Windows 7 hacked

Welcome To PCHF.

Instructions Part 1 Diagnostic Scan With FRST:

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu"

https://www.pchelpforum.net/attachments/icon2-jpg.112/

If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.

https://www.pchelpforum.net/attachme...aimer-jpg.113/
[ol]
[li]Accept the default whitelist options,[/li][li]If the additions.txt options box is not checked please select it. [/li]
[li]Then select “Scan”[/li][/ol]

https://www.pchelpforum.net/attachments/frst-jpg.114/

Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

https://www.pchelpforum.net/attachme...52002-jpg.115/

Please Copy and Paste the contents of these logs in your next post for review by our Security Team

[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-11-2016
Ran by Cheryl’s (06-11-2016 15:24:18)
Running from C:\Users\Cheryl’s\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-07-22 05:28:50)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-132226090-40037206-190124982-500 - Administrator - Disabled)
Cheryl’s (S-1-5-21-132226090-40037206-190124982-1000 - Administrator - Enabled) => C:\Users\Cheryl’s
Guest (S-1-5-21-132226090-40037206-190124982-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-132226090-40037206-190124982-1000...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM...{17A7AA54-B23B-22B7-CDD5-C51122056415}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM...{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM...{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM...{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM...{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.86 - Broadcom Corporation)
Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
ePub Reader for Windows version 5.3 (HKLM...{BFBA7F3A-1F10-4754-ADEC-A8CFBB4F925B}_is1) (Version: 5.3 - HANSoft, Inc.)
Google Chrome (HKLM...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Gpg4win (2.3.2) (HKLM...\GPG4Win) (Version: 2.3.2 - The Gpg4win Project)
HP Support Solutions Framework (HKLM...{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.32.37 - HP Inc.)
IDT Audio (HKLM...{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel(R) Display Audio Driver (HKLM...{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM...{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM...{558C7B3E-84D0-4215-96EA-29282037F69D}) (Version: 12.4.3.1 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maple 2015 (HKLM...\Maple 2015) (Version: 2015 - Maplesoft)
Microsoft .NET Framework 4.5.2 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM...{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM...{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 en-GB) (HKLM...\Mozilla Firefox 49.0.2 (x86 en-GB)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 49.0.2 - Mozilla)
MPC-HC 1.7.10 (HKLM...{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.10 - MPC-HC Team)
PlaysTV (HKLM...\PlaysTV) (Version: 1.16.3-r117977-trunk - Plays.tv, LLC)
Potplayer (HKLM...\PotPlayer) (Version: - Kakao Corp.)
PX Profile Update (Version: 1.00.1. - AMD) Hidden
Raptr (HKLM...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
Realtek Ethernet Controller Driver (HKLM...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM...{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.85 - Realtek Semiconductor Corp.)
Synaptics TouchPad Driver (HKLM...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-132226090-40037206-190124982-1000...\WinDirStat) (Version: - )
WinPcap 4.1.3 (HKLM...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.2.1 (32-bit) (HKLM...\Wireshark) (Version: 2.2.1 - The Wireshark developer community, hxxps://www.wireshark.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00CD3D72-1071-485C-95C5-5F825C52F534} - System32\Tasks{00C9150D-D9B1-4577-97FA-00F48424807A} => pcalua.exe -a C:\Users\Cheryl’s\Documents\sp54841.exe -d C:\Users\Cheryl’s\Documents
Task: {28A91346-8F34-423C-A491-C0B25D298C79} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {635A2D1F-E105-4942-9F36-2A227E99C4B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-22] (Google Inc.)
Task: {72B617A2-8660-476D-955C-348D996F925C} - System32\Tasks\HPCeeScheduleForCheryl’s => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: {787473E9-9F45-4087-BB1B-BF9FDD6ACBF3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {C5E62E23-35EB-4FC9-82ED-8975E5ABB4C8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.)
Task: {C8DB2471-C01B-4653-8A87-470B1D756C6F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-22] (Google Inc.)
Task: {D85A20A8-2762-4AC9-A11D-66A81BE3E913} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-26] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCheryl’s.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-05 16:24 - 2016-07-05 16:24 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 16:23 - 2016-07-05 16:23 - 01041208 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-05 21:50 - 2016-07-05 21:50 - 00216576 _____ () C:\Program Files\GNU\GnuPG\dirmngr.exe
2016-07-05 21:38 - 2016-07-05 21:38 - 00222720 _____ () C:\Program Files\GNU\GnuPG\libksba-8.dll
2016-07-05 21:32 - 2016-07-05 21:32 - 00103424 _____ () C:\Program Files\GNU\GnuPG\libgpg-error-0.dll
2016-07-05 21:27 - 2016-07-05 21:27 - 00050176 _____ () C:\Program Files\GNU\GnuPG\libw32pth-0.dll
2016-07-05 21:38 - 2016-07-05 21:38 - 00073728 _____ () C:\Program Files\GNU\GnuPG\libassuan-0.dll
2016-07-05 21:41 - 2016-07-05 21:41 - 00750592 _____ () C:\Program Files\GNU\GnuPG\libgcrypt-20.dll
2016-09-14 07:07 - 2016-09-14 07:07 - 00033280 _____ () C:\Program Files\Raptr Inc\PlaysTV\cx_Logging.cp35-win32.pyd
2016-08-16 09:38 - 2016-08-16 09:38 - 00103424 _____ () C:\Program Files\Raptr Inc\PlaysTV\win32api.pyd
2016-01-12 09:11 - 2016-01-12 09:11 - 00111616 _____ () C:\Program Files\Raptr Inc\PlaysTV\pywintypes35.dll
2016-08-16 09:38 - 2016-08-16 09:38 - 00041984 _____ () C:\Program Files\Raptr Inc\PlaysTV\win32process.pyd
2016-01-12 09:12 - 2016-01-12 09:12 - 00405504 _____ () C:\Program Files\Raptr Inc\PlaysTV\pythoncom35.dll
2016-08-16 09:38 - 2016-08-16 09:38 - 00173568 _____ () C:\Program Files\Raptr Inc\PlaysTV\win32gui.pyd
2016-08-16 09:33 - 2016-08-16 09:33 - 01934336 _____ () C:\Program Files\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2016-08-16 09:33 - 2016-08-16 09:33 - 00077824 _____ () C:\Program Files\Raptr Inc\PlaysTV\sip.pyd
2016-08-16 09:33 - 2016-08-16 09:33 - 01780736 _____ () C:\Program Files\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2016-08-16 09:33 - 2016-08-16 09:33 - 00505856 _____ () C:\Program Files\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2016-08-16 09:33 - 2016-08-16 09:33 - 03812864 _____ () C:\Program Files\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2010-11-23 09:56 - 2010-11-23 09:56 - 00087040 _____ () C:\Program Files\Raptr Inc\Raptr_ctypes.pyd
2010-11-23 09:56 - 2010-11-23 09:56 - 00043008 _____ () C:\Program Files\Raptr Inc\Raptr_socket.pyd
2010-11-23 09:56 - 2010-11-23 09:56 - 00805376 _____ () C:\Program Files\Raptr Inc\Raptr_ssl.pyd
