Solved Windows 7 hacked

[j_c1222]

I've been hacked and am having some issues with my laptop. I ran a lot of antivirus software months ago and did a fresh os install, but am still having issues.

Someone is changing my ability to format in word. Instead of typing in a usual line, it types each word below the previous word and then shifts it up afterwards.

When I play League of Legends, the information bar down the bottom can get blurred and covered up.

Not sure what to do, any help would be appreciated

 

[Malnutrition]

Welcome To PCHF.

Instructions Part 1 Diagnostic Scan With FRST:

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"

If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.

1. Accept the default whitelist options,
2. If the additions.txt options box is not checked please select it.
   
3. Then select "Scan"

Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

Please Copy and Paste the contents of these logs in your next post for review by our Security Team

 

[j_c1222]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-11-2016
Ran by Cheryl's (06-11-2016 15:24:18)
Running from C:\Users\Cheryl's\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-07-22 05:28:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-132226090-40037206-190124982-500 - Administrator - Disabled)
Cheryl's (S-1-5-21-132226090-40037206-190124982-1000 - Administrator - Enabled) => C:\Users\Cheryl's
Guest (S-1-5-21-132226090-40037206-190124982-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-132226090-40037206-190124982-1000\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{17A7AA54-B23B-22B7-CDD5-C51122056415}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.86 - Broadcom Corporation)
Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
ePub Reader for Windows version 5.3 (HKLM\...\{BFBA7F3A-1F10-4754-ADEC-A8CFBB4F925B}_is1) (Version: 5.3 - HANSoft, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Gpg4win (2.3.2) (HKLM\...\GPG4Win) (Version: 2.3.2 - The Gpg4win Project)
HP Support Solutions Framework (HKLM\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.32.37 - HP Inc.)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel(R) Display Audio Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{558C7B3E-84D0-4215-96EA-29282037F69D}) (Version: 12.4.3.1 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maple 2015 (HKLM\...\Maple 2015) (Version: 2015 - Maplesoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 en-GB) (HKLM\...\Mozilla Firefox 49.0.2 (x86 en-GB)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 49.0.2 - Mozilla)
MPC-HC 1.7.10 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.10 - MPC-HC Team)
PlaysTV (HKLM\...\PlaysTV) (Version: 1.16.3-r117977-trunk - Plays.tv, LLC)
Potplayer (HKLM\...\PotPlayer) (Version: - Kakao Corp.)
PX Profile Update (Version: 1.00.1. - AMD) Hidden
Raptr (HKLM\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.85 - Realtek Semiconductor Corp.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-132226090-40037206-190124982-1000\...\WinDirStat) (Version: - )
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.2.1 (32-bit) (HKLM\...\Wireshark) (Version: 2.2.1 - The Wireshark developer community, hxxps://www.wireshark.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00CD3D72-1071-485C-95C5-5F825C52F534} - System32\Tasks\{00C9150D-D9B1-4577-97FA-00F48424807A} => pcalua.exe -a C:\Users\Cheryl's\Documents\sp54841.exe -d C:\Users\Cheryl's\Documents
