E-EEABFA416B48}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe
FirewallRules: [UDP Query User{17D91D0A-258F-4153-9032-68F36ABE15F9}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe
FirewallRules: [TCP Query User{8C8617F3-E0F7-4C8C-8ED8-7C66C24D85C9}C:\program files (x86)\shadowrun returns\shadowrun.exe] => (Block) C:\program files (x86)\shadowrun returns\shadowrun.exe
FirewallRules: [UDP Query User{5D4F67E1-4694-4403-B90C-42858BDA2915}C:\program files (x86)\shadowrun returns\shadowrun.exe] => (Block) C:\program files (x86)\shadowrun returns\shadowrun.exe
FirewallRules: [{8A9A1FC1-C90E-4139-9D9E-36D2A62C5B41}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5AAD39B3-01D3-4C05-8F08-A135E19CD269}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B4FE136B-BBEF-40A9-8800-AC0C41CB7256}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0FA56742-3946-42AB-BB79-BC4A8BF760E4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DC051F7F-4831-4A7D-BCE0-4037066FD848}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0BC144DB-4F1D-4879-9165-1173B7BF39D0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
07-08-2016 12:51:54 Windows Update
12-08-2016 03:00:30 Windows Update
17-08-2016 03:00:32 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/19/2016 06:38:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8518
 
Error: (08/19/2016 06:38:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8518
 
Error: (08/19/2016 06:38:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/19/2016 06:38:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7395
 
Error: (08/19/2016 06:38:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7395
 
Error: (08/19/2016 06:38:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/19/2016 06:38:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6365
 
Error: (08/19/2016 06:38:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6365
 
Error: (08/19/2016 06:38:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/19/2016 06:38:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5367
 
 
System errors:
=============
Error: (08/15/2016 06:15:23 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.225.3926.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.9.0218.00
 
Source Path: 4.9.0218.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (08/15/2016 06:15:23 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.225.3926.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.9.0218.00
 
Source Path: 4.9.0218.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (08/12/2016 03:31:50 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (08/12/2016 03:29:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PROSet Monitoring Service service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
Error: (08/12/2016 03:29:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® PROSet Monitoring Service service to connect.
 
Error: (08/12/2016 03:29:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
Error: (08/12/2016 03:29:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device Service service to connect.
 
Error: (08/12/2016 03:28:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
 
Error: (07/30/2016 12:08:06 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8006653660, 0xfffff800040054d0)C:\Windows\MEMORY.DMP073016-23774-01
 
Error: (07/30/2016 12:08:06 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:06:09 PM on ‎7/‎30/‎2016 was unexpected.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E8500 @ 3.16GHz
Percentage of memory in use: 28%
Total physical RAM: 8063.25 MB
Available physical RAM: 5731.16 MB
Total Virtual: 16124.68 MB
Available Virtual: 11273.36 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:698.54 GB) (Free:524.54 GB) NTFS
Drive l: (System) (Fixed) (Total:0.09 GB) (Free:0.05 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 843CCCC5)
Partition 1: (Active) - (Size=95 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#13 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:05 AM

Posted 26 August 2016 - 12:54 AM

Hi sth0,

 
You may choose to print these instructions out to make it easier for yourself
 
Please check your installed programs, if these appear in the list please uninstall them

  • Youtube Ad Blocker
  • Poppit!

Then...
 
i5r8d1.jpg  Please create a new text file located in the same directory as FRST.exe, copy these lines into it and then save it.

SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchbomb.info/?l=1&q={searchTerms}&pid=1691&r=2013/12/04&hid=8648821454365672047&lg=EN&cc=US&unqvl=42
FF SearchPlugin: C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default\searchplugins\WebSearch.xml [2014-05-21]
FF Extension: YoutubeAdblocker - C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\m6ozom06.default\Extensions\okc5lzjm@ay-.net [2013-12-04] [not signed]
CHR Plugin: (Shockwave Flash) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.286\pepflashplayer.dll => No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Extension: (YoutubeBookmark) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfghhmdhdkjfepgbpffpbpkckeliepnb [2013-12-03]
CHR Extension: (Poppit!) - C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-08-16]
CustomCLSID: HKU\S-1-5-21-363858802-2581318266-289504888-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll => No File
Task: {4BEBAA95-5126-411F-892E-29B57B48BC21} - System32\Tasks\{C635E8B7-B3CD-4DB0-AE90-81D3E849EF0D} => pcalua.exe -a C:\Users\Nat\AppData\Local\Temp\Temp1_FWRT54G-TM_SetupWizard1.6.zip\WRT54G-TMSetupWizard1.6\SetupWizard.exe <==== ATTENTION
  • Now name that file fixlist.txt
  • Please run FRST
  • Click the "fix" button.
  • Please note the removal log.

29bgcgg.jpg  Please download AdwCleaner and save to your Desktop. (if you have removed your previous copy)

  • Right click and "Run as Administrator"
  • Click on the Scan button.
  • After the scan has finished, click Clean
  • Click on the Report button...a logfile will open in Notepad for review.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool, or you can save it to the desktop to be easily found for your reply.

 

2zh1g08.jpg  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Right click and "Run as Administrator".
  • The tool will open and start scanning your system.
  • On completion a log will open, note the saved JRT.txt on your desktop to copy into your reply

2hrmr9e.jpg  Please download rKill to your desktop.

  • Right click the file > Run As Administrator.
  • If you have any difficulty running the the tool please use an alternative from this page
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

Now let's look at your mouse.

 

Please unplug both your mouse and keyboard. Wait about 30 seconds and re-insert them. Does the problem resolve?

 

if not...

 

Do you have another mouse and keyboard you can try? Does the problem resolve?

 

if not...

 

Please remove the keyboard driver and then the mouse driver, then unplug both devices from your machine. Press the power button to shut down. When you boot your machine again please let it get to the login page before re-attaching the devices. Does the mouse work correctly now?

 

If not please let me know the manufacturer and model of your PC.

 
 
Please include these in your reply.

  • fixlog from FRST
  • log from AdwCleaner
  • log from JRT
  • mouse problem resolved?
  • machine behavior now?

 
TsVk!



#14 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:05 AM

Posted 29 August 2016 - 04:11 PM

Hi sth0,

 

It's been more than 3 days, do you still require assistance?

 

Please reply or this thread may be closed in 2 days.

 

TsVk!



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:05 PM

Posted 31 August 2016 - 04:39 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users