2014-05-14 10:26 - 2014-05-14 10:26 - 05812736 _____ () C:\Program Files\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2014-05-14 10:26 - 2014-05-14 10:26 - 00067584 _____ () C:\Program Files\Raptr Inc\Raptr\sip.pyd
2014-05-14 10:26 - 2014-05-14 10:26 - 01662464 _____ () C:\Program Files\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2014-05-14 10:26 - 2014-05-14 10:26 - 00494592 _____ () C:\Program Files\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2010-11-23 09:57 - 2010-11-23 09:57 - 00096256 _____ () C:\Program Files\Raptr Inc\Raptr\win32api.pyd
2010-11-23 09:56 - 2010-11-23 09:56 - 00110592 _____ () C:\Program Files\Raptr Inc\Raptr\pywintypes26.dll
2010-11-23 09:56 - 2010-11-23 09:56 - 00010240 _____ () C:\Program Files\Raptr Inc\Raptr\select.pyd
2010-11-23 09:56 - 2010-11-23 09:56 - 00356864 _____ () C:\Program Files\Raptr Inc\Raptr_hashlib.pyd
2010-11-23 09:57 - 2010-11-23 09:57 - 00036352 _____ () C:\Program Files\Raptr Inc\Raptr\win32process.pyd
2010-11-23 09:57 - 2010-11-23 09:57 - 00111104 _____ () C:\Program Files\Raptr Inc\Raptr\win32file.pyd
2010-11-23 09:56 - 2010-11-23 09:56 - 00044544 _____ () C:\Program Files\Raptr Inc\Raptr_sqlite3.pyd
2011-02-16 05:17 - 2011-02-16 05:17 - 00417501 _____ () C:\Program Files\Raptr Inc\Raptr\sqlite3.dll
2010-11-23 09:57 - 2010-11-23 09:57 - 00167936 _____ () C:\Program Files\Raptr Inc\Raptr\win32gui.pyd
2014-05-14 10:26 - 2014-05-14 10:26 - 00313856 _____ () C:\Program Files\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2010-11-23 09:56 - 2010-11-23 09:56 - 00127488 _____ () C:\Program Files\Raptr Inc\Raptr\pyexpat.pyd
2010-11-23 09:56 - 2010-11-23 09:56 - 00009216 _____ () C:\Program Files\Raptr Inc\Raptr\winsound.pyd
2015-10-22 07:29 - 2015-10-22 07:29 - 00113171 _____ () C:\Program Files\Raptr Inc\Raptr\libvlc.dll
2015-10-22 07:29 - 2015-10-22 07:29 - 02396691 _____ () C:\Program Files\Raptr Inc\Raptr\libvlccore.dll
2010-11-23 09:56 - 2010-11-23 09:56 - 00583680 _____ () C:\Program Files\Raptr Inc\Raptr\unicodedata.pyd
2010-11-23 09:56 - 2010-11-23 09:56 - 00324608 _____ () C:\Program Files\Raptr Inc\Raptr\PIL._imaging.pyd
2015-06-27 10:09 - 2015-06-27 10:09 - 00271872 _____ () C:\Program Files\Raptr Inc\Raptr\amd_ags.dll
2010-11-23 09:57 - 2010-11-23 09:57 - 00141312 _____ () C:\Program Files\Raptr Inc\Raptr\gobject._gobject.pyd
2016-04-20 04:08 - 2016-04-20 04:08 - 02717595 _____ () C:\Program Files\Raptr Inc\Raptr\heliotrope._purple.pyd
2011-02-16 05:17 - 2011-02-16 05:17 - 01213633 _____ () C:\Program Files\Raptr Inc\Raptr\libxml2-2.dll
2010-11-23 10:06 - 2010-11-23 10:06 - 00055808 _____ () C:\Program Files\Raptr Inc\Raptr\zlib1.dll
2013-05-10 10:52 - 2013-05-10 10:52 - 00495680 _____ () C:\Program Files\Raptr Inc\Raptr\plugins\libaim.dll
2013-05-10 10:52 - 2013-05-10 10:52 - 01183699 _____ () C:\Program Files\Raptr Inc\Raptr\liboscar.dll
2013-05-10 10:52 - 2013-05-10 10:52 - 00483306 _____ () C:\Program Files\Raptr Inc\Raptr\plugins\libicq.dll
2013-05-04 05:57 - 2013-05-04 05:57 - 00655356 _____ () C:\Program Files\Raptr Inc\Raptr\plugins\libirc.dll
2013-05-04 05:56 - 2013-05-04 05:56 - 01306387 _____ () C:\Program Files\Raptr Inc\Raptr\plugins\libmsn.dll
2013-05-04 05:56 - 2013-05-04 05:56 - 00565461 _____ () C:\Program Files\Raptr Inc\Raptr\plugins\libxmpp.dll
2013-05-04 05:57 - 2013-05-04 05:57 - 01640221 _____ () C:\Program Files\Raptr Inc\Raptr\libjabber.dll
2013-05-04 05:56 - 2013-05-04 05:56 - 00506276 _____ () C:\Program Files\Raptr Inc\Raptr\plugins\libyahoo.dll
2013-05-04 05:57 - 2013-05-04 05:57 - 01053730 _____ () C:\Program Files\Raptr Inc\Raptr\libymsg.dll
2013-05-04 05:57 - 2013-05-04 05:57 - 00497782 _____ () C:\Program Files\Raptr Inc\Raptr\plugins\libyahoojp.dll
2013-05-04 05:57 - 2013-05-04 05:57 - 00603326 _____ () C:\Program Files\Raptr Inc\Raptr\plugins\ssl-nss.dll
2013-05-04 05:57 - 2013-05-04 05:57 - 00474199 _____ () C:\Program Files\Raptr Inc\Raptr\plugins\ssl.dll
2016-09-20 15:22 - 2016-09-20 15:22 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Isd iInterop\61a733954a0da9a5988d596c76b2b891\IsdiInte rop.ni.dll
2016-09-20 15:22 - 2011-01-12 18:56 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2016-11-02 20:25 - 2016-11-02 20:25 - 17771200 _____ () C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.205\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” value will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:04 - 2009-06-11 08:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-132226090-40037206-190124982-1000\Control Panel\Desktop\Wallpaper →
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{90B0CB85-5429-4221-AEF6-7E5321CE191B}] => (Allow) C:\Users\Cheryl’s\AppData\Roaming\uTorrent\uTorren t.exe
FirewallRules: [{E8AD40AF-DAD4-406C-97D9-DB88123B9726}] => (Allow) C:\Users\Cheryl’s\AppData\Roaming\uTorrent\uTorren t.exe
FirewallRules: [{598C0EF4-9452-407B-BA2F-1233F73BCE47}] => (Allow) C:\Users\Cheryl’s\AppData\Roaming\uTorrent\uTorren t.exe
FirewallRules: [{57E54D07-4F63-4266-B99E-250558AA7F6F}] => (Allow) C:\Users\Cheryl’s\AppData\Roaming\uTorrent\uTorren t.exe
FirewallRules: [{5CADCB09-9DCD-4440-85A8-3BA3BCCF0CCC}] => (Allow) C:\Users\Cheryl’s\AppData\Roaming\uTorrent\uTorren t.exe
FirewallRules: [{7B5A04E6-E25B-48ED-9F00-AD06F0789FA6}] => (Allow) C:\Users\Cheryl’s\AppData\Roaming\uTorrent\uTorren t.exe
FirewallRules: [{1D4AAF67-8331-450D-ADE6-990EB74B09AC}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe
FirewallRules: [TCP Query User{39FE57D9-8402-4B94-B776-8FF16B4BEE94}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{9003D6C2-7436-4381-B2AB-0D866C815DDB}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [{63592DB6-769E-494B-877A-73546B38314F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CDE132CF-90AF-4F44-804C-5C6E8FA29BA2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5DD29B9C-3CAC-4175-8EF4-6C1A38B001EA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{45B3521A-855D-4E0D-8225-B47CA1B61063}C:\program files\maple 2015\jre\bin\javaw.exe] => (Allow) C:\program files\maple 2015\jre\bin\javaw.exe
FirewallRules: [UDP Query User{270F02CC-4E85-4CC0-BBAE-CA4C67F9297A}C:\program files\maple 2015\jre\bin\javaw.exe] => (Allow) C:\program files\maple 2015\jre\bin\javaw.exe
FirewallRules: [{AFA6411C-3E37-44E1-98A2-3F780BA8AE13}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{B9EDFAAA-AA5A-4F7A-8B37-DBDAA62F708D}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{43A298BF-BEA0-45B9-901C-BD9A16AA3598}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{9A18AB4F-E16C-4F88-B228-EB471BB4BFD3}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{7303DC4B-F97D-4423-9360-8F1838C14589}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{6122A876-6D11-4E1E-8CA0-AC2672CA2EDE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{87696CD9-D48B-44A4-84D4-86E54646E2B7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3741C776-F5B4-467A-92C2-07D347A0F801}] => (Allow) C:\Program Files\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{D4984AE6-D2D0-4B61-BCE8-251C61B82FC0}] => (Allow) C:\Program Files\Raptr Inc\PlaysTV\playstv.exe