Task: {28A91346-8F34-423C-A491-C0B25D298C79} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {635A2D1F-E105-4942-9F36-2A227E99C4B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-22] (Google Inc.)
Task: {72B617A2-8660-476D-955C-348D996F925C} - System32\Tasks\HPCeeScheduleForCheryl's => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: {787473E9-9F45-4087-BB1B-BF9FDD6ACBF3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {C5E62E23-35EB-4FC9-82ED-8975E5ABB4C8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.)
Task: {C8DB2471-C01B-4653-8A87-470B1D756C6F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-22] (Google Inc.)
Task: {D85A20A8-2762-4AC9-A11D-66A81BE3E913} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-26] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCheryl's.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-05 16:24 - 2016-07-05 16:24 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 16:23 - 2016-07-05 16:23 - 01041208 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-05 21:50 - 2016-07-05 21:50 - 00216576 _____ () C:\Program Files\GNU\GnuPG\dirmngr.exe
2016-07-05 21:38 - 2016-07-05 21:38 - 00222720 _____ () C:\Program Files\GNU\GnuPG\libksba-8.dll
2016-07-05 21:32 - 2016-07-05 21:32 - 00103424 _____ () C:\Program Files\GNU\GnuPG\libgpg-error-0.dll
2016-07-05 21:27 - 2016-07-05 21:27 - 00050176 _____ () C:\Program Files\GNU\GnuPG\libw32pth-0.dll
2016-07-05 21:38 - 2016-07-05 21:38 - 00073728 _____ () C:\Program Files\GNU\GnuPG\libassuan-0.dll
2016-07-05 21:41 - 2016-07-05 21:41 - 00750592 _____ () C:\Program Files\GNU\GnuPG\libgcrypt-20.dll
2016-09-14 07:07 - 2016-09-14 07:07 - 00033280 _____ () C:\Program Files\Raptr Inc\PlaysTV\cx_Logging.cp35-win32.pyd
2016-08-16 09:38 - 2016-08-16 09:38 - 00103424 _____ () C:\Program Files\Raptr Inc\PlaysTV\win32api.pyd
2016-01-12 09:11 - 2016-01-12 09:11 - 00111616 _____ () C:\Program Files\Raptr Inc\PlaysTV\pywintypes35.dll
2016-08-16 09:38 - 2016-08-16 09:38 - 00041984 _____ () C:\Program Files\Raptr Inc\PlaysTV\win32process.pyd
2016-01-12 09:12 - 2016-01-12 09:12 - 00405504 _____ () C:\Program Files\Raptr Inc\PlaysTV\pythoncom35.dll
2016-08-16 09:38 - 2016-08-16 09:38 - 00173568 _____ () C:\Program Files\Raptr Inc\PlaysTV\win32gui.pyd
2016-08-16 09:33 - 2016-08-16 09:33 - 01934336 _____ () C:\Program Files\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2016-08-16 09:33 - 2016-08-16 09:33 - 00077824 _____ () C:\Program Files\Raptr Inc\PlaysTV\sip.pyd
2016-08-16 09:33 - 2016-08-16 09:33 - 01780736 _____ () C:\Program Files\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2016-08-16 09:33 - 2016-08-16 09:33 - 00505856 _____ () C:\Program Files\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2016-08-16 09:33 - 2016-08-16 09:33 - 03812864 _____ () C:\Program Files\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2010-11-23 09:56 - 2010-11-23 09:56 - 00087040 _____ () C:\Program Files\Raptr Inc\Raptr\_ctypes.pyd
2010-11-23 09:56 - 2010-11-23 09:56 - 00043008 _____ () C:\Program Files\Raptr Inc\Raptr\_socket.pyd
2010-11-23 09:56 - 2010-11-23 09:56 - 00805376 _____ () C:\Program Files\Raptr Inc\Raptr\_ssl.pyd
2014-05-14 10:26 - 2014-05-14 10:26 - 05812736 _____ () C:\Program Files\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2014-05-14 10:26 - 2014-05-14 10:26 - 00067584 _____ () C:\Program Files\Raptr Inc\Raptr\sip.pyd
2014-05-14 10:26 - 2014-05-14 10:26 - 01662464 _____ () C:\Program Files\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2014-05-14 10:26 - 2014-05-14 10:26 - 00494592 _____ () C:\Program Files\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2010-11-23 09:57 - 2010-11-23 09:57 - 00096256 _____ () C:\Program Files\Raptr Inc\Raptr\win32api.pyd
2010-11-23 09:56 - 2010-11-23 09:56 - 00110592 _____ () C:\Program Files\Raptr Inc\Raptr\pywintypes26.dll
2010-11-23 09:56 - 2010-11-23 09:56 - 00010240 _____ () C:\Program Files\Raptr Inc\Raptr\select.pyd
2010-11-23 09:56 - 2010-11-23 09:56 - 00356864 _____ () C:\Program Files\Raptr Inc\Raptr\_hashlib.pyd
2010-11-23 09:57 - 2010-11-23 09:57 - 00036352 _____ () C:\Program Files\Raptr Inc\Raptr\win32process.pyd
2010-11-23 09:57 - 2010-11-23 09:57 - 00111104 _____ () C:\Program Files\Raptr Inc\Raptr\win32file.pyd
2010-11-23 09:56 - 2010-11-23 09:56 - 00044544 _____ () C:\Program Files\Raptr Inc\Raptr\_sqlite3.pyd
2011-02-16 05:17 - 2011-02-16 05:17 - 00417501 _____ () C:\Program Files\Raptr Inc\Raptr\sqlite3.dll
2010-11-23 09:57 - 2010-11-23 09:57 - 00167936 _____ () C:\Program Files\Raptr Inc\Raptr\win32gui.pyd
2014-05-14 10:26 - 2014-05-14 10:26 - 00313856 _____ () C:\Program Files\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2010-11-23 09:56 - 2010-11-23 09:56 - 00127488 _____ () C:\Program Files\Raptr Inc\Raptr\pyexpat.pyd
2010-11-23 09:56 - 2010-11-23 09:56 - 00009216 _____ () C:\Program Files\Raptr Inc\Raptr\winsound.pyd
2015-10-22 07:29 - 2015-10-22 07:29 - 00113171 _____ () C:\Program Files\Raptr Inc\Raptr\libvlc.dll
2015-10-22 07:29 - 2015-10-22 07:29 - 02396691 _____ () C:\Program Files\Raptr Inc\Raptr\libvlccore.dll
2010-11-23 09:56 - 2010-11-23 09:56 - 00583680 _____ () C:\Program Files\Raptr Inc\Raptr\unicodedata.pyd
2010-11-23 09:56 - 2010-11-23 09:56 - 00324608 _____ () C:\Program Files\Raptr Inc\Raptr\PIL._imaging.pyd
2015-06-27 10:09 - 2015-06-27 10:09 - 00271872 _____ () C:\Program Files\Raptr Inc\Raptr\amd_ags.dll
2010-11-23 09:57 - 2010-11-23 09:57 - 00141312 _____ () C:\Program Files\Raptr Inc\Raptr\gobject._gobject.pyd
2016-04-20 04:08 - 2016-04-20 04:08 - 02717595 _____ () C:\Program Files\Raptr Inc\Raptr\heliotrope._purple.pyd
2011-02-16 05:17 - 2011-02-16 05:17 - 01213633 _____ () C:\Program Files\Raptr Inc\Raptr\libxml2-2.dll
2010-11-23 10:06 - 2010-11-23 10:06 - 00055808 _____ () C:\Program Files\Raptr Inc\Raptr\zlib1.dll
2013-05-10 10:52 - 2013-05-10 10:52 - 00495680 _____ () C:\Program Files\Raptr Inc\Raptr\plugins\libaim.dll
2013-05-10 10:52 - 2013-05-10 10:52 - 01183699 _____ () C:\Program Files\Raptr Inc\Raptr\liboscar.dll
2013-05-10 10:52 - 2013-05-10 10:52 - 00483306 _____ () C:\Program Files\Raptr Inc\Raptr\plugins\libicq.dll
2013-05-04 05:57 - 2013-05-04 05:57 - 00655356 _____ () C:\Program Files\Raptr Inc\Raptr\plugins\libirc.dll
2013-05-04 05:56 - 2013-05-04 05:56 - 01306387 _____ () C:\Program Files\Raptr Inc\Raptr\plugins\libmsn.dll
2013-05-04 05:56 - 2013-05-04 05:56 - 00565461 _____ () C:\Program Files\Raptr Inc\Raptr\plugins\libxmpp.dll
2013-05-04 05:57 - 2013-05-04 05:57 - 01640221 _____ () C:\Program Files\Raptr Inc\Raptr\libjabber.dll
2013-05-04 05:56 - 2013-05-04 05:56 - 00506276 _____ () C:\Program Files\Raptr Inc\Raptr\plugins\libyahoo.dll