==================== Restore Points =========================

17-10-2016 00:06:09 Scheduled Checkpoint
21-10-2016 16:31:08 JRT Pre-Junkware Removal
21-10-2016 21:58:44 Removed HP Support Assistant.
04-11-2016 00:38:24 Scheduled Checkpoint
04-11-2016 20:38:52 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
06-11-2016 08:47:23 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
06-11-2016 09:27:59 Windows Update

==================== Faulty Device Manager Devices =============

Name: BCM20702A0
Description: BCM20702A0
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

Name: AMD Radeon HD 7400M Series
Description: AMD Radeon HD 7400M Series
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (11/06/2016 02:12:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3207771

Error: (11/06/2016 02:12:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3207771

Error: (11/06/2016 02:12:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2016 02:12:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3206679

Error: (11/06/2016 02:12:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3206679

Error: (11/06/2016 02:12:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2016 02:12:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13525

Error: (11/06/2016 02:12:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13525

Error: (11/06/2016 01:19:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/04/2016 08:37:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RIconMan.exe, version: 1.3.9.1, time stamp: 0x4e5df0a1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1434
Faulting application start time: 0x01d2367f0d94c144
Faulting application path: C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
Faulting module path: unknown
Report Id: 521d3160-a272-11e6-b797-101f74b16e49
[HEADING=1]System errors:[/HEADING]
Error: (11/06/2016 09:33:38 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:31:11 AM on ‎6/‎11/‎2016 was unexpected.

Error: (11/06/2016 08:13:25 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:11:27 AM on ‎6/‎11/‎2016 was unexpected.

Error: (11/06/2016 04:21:36 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:43:18 PM on ‎4/‎11/‎2016 was unexpected.

Error: (11/04/2016 08:34:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:56:38 AM on ‎4/‎11/‎2016 was unexpected.

Error: (11/03/2016 11:57:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:56:06 PM on ‎3/‎11/‎2016 was unexpected.

Error: (11/03/2016 11:39:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:35:36 PM on ‎3/‎11/‎2016 was unexpected.

Error: (11/03/2016 11:14:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:13:06 PM on ‎3/‎11/‎2016 was unexpected.

Error: (11/03/2016 11:08:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:02:54 PM on ‎3/‎11/‎2016 was unexpected.

Error: (11/03/2016 10:54:02 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:19:58 PM on ‎3/‎11/‎2016 was unexpected.

Error: (11/03/2016 08:42:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:45:13 AM on ‎3/‎11/‎2016 was unexpected.

==================== Memory info ===========================

Processor: Intel(R) Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 68%
Total physical RAM: 2509.86 MB
Available physical RAM: 788.07 MB
Total Virtual: 5018.04 MB
Available Virtual: 2042.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:576.66 GB) (Free:176.4 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:15.34 GB) (Free:1.7 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
Drive h: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 7C9631CA)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=576.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-11-2016
Ran by Cheryl’s (administrator) on CHERYLS-PC (06-11-2016 15:23:54)
Running from C:\Users\Cheryl’s\Desktop
Loaded Profiles: Cheryl’s (Available Profiles: Cheryl’s)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Copyright (c) 2016 Plays.tv, LLC) C:\Program Files\Raptr Inc\PlaysTV\plays_service.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Raptr, Inc) C:\Program Files\Raptr Inc\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files\Raptr Inc\Raptr\raptr_im.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-07-26] (Apple Inc.)
HKLM...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM...\Run: [Raptr] => C:\Program Files\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-29] (Raptr, Inc)
HKLM...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [536668 2016-09-20] (IDT, Inc.)
HKLM...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2295080 2011-10-01] (Synaptics Incorporated)
HKU\S-1-5-18...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-07-31] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip..\Interfaces{9DBD8FFC-D2C4-4F22-88C5-D3DF9103C9CF}: [DhcpNameServer] 192.168.2.1
[HEADING=1]Internet Explorer:[/HEADING]
[HEADING=1]FireFox:[/HEADING]
FF DefaultProfile: vuj5uyzl.default
FF ProfilePath: C:\Users\Cheryl’s\AppData\Roaming\Mozilla\Firefox\ Profiles\vuj5uyzl.default [2016-11-03]
FF Plugin: @Apple.com/iTunes,version=1.0 → C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin: @tools.google.com/Google Update;version=3 → C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 → C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: Adobe Reader → C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
[HEADING=1]Chrome:[/HEADING]
CHR HomePage: Default → hxxps://www.facebook.com/
CHR StartupUrls: Default → “hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=306F6F379543335AADA27BA2AE D1828D&v=20160329&ts=AHEpCHUpBH8mAU..”
CHR Session Restore: Default → is enabled.
CHR Profile: C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default [2016-11-06]
CHR Extension: (Google Slides) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2016-07-22]
CHR Extension: (Google Docs) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2016-07-22]
CHR Extension: (Google Drive) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2016-07-22]
CHR Extension: (YouTube) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2016-07-22]
CHR Extension: (Google Cast) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkm llpafd [2016-09-30]
CHR Extension: (LoL Stream Browser) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampb ncgejp [2016-07-22]
CHR Extension: (Google Sheets) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2016-07-22]
CHR Extension: (Google Docs Offline) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-07-28]
CHR Extension: (AdBlock) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbi glidom [2016-10-21]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgo cmfgmb [2016-10-15]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmj gjcoja [2016-07-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2016-07-22]
CHR Extension: (Hover Zoom) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfll mednbl [2016-08-16]
CHR Extension: (Gmail) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2016-07-22]
CHR Extension: (Chrome Media Router) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2016-10-15]
CHR Extension: (Sci-Hub) - C:\Users\Cheryl’s\Documents\Aidan\Sci-Hub [2016-10-16] [UpdateUrl: hxxp://31.184.194.81/update] <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [216576 2016-07-05] () [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1796200 2016-09-20] (Realsil Microelectronics Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 PlaysService; C:\Program Files\Raptr Inc\PlaysTV\plays_service.exe [54544 2016-11-04] (Copyright (c) 2016 Plays.tv, LLC)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2016-09-20] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 rpcapd; “%ProgramFiles%\WinPcap\rpcapd.exe” -d -f “%ProgramFiles%\WinPcap\rpcapd.ini”