2013-05-04 05:57 - 2013-05-04 05:57 - 01053730 _____ () C:\Program Files\Raptr Inc\Raptr\libymsg.dll
2013-05-04 05:57 - 2013-05-04 05:57 - 00497782 _____ () C:\Program Files\Raptr Inc\Raptr\plugins\libyahoojp.dll
2013-05-04 05:57 - 2013-05-04 05:57 - 00603326 _____ () C:\Program Files\Raptr Inc\Raptr\plugins\ssl-nss.dll
2013-05-04 05:57 - 2013-05-04 05:57 - 00474199 _____ () C:\Program Files\Raptr Inc\Raptr\plugins\ssl.dll
2016-09-20 15:22 - 2016-09-20 15:22 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\61a733954a0da9a5988d596c76b2b891\IsdiInterop.ni.dll
2016-09-20 15:22 - 2011-01-12 18:56 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2016-11-02 20:25 - 2016-11-02 20:25 - 17771200 _____ () C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.205\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:04 - 2009-06-11 08:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-132226090-40037206-190124982-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{90B0CB85-5429-4221-AEF6-7E5321CE191B}] => (Allow) C:\Users\Cheryl's\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E8AD40AF-DAD4-406C-97D9-DB88123B9726}] => (Allow) C:\Users\Cheryl's\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{598C0EF4-9452-407B-BA2F-1233F73BCE47}] => (Allow) C:\Users\Cheryl's\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{57E54D07-4F63-4266-B99E-250558AA7F6F}] => (Allow) C:\Users\Cheryl's\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5CADCB09-9DCD-4440-85A8-3BA3BCCF0CCC}] => (Allow) C:\Users\Cheryl's\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7B5A04E6-E25B-48ED-9F00-AD06F0789FA6}] => (Allow) C:\Users\Cheryl's\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1D4AAF67-8331-450D-ADE6-990EB74B09AC}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{39FE57D9-8402-4B94-B776-8FF16B4BEE94}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{9003D6C2-7436-4381-B2AB-0D866C815DDB}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [{63592DB6-769E-494B-877A-73546B38314F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CDE132CF-90AF-4F44-804C-5C6E8FA29BA2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5DD29B9C-3CAC-4175-8EF4-6C1A38B001EA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{45B3521A-855D-4E0D-8225-B47CA1B61063}C:\program files\maple 2015\jre\bin\javaw.exe] => (Allow) C:\program files\maple 2015\jre\bin\javaw.exe
FirewallRules: [UDP Query User{270F02CC-4E85-4CC0-BBAE-CA4C67F9297A}C:\program files\maple 2015\jre\bin\javaw.exe] => (Allow) C:\program files\maple 2015\jre\bin\javaw.exe
FirewallRules: [{AFA6411C-3E37-44E1-98A2-3F780BA8AE13}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{B9EDFAAA-AA5A-4F7A-8B37-DBDAA62F708D}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{43A298BF-BEA0-45B9-901C-BD9A16AA3598}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{9A18AB4F-E16C-4F88-B228-EB471BB4BFD3}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{7303DC4B-F97D-4423-9360-8F1838C14589}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{6122A876-6D11-4E1E-8CA0-AC2672CA2EDE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{87696CD9-D48B-44A4-84D4-86E54646E2B7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3741C776-F5B4-467A-92C2-07D347A0F801}] => (Allow) C:\Program Files\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{D4984AE6-D2D0-4B61-BCE8-251C61B82FC0}] => (Allow) C:\Program Files\Raptr Inc\PlaysTV\playstv.exe

==================== Restore Points =========================

17-10-2016 00:06:09 Scheduled Checkpoint
21-10-2016 16:31:08 JRT Pre-Junkware Removal
21-10-2016 21:58:44 Removed HP Support Assistant.
04-11-2016 00:38:24 Scheduled Checkpoint
04-11-2016 20:38:52 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
06-11-2016 08:47:23 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
06-11-2016 09:27:59 Windows Update

==================== Faulty Device Manager Devices =============

Name: BCM20702A0
Description: BCM20702A0
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: AMD Radeon HD 7400M Series
Description: AMD Radeon HD 7400M Series
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2016 02:12:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3207771

Error: (11/06/2016 02:12:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3207771

Error: (11/06/2016 02:12:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2016 02:12:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3206679

Error: (11/06/2016 02:12:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3206679

Error: (11/06/2016 02:12:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2016 02:12:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13525

Error: (11/06/2016 02:12:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13525

Error: (11/06/2016 01:19:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/04/2016 08:37:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RIconMan.exe, version: 1.3.9.1, time stamp: 0x4e5df0a1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1434
Faulting application start time: 0x01d2367f0d94c144
Faulting application path: C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
Faulting module path: unknown
Report Id: 521d3160-a272-11e6-b797-101f74b16e49


System errors:
=============
Error: (11/06/2016 09:33:38 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:31:11 AM on ‎6/‎11/‎2016 was unexpected.

Error: (11/06/2016 08:13:25 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:11:27 AM on ‎6/‎11/‎2016 was unexpected.

Error: (11/06/2016 04:21:36 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:43:18 PM on ‎4/‎11/‎2016 was unexpected.

Error: (11/04/2016 08:34:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:56:38 AM on ‎4/‎11/‎2016 was unexpected.

Error: (11/03/2016 11:57:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:56:06 PM on ‎3/‎11/‎2016 was unexpected.

Error: (11/03/2016 11:39:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:35:36 PM on ‎3/‎11/‎2016 was unexpected.

Error: (11/03/2016 11:14:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:13:06 PM on ‎3/‎11/‎2016 was unexpected.

Error: (11/03/2016 11:08:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:02:54 PM on ‎3/‎11/‎2016 was unexpected.

Error: (11/03/2016 10:54:02 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:19:58 PM on ‎3/‎11/‎2016 was unexpected.

Error: (11/03/2016 08:42:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:45:13 AM on ‎3/‎11/‎2016 was unexpected.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 68%
Total physical RAM: 2509.86 MB
Available physical RAM: 788.07 MB
Total Virtual: 5018.04 MB
Available Virtual: 2042.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:576.66 GB) (Free:176.4 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:15.34 GB) (Free:1.7 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
Drive h: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 7C9631CA)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=576.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-11-2016
Ran by Cheryl's (administrator) on CHERYLS-PC (06-11-2016 15:23:54)
Running from C:\Users\Cheryl's\Desktop
Loaded Profiles: Cheryl's (Available Profiles: Cheryl's)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Copyright (c) 2016 Plays.tv, LLC) C:\Program Files\Raptr Inc\PlaysTV\plays_service.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Raptr, Inc) C:\Program Files\Raptr Inc\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files\Raptr Inc\Raptr\raptr_im.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-07-26] (Apple Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Raptr] => C:\Program Files\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-29] (Raptr, Inc)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [536668 2016-09-20] (IDT, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2295080 2011-10-01] (Synaptics Incorporated)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-07-31] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9DBD8FFC-D2C4-4F22-88C5-D3DF9103C9CF}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================