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-11-06] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [254568 2016-09-20] (Realtek Semiconductor Corp.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys
S3 tsusbhub; system32\drivers\tsusbhub.sys
S3 VGPU; System32\drivers\rdvgkmd.sys

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-06 15:16 - 2016-11-06 15:24 - 00010819 _____ C:\Users\Cheryl’s\Desktop\FRST.txt
2016-11-06 15:16 - 2016-11-06 15:23 - 00000000 ____D C:\FRST
2016-11-06 15:15 - 2016-11-06 15:15 - 01759744 _____ (Farbar) C:\Users\Cheryl’s\Desktop\FRST.exe
2016-11-06 13:09 - 2016-11-06 14:36 - 00000000 ____D C:\Users\Cheryl’s\Downloads\The Hotelier - Goodness (2016) [16.44 FLAC]
2016-11-06 13:09 - 2016-11-06 14:23 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Nothing - Tired Of Tomorrow [Deluxe Version] (2016)
2016-11-06 13:09 - 2016-11-06 13:15 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Aesop Rock - The Impossible Kid (2016) [MP3~320kbps]~[Hunter] [FRG]
2016-11-06 13:09 - 2016-11-06 13:13 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Denzel Curry - Imperial-2016-MIXFIEND
2016-11-06 13:09 - 2016-11-06 13:12 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Radical Face
2016-11-06 13:09 - 2016-11-06 13:09 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Car Seat Headrest
2016-11-06 11:44 - 2016-11-06 11:46 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Radiohead A Moon Shaped Pool [2016] 320
2016-11-06 11:44 - 2016-11-06 11:44 - 00000000 ____D C:\Users\Cheryl’s\Downloads\N64
2016-11-06 09:02 - 2016-11-06 09:02 - 00645729 _____ (WDS Team) C:\Users\Cheryl’s\Downloads\windirstat1_1_2_setup. exe
2016-11-06 09:02 - 2016-11-06 09:02 - 00000985 _____ C:\Users\Cheryl’s\Desktop\WinDirStat.lnk
2016-11-06 09:02 - 2016-11-06 09:02 - 00000000 ____D C:\Users\Cheryl’s\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\WinDirStat
2016-11-06 09:02 - 2016-11-06 09:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2016-11-06 09:02 - 2016-11-06 09:02 - 00000000 ____D C:\Program Files\WinDirStat
2016-11-06 08:50 - 2016-11-06 08:51 - 00000000 ____D C:\Users\Cheryl’s\AppData\Roaming\Wireshark
2016-11-06 08:48 - 2016-11-06 08:48 - 00001935 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-11-06 08:48 - 2016-11-06 08:48 - 00001752 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-11-06 08:48 - 2016-11-06 08:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-11-06 08:48 - 2016-11-06 08:48 - 00000000 ____D C:\Program Files\WinPcap
2016-11-06 08:46 - 2016-11-06 08:49 - 00000000 ____D C:\Program Files\Wireshark
2016-11-06 08:45 - 2016-11-06 08:46 - 44390576 _____ (Wireshark development team) C:\Users\Cheryl’s\Downloads\Wireshark-win32-2.2.1.exe
2016-11-06 07:42 - 2016-11-06 07:56 - 00000000 ____D C:\Users\Cheryl’s\Downloads\ta-ku - 2012 - re-twerk (320)
2016-11-04 20:40 - 2016-11-04 20:40 - 00000000 ____D C:\Users\Cheryl’s.QtWebEngineProcess
2016-11-04 20:40 - 2016-11-04 20:40 - 00000000 ____D C:\Users\Cheryl’s.Plays.tv
2016-11-04 20:37 - 2016-11-04 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raptr
2016-11-02 20:24 - 2016-11-02 21:01 - 00000000 ____D C:\Users\Cheryl’s\AppData\Local\Mozilla
2016-11-02 20:24 - 2016-11-02 20:55 - 00000000 ____D C:\Users\Cheryl’s\AppData\Roaming\Mozilla
2016-11-02 20:23 - 2016-11-02 20:23 - 00001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-11-02 20:23 - 2016-11-02 20:23 - 00001101 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-11-02 20:23 - 2016-11-02 20:23 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-11-02 20:23 - 2016-11-02 20:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-02 20:20 - 2016-11-02 20:20 - 00243464 _____ C:\Users\Cheryl’s\Documents\Firefox Setup Stub 49.0.2.exe
2016-10-23 12:07 - 2016-10-23 12:07 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Bon Iver - 22, A Million
2016-10-23 11:33 - 2016-10-23 11:35 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Clams.Casino-32.Levels-2016-C4
2016-10-23 11:01 - 2016-11-06 12:56 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Parks and Recreation - Season 2
2016-10-23 11:01 - 2016-10-23 11:34 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Parks and Recreation - Season 5
2016-10-23 11:01 - 2016-10-23 11:03 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Parks and Recreation - Season 1
2016-10-23 11:00 - 2016-10-23 11:33 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Parks and Recreation - Season 4
2016-10-23 11:00 - 2016-10-23 11:33 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Parks and Recreation - Season 3
2016-10-21 22:02 - 2016-10-21 22:02 - 00000000 ____D C:\Windows\system32\appmgmt
2016-10-21 16:48 - 2016-10-21 18:04 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-21 16:44 - 2016-10-21 18:03 - 00000000 ____D C:\Users\Cheryl’s\Desktop\malware scan logfiles
2016-10-21 16:30 - 2016-10-21 16:31 - 11003784 _____ (SurfRight B.V.) C:\Users\Cheryl’s\Documents\HitmanPro.exe
2016-10-21 16:01 - 2016-10-21 16:02 - 03910208 _____ C:\Users\Cheryl’s\Documents\adwcleaner_6.030.exe
2016-10-21 15:23 - 2016-11-06 09:34 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-21 15:22 - 2016-10-21 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-21 15:22 - 2016-10-21 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-21 15:22 - 2016-10-21 15:22 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-10-21 15:22 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-21 15:22 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-21 15:22 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-20 19:58 - 2016-10-20 19:58 - 22851472 _____ (Malwarebytes ) C:\Users\Cheryl’s\Documents\mbam-setup-2.2.1.1043.exe
2016-10-20 19:58 - 2016-10-20 19:58 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Cheryl’s\Documents\rkill.com
2016-10-20 19:57 - 2016-10-20 19:58 - 01631928 _____ (Malwarebytes) C:\Users\Cheryl’s\Documents\JRT.exe
2016-10-19 21:25 - 2016-10-19 21:25 - 00000000 ____D C:\Users\Cheryl’s\AppData\Roaming\Synaptics
2016-10-19 21:25 - 2016-10-19 21:25 - 00000000 ____D C:\ProgramData\Synaptics
2016-10-19 18:12 - 2016-10-19 18:12 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_0100 9.Wdf
2016-10-19 18:12 - 2016-10-19 18:12 - 00000000 ____D C:\Program Files\Synaptics
2016-10-18 13:23 - 2016-10-18 13:25 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Sacks, Oliver
2016-10-17 15:07 - 2016-10-17 15:27 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Psychology ebooks collection
2016-10-16 17:48 - 2016-10-18 16:57 - 00000000 ____D C:\Users\Cheryl’s\AppData\Local\ERW
2016-10-16 17:48 - 2016-10-16 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ePub Reader
2016-10-16 17:48 - 2016-10-16 17:48 - 00000000 ____D C:\Program Files\ePub Reader for Windows
2016-10-16 17:44 - 2016-10-17 15:21 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Myers’ Psychology for AP (2nd Ed)
2016-10-16 17:44 - 2016-10-17 15:08 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Brian Tracy - Psychology of Achievement & Success
2016-10-16 17:44 - 2016-10-17 15:06 - 00000000 ____D C:\Users\Cheryl’s\Downloads\50 Psychology Classics
2016-10-16 17:44 - 2016-10-16 17:58 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Essentials of Understanding Psychology (11th Ed)
2016-10-16 17:44 - 2016-10-16 17:50 - 04397263 _____ C:\Users\Cheryl’s\Downloads\The Cambridge Handbook of Personality Psychology.pdf
2016-10-16 17:44 - 2016-10-16 17:46 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Psych 101 Psychology Facts, Basics, Statistics, Tests, and More! by Paul Kleinman
2016-10-14 19:29 - 2016-10-14 19:30 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Youre.the.Worst.S03E06 .HDTV.x264-FUM[ettv]
2016-10-13 23:07 - 2016-10-13 23:15 - 00000000 ____D C:\Users\Cheryl’s\Downloads[www.torrenting.com](http://www.torrenting.com) - Youre.the.Worst.S03E07.HDTV.x264-FLEET
2016-10-13 23:06 - 2016-10-13 23:10 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Atlanta.S01E07.PROPER. HDTV.x264-KILLERS[ettv]
2016-10-13 03:22 - 2016-11-06 09:34 - 00000021 _____ C:\Windows\S.dirmngr
2016-10-12 13:24 - 2016-10-01 06:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-12 13:24 - 2016-10-01 02:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-10-12 13:24 - 2016-10-01 02:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-12 13:24 - 2016-09-30 16:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-12 13:24 - 2016-09-30 16:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-12 13:24 - 2016-09-30 16:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-12 13:24 - 2016-09-30 16:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-12 13:24 - 2016-09-30 16:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-12 13:24 - 2016-09-30 16:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-12 13:24 - 2016-09-30 16:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-12 13:24 - 2016-09-30 16:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-12 13:24 - 2016-09-30 16:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-12 13:24 - 2016-09-30 16:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-12 13:24 - 2016-09-30 16:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-12 13:24 - 2016-09-30 16:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-12 13:24 - 2016-09-30 16:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-12 13:24 - 2016-09-30 16:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-12 13:24 - 2016-09-30 16:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-12 13:24 - 2016-09-30 16:32 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-12 13:24 - 2016-09-30 16:27 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-12 13:24 - 2016-09-30 16:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-12 13:24 - 2016-09-30 16:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-12 13:24 - 2016-09-30 16:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-12 13:24 - 2016-09-30 16:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-12 13:24 - 2016-09-30 16:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-12 13:24 - 2016-09-30 16:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-12 13:24 - 2016-09-30 16:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-12 13:24 - 2016-09-30 16:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-12 13:24 - 2016-09-30 16:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-12 13:24 - 2016-09-30 16:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-12 13:24 - 2016-09-30 16:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-12 13:24 - 2016-09-30 16:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-12 13:24 - 2016-09-30 16:05 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-12 13:24 - 2016-09-30 16:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-12 13:24 - 2016-09-30 15:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-12 13:24 - 2016-09-30 15:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-12 13:24 - 2016-09-30 15:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-12 13:24 - 2016-09-16 02:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-12 13:24 - 2016-09-16 02:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-12 13:24 - 2016-09-13 07:53 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-12 13:24 - 2016-09-13 07:53 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-12 13:24 - 2016-09-13 07:49 - 01063936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-12 13:24 - 2016-09-13 07:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-12 13:24 - 2016-09-13 07:28 - 02399232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-12 13:24 - 2016-09-13 07:26 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-12 13:24 - 2016-09-13 07:26 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-12 13:24 - 2016-09-13 07:26 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-12 13:24 - 2016-09-13 07:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-12 13:24 - 2016-09-13 07:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-12 13:24 - 2016-09-13 07:25 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-12 13:24 - 2016-09-13 06:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-12 13:24 - 2016-09-13 06:08 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-12 13:24 - 2016-09-11 02:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-12 13:24 - 2016-09-10 05:01 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-12 13:24 - 2016-09-10 05:00 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-12 13:24 - 2016-09-10 05:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-12 13:24 - 2016-09-10 04:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-12 13:24 - 2016-09-10 04:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-12 13:24 - 2016-09-10 04:59 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-12 13:24 - 2016-09-10 04:59 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-12 13:24 - 2016-09-10 04:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-12 13:24 - 2016-09-10 04:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-12 13:24 - 2016-09-10 04:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-12 13:24 - 2016-09-10 04:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-12 13:24 - 2016-09-10 04:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-12 13:24 - 2016-09-10 04:39 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-12 13:24 - 2016-09-10 04:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-12 13:24 - 2016-09-09 07:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-12 13:24 - 2016-09-09 07:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-12 13:24 - 2016-09-09 01:49 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-12 13:24 - 2016-09-09 01:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-12 13:24 - 2016-08-17 05:47 - 00419640 _____ C:\Windows\system32\locale.nls
2016-10-12 13:24 - 2016-08-13 03:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-12 13:24 - 2016-08-13 03:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-12 13:24 - 2016-08-13 03:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-12 13:24 - 2016-08-13 03:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-12 13:24 - 2016-08-13 03:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-12 13:24 - 2016-08-13 03:21 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-12 13:24 - 2016-08-07 02:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-12 13:24 - 2016-08-07 02:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-12 13:24 - 2016-08-07 02:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-12 13:24 - 2016-08-07 02:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-12 13:24 - 2016-08-07 02:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-12 13:24 - 2016-08-07 01:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-12 13:24 - 2016-08-07 01:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-12 13:24 - 2016-08-07 01:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-12 13:24 - 2016-07-23 01:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-12 13:24 - 2016-06-15 02:25 - 00078568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-12 13:24 - 2016-06-15 02:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-12 13:24 - 2016-06-15 02:17 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-12 13:24 - 2016-06-15 02:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-12 13:24 - 2016-06-15 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-12 13:24 - 2016-06-15 02:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-12 13:24 - 2016-06-15 02:00 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-12 13:24 - 2016-06-15 01:55 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-12 13:24 - 2016-06-15 01:55 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-12 13:24 - 2016-06-15 01:54 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-11 22:56 - 2016-10-11 22:56 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Vince Staples - Prima Donna - EP (2016) [MP3~320Kbps]~[Hunter] [FRG]
2016-10-11 19:04 - 2016-10-12 01:44 - 00000000 ____D C:\Users\Cheryl’s\Downloads\The Thick Of It Season 1, 2 & 3 + Extras (Extra episodes) DVDRip HDTV
2016-10-11 19:04 - 2016-10-11 19:04 - 00000000 ____D C:\Users\Cheryl’s\Downloads\The Thick Of It - Series 4
2016-10-11 01:45 - 2016-10-12 03:01 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Curb Your Enthusiasm Season 1, 2, 3, 4, 5, 6, 7 & 8 + Extras DVDRip TSV
2016-10-10 23:31 - 2016-10-10 23:32 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Danny Brown - Atrocity Exhibition - 2016
2016-10-09 23:09 - 2016-10-23 10:58 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Southpark s20
2016-10-09 12:08 - 2016-10-09 12:08 - 00000000 ____D C:\Users\Cheryl’s\Downloads\MATLAB For Dummies [PDF] [StormRG]
2016-10-09 12:07 - 2016-10-09 12:07 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Mathworks Matlab R2016a Incl Crack-=TEAM OS=-
2016-10-09 11:18 - 2016-10-09 11:19 - 16895525 _____ (Media Freeware) C:\Users\Cheryl’s\Downloads\docviewer_setup.exe
2016-10-08 22:41 - 2016-10-08 23:12 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Trailer.Park.Boys.The. Countdown.To.Liquor.Day.LiMiTED.DVDRip.XviD-ExTrAScEnE RG
2016-10-07 15:13 - 2016-10-07 15:13 - 00000000 ____D C:\Users\Cheryl’s\AppData\LocalLow\Adobe
2016-10-07 15:13 - 2016-10-07 15:13 - 00000000 ____D C:\Users\Cheryl’s\AppData\Local\CEF
2016-10-07 15:10 - 2016-11-06 04:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-07 15:10 - 2016-10-07 15:10 - 00002017 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-10-07 15:09 - 2016-10-07 15:09 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-10-07 15:09 - 2016-10-07 15:09 - 00000000 ____D C:\Program Files\Adobe
2016-10-07 15:08 - 2016-10-07 15:14 - 00000000 ____D C:\ProgramData\Adobe
2016-10-07 15:05 - 2016-10-07 15:13 - 00000000 ____D C:\Users\Cheryl’s\AppData\Local\Adobe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-06 15:04 - 2016-09-30 18:36 - 00000000 ____D C:\Users\Cheryl’s\AppData\LocalLow\uTorrent
2016-11-06 15:04 - 2016-07-30 23:26 - 00000000 ____D C:\Users\Cheryl’s\AppData\Roaming\uTorrent
2016-11-06 14:35 - 2016-07-22 17:53 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-06 14:16 - 2016-07-22 16:37 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-06 14:16 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\inf
2016-11-06 12:05 - 2016-08-02 15:21 - 00000000 ____D C:\Users\Cheryl’s\Documents\Aidan
2016-11-06 11:36 - 2016-09-20 15:30 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForCheryl’s.job
2016-11-06 09:43 - 2009-07-14 15:34 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-06 09:43 - 2009-07-14 15:34 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-06 09:35 - 2016-09-20 14:07 - 00000000 ____D C:\Users\Cheryl’s\AppData\Roaming\PlaysTV
2016-11-06 09:35 - 2016-09-20 14:05 - 00000000 ____D C:\Users\Cheryl’s\AppData\Roaming\Raptr
2016-11-06 09:34 - 2016-07-22 17:53 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-06 09:33 - 2009-07-14 15:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-06 08:47 - 2016-09-20 13:58 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-04 20:40 - 2016-07-22 16:28 - 00000000 ____D C:\Users\Cheryl’s
2016-10-26 17:29 - 2016-07-22 18:25 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-22 20:21 - 2016-09-20 14:51 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-10-22 01:06 - 2016-08-03 00:34 - 00001112 _____ C:\Users\Cheryl’s\Desktop\Potplayer.lnk
2016-10-21 22:02 - 2016-09-20 14:28 - 00000000 ____D C:\Program Files\Hewlett-Packard
2016-10-21 16:05 - 2016-07-12 14:58 - 00000000 ____D C:\AdwCleaner
2016-10-21 11:42 - 2016-07-22 17:54 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-21 11:42 - 2016-07-22 17:54 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-13 04:06 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\rescache
2016-10-13 03:23 - 2009-07-14 15:33 - 00306592 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-13 03:20 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\system32\Dism
2016-10-11 14:12 - 2016-08-25 13:31 - 00000000 ____D C:\Users\Cheryl’s.maplesoft
2016-10-09 14:40 - 2016-08-25 13:32 - 00000000 ____D C:\Users\Cheryl’s.gstreamer-0.10
2016-10-07 15:13 - 2016-08-02 12:06 - 00000000 ____D C:\Users\Cheryl’s\AppData\Roaming\Adobe
2016-10-07 10:45 - 2016-10-06 22:39 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Amateur Real Couples Homemade 2016 *** Videos Megapack
[HEADING=1]Some files in TEMP:[/HEADING]
C:\Users\Cheryl’s\AppData\Local\Temp\amd-catalyst-15.7.1-without-dotnet45-win7-32bit.exe
C:\Users\Cheryl’s\AppData\Local\Temp\libeay32.dll
C:\Users\Cheryl’s\AppData\Local\Temp\Maple2015.2Wi ndowsX86Upgrade.exe
C:\Users\Cheryl’s\AppData\Local\Temp\msvcr120.dll
C:\Users\Cheryl’s\AppData\Local\Temp\playstv_patch .exe
C:\Users\Cheryl’s\AppData\Local\Temp\raptrpatch.ex e
C:\Users\Cheryl’s\AppData\Local\Temp\raptr_stub.ex e
C:\Users\Cheryl’s\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-04 00:44