FireFox:
========
FF DefaultProfile: vuj5uyzl.default
FF ProfilePath: C:\Users\Cheryl's\AppData\Roaming\Mozilla\Firefox\Profiles\vuj5uyzl.default [2016-11-03]
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.facebook.com/
CHR StartupUrls: Default -> "hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=306F6F379543335AADA27BA2AED1828D&v=20160329&ts=AHEpCHUpBH8mAU.."
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default [2016-11-06]
CHR Extension: (Google Slides) - C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-22]
CHR Extension: (Google Docs) - C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-22]
CHR Extension: (Google Drive) - C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-22]
CHR Extension: (YouTube) - C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-22]
CHR Extension: (Google Cast) - C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-09-30]
CHR Extension: (LoL Stream Browser) - C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp [2016-07-22]
CHR Extension: (Google Sheets) - C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-22]
CHR Extension: (Google Docs Offline) - C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-28]
CHR Extension: (AdBlock) - C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-21]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-10-15]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-07-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-22]
CHR Extension: (Hover Zoom) - C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2016-08-16]
CHR Extension: (Gmail) - C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-22]
CHR Extension: (Chrome Media Router) - C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-15]
CHR Extension: (Sci-Hub) - C:\Users\Cheryl's\Documents\Aidan\Sci-Hub [2016-10-16] [UpdateUrl: hxxp://31.184.194.81/update] <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [216576 2016-07-05] () [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1796200 2016-09-20] (Realsil Microelectronics Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 PlaysService; C:\Program Files\Raptr Inc\PlaysTV\plays_service.exe [54544 2016-11-04] (Copyright (c) 2016 Plays.tv, LLC)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2016-09-20] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-11-06] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [254568 2016-09-20] (Realtek Semiconductor Corp.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-06 15:16 - 2016-11-06 15:24 - 00010819 _____ C:\Users\Cheryl's\Desktop\FRST.txt
2016-11-06 15:16 - 2016-11-06 15:23 - 00000000 ____D C:\FRST
2016-11-06 15:15 - 2016-11-06 15:15 - 01759744 _____ (Farbar) C:\Users\Cheryl's\Desktop\FRST.exe
2016-11-06 13:09 - 2016-11-06 14:36 - 00000000 ____D C:\Users\Cheryl's\Downloads\The Hotelier - Goodness (2016) [16.44 FLAC]
2016-11-06 13:09 - 2016-11-06 14:23 - 00000000 ____D C:\Users\Cheryl's\Downloads\Nothing - Tired Of Tomorrow [Deluxe Version] (2016)
2016-11-06 13:09 - 2016-11-06 13:15 - 00000000 ____D C:\Users\Cheryl's\Downloads\Aesop Rock - The Impossible Kid (2016) [MP3~320kbps]~[Hunter] [FRG]
2016-11-06 13:09 - 2016-11-06 13:13 - 00000000 ____D C:\Users\Cheryl's\Downloads\Denzel Curry - Imperial-2016-MIXFIEND
2016-11-06 13:09 - 2016-11-06 13:12 - 00000000 ____D C:\Users\Cheryl's\Downloads\Radical Face
2016-11-06 13:09 - 2016-11-06 13:09 - 00000000 ____D C:\Users\Cheryl's\Downloads\Car Seat Headrest
2016-11-06 11:44 - 2016-11-06 11:46 - 00000000 ____D C:\Users\Cheryl's\Downloads\Radiohead A Moon Shaped Pool [2016] 320
2016-11-06 11:44 - 2016-11-06 11:44 - 00000000 ____D C:\Users\Cheryl's\Downloads\N64
2016-11-06 09:02 - 2016-11-06 09:02 - 00645729 _____ (WDS Team) C:\Users\Cheryl's\Downloads\windirstat1_1_2_setup.exe
2016-11-06 09:02 - 2016-11-06 09:02 - 00000985 _____ C:\Users\Cheryl's\Desktop\WinDirStat.lnk
2016-11-06 09:02 - 2016-11-06 09:02 - 00000000 ____D C:\Users\Cheryl's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2016-11-06 09:02 - 2016-11-06 09:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2016-11-06 09:02 - 2016-11-06 09:02 - 00000000 ____D C:\Program Files\WinDirStat
2016-11-06 08:50 - 2016-11-06 08:51 - 00000000 ____D C:\Users\Cheryl's\AppData\Roaming\Wireshark
2016-11-06 08:48 - 2016-11-06 08:48 - 00001935 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-11-06 08:48 - 2016-11-06 08:48 - 00001752 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-11-06 08:48 - 2016-11-06 08:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-11-06 08:48 - 2016-11-06 08:48 - 00000000 ____D C:\Program Files\WinPcap
2016-11-06 08:46 - 2016-11-06 08:49 - 00000000 ____D C:\Program Files\Wireshark
2016-11-06 08:45 - 2016-11-06 08:46 - 44390576 _____ (Wireshark development team) C:\Users\Cheryl's\Downloads\Wireshark-win32-2.2.1.exe
2016-11-06 07:42 - 2016-11-06 07:56 - 00000000 ____D C:\Users\Cheryl's\Downloads\ta-ku - 2012 - re-twerk (320)
2016-11-04 20:40 - 2016-11-04 20:40 - 00000000 ____D C:\Users\Cheryl's\.QtWebEngineProcess
2016-11-04 20:40 - 2016-11-04 20:40 - 00000000 ____D C:\Users\Cheryl's\.Plays.tv
2016-11-04 20:37 - 2016-11-04 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raptr
2016-11-02 20:24 - 2016-11-02 21:01 - 00000000 ____D C:\Users\Cheryl's\AppData\Local\Mozilla
2016-11-02 20:24 - 2016-11-02 20:55 - 00000000 ____D C:\Users\Cheryl's\AppData\Roaming\Mozilla
2016-11-02 20:23 - 2016-11-02 20:23 - 00001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-11-02 20:23 - 2016-11-02 20:23 - 00001101 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-11-02 20:23 - 2016-11-02 20:23 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-11-02 20:23 - 2016-11-02 20:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-02 20:20 - 2016-11-02 20:20 - 00243464 _____ C:\Users\Cheryl's\Documents\Firefox Setup Stub 49.0.2.exe
2016-10-23 12:07 - 2016-10-23 12:07 - 00000000 ____D C:\Users\Cheryl's\Downloads\Bon Iver - 22, A Million
2016-10-23 11:33 - 2016-10-23 11:35 - 00000000 ____D C:\Users\Cheryl's\Downloads\Clams.Casino-32.Levels-2016-C4
2016-10-23 11:01 - 2016-11-06 12:56 - 00000000 ____D C:\Users\Cheryl's\Downloads\Parks and Recreation - Season 2
2016-10-23 11:01 - 2016-10-23 11:34 - 00000000 ____D C:\Users\Cheryl's\Downloads\Parks and Recreation - Season 5
2016-10-23 11:01 - 2016-10-23 11:03 - 00000000 ____D C:\Users\Cheryl's\Downloads\Parks and Recreation - Season 1
2016-10-23 11:00 - 2016-10-23 11:33 - 00000000 ____D C:\Users\Cheryl's\Downloads\Parks and Recreation - Season 4
2016-10-23 11:00 - 2016-10-23 11:33 - 00000000 ____D C:\Users\Cheryl's\Downloads\Parks and Recreation - Season 3
2016-10-21 22:02 - 2016-10-21 22:02 - 00000000 ____D C:\Windows\system32\appmgmt
2016-10-21 16:48 - 2016-10-21 18:04 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-21 16:44 - 2016-10-21 18:03 - 00000000 ____D C:\Users\Cheryl's\Desktop\malware scan logfiles
2016-10-21 16:30 - 2016-10-21 16:31 - 11003784 _____ (SurfRight B.V.) C:\Users\Cheryl's\Documents\HitmanPro.exe
2016-10-21 16:01 - 2016-10-21 16:02 - 03910208 _____ C:\Users\Cheryl's\Documents\adwcleaner_6.030.exe
2016-10-21 15:23 - 2016-11-06 09:34 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-21 15:22 - 2016-10-21 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-21 15:22 - 2016-10-21 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-21 15:22 - 2016-10-21 15:22 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-10-21 15:22 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-21 15:22 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-21 15:22 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-20 19:58 - 2016-10-20 19:58 - 22851472 _____ (Malwarebytes ) C:\Users\Cheryl's\Documents\mbam-setup-2.2.1.1043.exe
2016-10-20 19:58 - 2016-10-20 19:58 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Cheryl's\Documents\rkill.com
2016-10-20 19:57 - 2016-10-20 19:58 - 01631928 _____ (Malwarebytes) C:\Users\Cheryl's\Documents\JRT.exe
2016-10-19 21:25 - 2016-10-19 21:25 - 00000000 ____D C:\Users\Cheryl's\AppData\Roaming\Synaptics
2016-10-19 21:25 - 2016-10-19 21:25 - 00000000 ____D C:\ProgramData\Synaptics
2016-10-19 18:12 - 2016-10-19 18:12 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2016-10-19 18:12 - 2016-10-19 18:12 - 00000000 ____D C:\Program Files\Synaptics