==================== End of FRST.txt ============================

I am thinking that if you did a fresh OS install after the hack, it could be a problem with Word. Please do post the logs Malnutrition requested so we can have a look.

Merged the two threads together to avoid confusion.

Got it! Thanks for the merge Rustys..

@j_c1222
Give me a moment to review the logs.. Back soon.

Thank you! @DonnaB

Hi j_c1222,

My apologies for the delay.

I don’t see any Antivirus (AV) protection installed. Please do not go wandering around the internet unprotected. In this day and age, it is very important that you have Anti-Virus software running on your machine. It is your first line of defense. By having an AntiVirus program running, files will be scanned as you use them, download them, or open them. If a virus is found in one of the items you are about to use, the AntiVirus program will stop you from being able to run that program and infect yourself. They also protect against spyware and other potentially unwanted software. If you had no AV installed when your system was infiltrated the possibility is ever present that this could have been prevented if you had one installed.

Before we go any further, we need to get an AV installed. Do you have a preference in AV software? I use Avast free. If you have a preference, let me know and I can provide a safe link for you to download from, otherwise download and install Avast, update the virus definitions then run a boot scan.

I see that you have µTorrent installed. Though P2P programs themselves are not malicious, the chance of downloading a malicious file is like playing russian roullette. Any file could be the one that will turn your computer into a very expensive door stop, and I would appeciate if you disabled the software and refrained from using it while we are working on your current issue. For all we know, this could be how your system was infiltrated.

Please report back once the above is accomplished. In the meantime, I will be reviewing your logs.

Thank you.

I uninstalled Utorrent and am currently installing avast

avast installed and am running a scan

Excellent! Thank you for being so compliant. Let me know when the scan has finished please and I will post my next set of instructions.

No worries, thanks so much for the help, it’s really appreciated. here’s a picture of the scan results for clarification. link is safe. [MEDIA=imgur]iGb4hGJ[/MEDIA]

Hi j_c1222,

The free space on your C:\ drive is being gobbled up by downloaded files. At this time you have approximately 30% of free space left. Your system will function best with 20% or more, so you are getting close. I would suggest that you purchase an external storage drive and move those files to the drive which can be accessed from there to add free space to Drive C:.

FRST fix:

[ul]
[li]Open notepad[/li][li]Please copy the entire contents of the code box below into Notepad.[/li](To do this highlight the contents of the box from start to end, right click on it and select copy. Right-click in the open notepad and select Paste).
[li]Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt.[/li]
Click in quote box below to expand…
start
CreateRestorePoint:
CloseProcesses:
FF Plugin: @tools.google.com/Google Update;version=3 → C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 → C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
Tcpip..\Interfaces{9DBD8FFC-D2C4-4F22-88C5-D3DF9103C9CF}: [DhcpNameServer] 192.168.2.1
CHR StartupUrls: Default → “hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=306F6F379543335AADA27BA2AE D1828D&v=20160329&ts=AHEpCHUpBH8mAU..”
CHR Extension: (Sci-Hub) - C:\Users\Cheryl’s\Documents\Aidan\Sci-Hub [2016-10-16] [UpdateUrl: hxxp://31.184.194.81/update] <==== ATTENTION
S3 rpcapd; “%ProgramFiles%\WinPcap\rpcapd.exe” -d -f “%ProgramFiles%\WinPcap\rpcapd.ini”
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys
S3 tsusbhub; system32\drivers\tsusbhub.sys
S3 VGPU; System32\drivers\rdvgkmd.sys
Hosts:
Emptytemp:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
[li]Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.[/li][li]The tool will make a log (Fixlog.txt) which you will find where you saved FRST. Please post it to your reply.[/li][/ul]
I see that you have Junkware removal tool and AdwCleaner installed.

(Malwarebytes) C:\Users\Cheryl’s\Documents\JRT.exe
C:\Users\Cheryl’s\Documents\adwcleaner_6.030.exe

Please move (drag and drop) them from the Documents folder to your desktop.

I see you also have Malwarebytes installed. After you run the fix I provided above, please run the following programs in the order I have listed below:

Next:
[ul]
[li]Disable your protection software now to avoid potential conflicts. For Avast, right click on the orange icon in the notification tray and choose Avast Sheilds Control > Disable until computer is restarted[/li][li]Run the JRT tool by right clicking the icon and select “Run as Administrator”.[/li][li]The tool will open and start scanning your system.[/li][li]Please be patient as this can take a while to complete depending on your system’s specifications.[/li][li]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.[/li][li]Post the contents of JRT.txt into your next message.[/li][/ul]
Next:
[ul]
[li]Right-click on AdwCleaner.exe and select Run As Administrator[/li][li]The tool will start to update the database, please wait a bit.[/li][li]Click on the Scan button.[/li][li]AdwCleaner will begin. Please be patient as the scan may take some time to complete.[/li][li]After the scan has finished, click on the Clean button.[/li][li]Press OK when asked to close all programs and follow the onscreen prompts.[/li][li]Press OK again to allow AdwCleaner to restart the computer and complete the removal process.[/li][li]After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).[/li][li]Copy and paste the contents of that logfile in your next reply.[/li][li]A copy of that logfile will also be saved in the C:\AdwCleaner folder.[/li][/ul]
Next:
Malwarebytes 2.0, please run a Threat Scan:
[ul]
[li]Click on the Dashboard tab and to the right of Database Version, click the Update Now >> link.[/li][li]After the updates complete, click on the Settings tab at the top then click on Detection and Protection.[/li][li]Under Detection Options, make sure all 3 options are checked.[/li][li]Just below that, under Non-Malware Protection, click on the drop down arrow under PUP (Potentially Unwanted Program) detections: and choose Treat detections as malware.[/li][li]Click on the Scan tab at the top, then click on the Scan Now >> button. (There is also a Scan Now >> button on the Dashboard you can click as well.[/li][li]If you are offered to update again, go ahead and click the Update Now >> button. Once complete, the Threat Scan will begin.[/li][li]When the scan is complete, if there have been any detections, click Apply Actions to allow MBAM to clean what was detected.[/li][li]In most cases, a restart will be required.[/li][li]Wait for the prompt to restart the computer to appear, then click on Yes.[/li][/ul]
Post log:
[ul]
[li]After the restart once you are back at your desktop, open MBAM once more.[/li][li]Click on the History tab > Application Logs[/li][li]Double click on the scan log which shows the Date and time of the scan just performed.[/li][li]Click Copy to Clipboard[/li][li]Paste the contents of the clipboard into your reply.[/li][/ul]
In your next reply, please post the following logs:
[ul]
[li]Fixlog.txt[/li][li]JRT.txt[/li][li]AdwCleaner[S#].txt[/li][li]MBAM log[/li][/ul]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/11/2016
Scan Time: 7:35 AM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.07.09
Rootkit Database: v2016.10.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Cheryl’s

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 268088
Time Elapsed: 22 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Fix result of Farbar Recovery Scan Tool (x86) Version: 06-11-2016
Ran by Cheryl’s (08-11-2016 07:05:42) Run:1
Running from C:\Users\Cheryl’s\Desktop
Loaded Profiles: Cheryl’s (Available Profiles: Cheryl’s)
Boot Mode: Normal

==============================================

fixlist content:

---

start
CreateRestorePoint:
CloseProcesses:
FF Plugin: @tools.google.com/Google Update;version=3 → C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 → C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
Tcpip..\Interfaces{9DBD8FFC-D2C4-4F22-88C5-D3DF9103C9CF}: [DhcpNameServer] 192.168.2.1
CHR StartupUrls: Default → “hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=306F6F379543335AADA27BA2AE D1828D&v=20160329&ts=AHEpCHUpBH8mAU..”
CHR Extension: (Sci-Hub) - C:\Users\Cheryl’s\Documents\Aidan\Sci-Hub [2016-10-16] [UpdateUrl: hxxp://31.184.194.81/update] <==== ATTENTION
S3 rpcapd; “%ProgramFiles%\WinPcap\rpcapd.exe” -d -f “%ProgramFiles%\WinPcap\rpcapd.ini”
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys
S3 tsusbhub; system32\drivers\tsusbhub.sys
S3 VGPU; System32\drivers\rdvgkmd.sys
Hosts:
Emptytemp:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
end

---

Restore point was successfully created.
Processes closed successfully.
“HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=3” => key removed successfully.
C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll => moved successfully
“HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=9” => key removed successfully.
“C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll” => not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{9DBD8FFC-D2C4-4F22-88C5-D3DF9103C9CF}\DhcpNameServer => value removed successfully.
Chrome StartupUrls => removed successfully.
C:\Users\Cheryl’s\Documents\Aidan\Sci-Hub <==== ATTENTION => not found.
rpcapd => service removed successfully.
Synth3dVsc => service removed successfully.
tsusbhub => service removed successfully.
VGPU => service removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12665925 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 504154616 B
Edge => 0 B
Chrome => 63278776 B
Firefox => 17763160 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 65960 B
LocalService => 66228 B
NetworkService => 205026 B
Cheryl’s => 856273873 B

RecycleBin => 9402514983 B
EmptyTemp: => 10.1 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 07:10:33 ====
[HEADING=1]AdwCleaner v6.030 - Logfile created 08/11/2016 at 07:23:58[/HEADING]
[HEADING=1]Updated on 19/10/2016 by Malwarebytes[/HEADING]
[HEADING=1]Database : 2016-11-07.1 [Server][/HEADING]
[HEADING=1]Operating System : Windows 7 Ultimate Service Pack 1 (X86)[/HEADING]
[HEADING=1]Username : Cheryl’s - CHERYLS-PC[/HEADING]
[HEADING=1]Running from : C:\Users\Cheryl’s\Desktop\adwcleaner_6.030.exe[/HEADING]
[HEADING=1]Mode: Clean[/HEADING]
[HEADING=1]Support : hxxps://www.malwarebytes.com/support[/HEADING]
***** [ Services ] *****

***** [ Folders ] *****

[#] Folder deleted on reboot: C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfll mednbl

***** [ Files ] *****

[#] File deleted: C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nonjdcjchghhkdoolnlbekcfllmednbl_0.local storage
[#] File deleted: C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nonjdcjchghhkdoolnlbekcfllmednbl_0.local storage-journal

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] [C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=306F6F379543335AADA27BA2AE D1828D&v=20160329&ts=AHEpCHUpBH8mAU..
[-] [C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: nonjdcjchghhkdoolnlbekcfllmednbl

---

:: “Tracing” keys deleted
:: Winsock settings cleared

---

C:\AdwCleaner\AdwCleaner[C1].txt - [2944 Bytes] - [12/07/2016 15:11:37]
C:\AdwCleaner\AdwCleaner[C2].txt - [1386 Bytes] - [20/07/2016 13:52:25]
C:\AdwCleaner\AdwCleaner[C3].txt - [1727 Bytes] - [08/11/2016 07:23:58]
C:\AdwCleaner\AdwCleaner[S1].txt - [2963 Bytes] - [12/07/2016 14:59:12]
C:\AdwCleaner\AdwCleaner[S2].txt - [1212 Bytes] - [20/07/2016 12:01:08]
C:\AdwCleaner\AdwCleaner[S3].txt - [2166 Bytes] - [21/10/2016 16:05:09]
C:\AdwCleaner\AdwCleaner[S4].txt - [2237 Bytes] - [08/11/2016 07:23:25]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [2092 Bytes] ##########

Just before I post the logs, I just want to say thanks so much for your help. Very comprehensive and detailed, really appreciate it. Would be lost without this help.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/11/2016
Scan Time: 7:35 AM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.07.09
Rootkit Database: v2016.10.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Cheryl’s

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 268088
Time Elapsed: 22 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Fix result of Farbar Recovery Scan Tool (x86) Version: 06-11-2016
Ran by Cheryl’s (08-11-2016 07:05:42) Run:1
Running from C:\Users\Cheryl’s\Desktop
Loaded Profiles: Cheryl’s (Available Profiles: Cheryl’s)
Boot Mode: Normal

==============================================

fixlist content:

---

start
CreateRestorePoint:
CloseProcesses:
FF Plugin: @tools.google.com/Google Update;version=3 → C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 → C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
Tcpip..\Interfaces{9DBD8FFC-D2C4-4F22-88C5-D3DF9103C9CF}: [DhcpNameServer] 192.168.2.1
CHR StartupUrls: Default → “hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=306F6F379543335AADA27BA2AE D1828D&v=20160329&ts=AHEpCHUpBH8mAU..”
CHR Extension: (Sci-Hub) - C:\Users\Cheryl’s\Documents\Aidan\Sci-Hub [2016-10-16] [UpdateUrl: hxxp://31.184.194.81/update] <==== ATTENTION
S3 rpcapd; “%ProgramFiles%\WinPcap\rpcapd.exe” -d -f “%ProgramFiles%\WinPcap\rpcapd.ini”
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys
S3 tsusbhub; system32\drivers\tsusbhub.sys
S3 VGPU; System32\drivers\rdvgkmd.sys
Hosts:
Emptytemp:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
end

---

Restore point was successfully created.
Processes closed successfully.
“HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=3” => key removed successfully.
C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll => moved successfully
“HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=9” => key removed successfully.
“C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll” => not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{9DBD8FFC-D2C4-4F22-88C5-D3DF9103C9CF}\DhcpNameServer => value removed successfully.
Chrome StartupUrls => removed successfully.
C:\Users\Cheryl’s\Documents\Aidan\Sci-Hub <==== ATTENTION => not found.
rpcapd => service removed successfully.
Synth3dVsc => service removed successfully.
tsusbhub => service removed successfully.
VGPU => service removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12665925 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 504154616 B
Edge => 0 B
Chrome => 63278776 B
Firefox => 17763160 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 65960 B
LocalService => 66228 B
NetworkService => 205026 B
Cheryl’s => 856273873 B

RecycleBin => 9402514983 B
EmptyTemp: => 10.1 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 07:10:33 ====
[HEADING=1]AdwCleaner v6.030 - Logfile created 08/11/2016 at 07:23:58[/HEADING]
[HEADING=1]Updated on 19/10/2016 by Malwarebytes[/HEADING]
[HEADING=1]Database : 2016-11-07.1 [Server][/HEADING]
[HEADING=1]Operating System : Windows 7 Ultimate Service Pack 1 (X86)[/HEADING]
[HEADING=1]Username : Cheryl’s - CHERYLS-PC[/HEADING]
[HEADING=1]Running from : C:\Users\Cheryl’s\Desktop\adwcleaner_6.030.exe[/HEADING]
[HEADING=1]Mode: Clean[/HEADING]
[HEADING=1]Support : hxxps://www.malwarebytes.com/support[/HEADING]
***** [ Services ] *****

***** [ Folders ] *****

[#] Folder deleted on reboot: C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfll mednbl

***** [ Files ] *****

[#] File deleted: C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nonjdcjchghhkdoolnlbekcfllmednbl_0.local storage
[#] File deleted: C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nonjdcjchghhkdoolnlbekcfllmednbl_0.local storage-journal

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] [C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=306F6F379543335AADA27BA2AE D1828D&v=20160329&ts=AHEpCHUpBH8mAU..
[-] [C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: nonjdcjchghhkdoolnlbekcfllmednbl

---

:: “Tracing” keys deleted
:: Winsock settings cleared

---

C:\AdwCleaner\AdwCleaner[C1].txt - [2944 Bytes] - [12/07/2016 15:11:37]
C:\AdwCleaner\AdwCleaner[C2].txt - [1386 Bytes] - [20/07/2016 13:52:25]
C:\AdwCleaner\AdwCleaner[C3].txt - [1727 Bytes] - [08/11/2016 07:23:58]
C:\AdwCleaner\AdwCleaner[S1].txt - [2963 Bytes] - [12/07/2016 14:59:12]
C:\AdwCleaner\AdwCleaner[S2].txt - [1212 Bytes] - [20/07/2016 12:01:08]
C:\AdwCleaner\AdwCleaner[S3].txt - [2166 Bytes] - [21/10/2016 16:05:09]
C:\AdwCleaner\AdwCleaner[S4].txt - [2237 Bytes] - [08/11/2016 07:23:25]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [2092 Bytes] ##########
File System: 9

Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\Users\Cheryl’s\AppData\Local\Microsoft\Windows\ Temporary Internet Files\Content.IE5\1MFJ2R1M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Cheryl’s\AppData\Local\Microsoft\Windows\ Temporary Internet Files\Content.IE5\DGRBIALV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Cheryl’s\AppData\Local\Microsoft\Windows\ Temporary Internet Files\Content.IE5\XICVBQU5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Cheryl’s\AppData\Local\Microsoft\Windows\ Temporary Internet Files\Content.IE5\YHX4IQ32 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MFJ2R1M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGRBIALV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\XICVBQU5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\YHX4IQ32 (Temporary Internet Files Folder)

Registry: 0