2016-10-18 13:23 - 2016-10-18 13:25 - 00000000 ____D C:\Users\Cheryl's\Downloads\Sacks, Oliver
2016-10-17 15:07 - 2016-10-17 15:27 - 00000000 ____D C:\Users\Cheryl's\Downloads\Psychology ebooks collection
2016-10-16 17:48 - 2016-10-18 16:57 - 00000000 ____D C:\Users\Cheryl's\AppData\Local\ERW
2016-10-16 17:48 - 2016-10-16 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ePub Reader
2016-10-16 17:48 - 2016-10-16 17:48 - 00000000 ____D C:\Program Files\ePub Reader for Windows
2016-10-16 17:44 - 2016-10-17 15:21 - 00000000 ____D C:\Users\Cheryl's\Downloads\Myers' Psychology for AP (2nd Ed)
2016-10-16 17:44 - 2016-10-17 15:08 - 00000000 ____D C:\Users\Cheryl's\Downloads\Brian Tracy - Psychology of Achievement & Success
2016-10-16 17:44 - 2016-10-17 15:06 - 00000000 ____D C:\Users\Cheryl's\Downloads\50 Psychology Classics
2016-10-16 17:44 - 2016-10-16 17:58 - 00000000 ____D C:\Users\Cheryl's\Downloads\Essentials of Understanding Psychology (11th Ed)
2016-10-16 17:44 - 2016-10-16 17:50 - 04397263 _____ C:\Users\Cheryl's\Downloads\The Cambridge Handbook of Personality Psychology.pdf
2016-10-16 17:44 - 2016-10-16 17:46 - 00000000 ____D C:\Users\Cheryl's\Downloads\Psych 101 Psychology Facts, Basics, Statistics, Tests, and More! by Paul Kleinman
2016-10-14 19:29 - 2016-10-14 19:30 - 00000000 ____D C:\Users\Cheryl's\Downloads\Youre.the.Worst.S03E06.HDTV.x264-FUM[ettv]
2016-10-13 23:07 - 2016-10-13 23:15 - 00000000 ____D C:\Users\Cheryl's\Downloads\www.torrenting.com - Youre.the.Worst.S03E07.HDTV.x264-FLEET
2016-10-13 23:06 - 2016-10-13 23:10 - 00000000 ____D C:\Users\Cheryl's\Downloads\Atlanta.S01E07.PROPER.HDTV.x264-KILLERS[ettv]
2016-10-13 03:22 - 2016-11-06 09:34 - 00000021 _____ C:\Windows\S.dirmngr
2016-10-12 13:24 - 2016-10-01 06:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-12 13:24 - 2016-10-01 02:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-10-12 13:24 - 2016-10-01 02:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-12 13:24 - 2016-09-30 16:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-12 13:24 - 2016-09-30 16:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-12 13:24 - 2016-09-30 16:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-12 13:24 - 2016-09-30 16:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-12 13:24 - 2016-09-30 16:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-12 13:24 - 2016-09-30 16:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-12 13:24 - 2016-09-30 16:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-12 13:24 - 2016-09-30 16:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-12 13:24 - 2016-09-30 16:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-12 13:24 - 2016-09-30 16:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-12 13:24 - 2016-09-30 16:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-12 13:24 - 2016-09-30 16:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-12 13:24 - 2016-09-30 16:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-12 13:24 - 2016-09-30 16:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-12 13:24 - 2016-09-30 16:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-12 13:24 - 2016-09-30 16:32 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-12 13:24 - 2016-09-30 16:27 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-12 13:24 - 2016-09-30 16:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-12 13:24 - 2016-09-30 16:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-12 13:24 - 2016-09-30 16:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-12 13:24 - 2016-09-30 16:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-12 13:24 - 2016-09-30 16:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-12 13:24 - 2016-09-30 16:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-12 13:24 - 2016-09-30 16:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-12 13:24 - 2016-09-30 16:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-12 13:24 - 2016-09-30 16:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-12 13:24 - 2016-09-30 16:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-12 13:24 - 2016-09-30 16:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-12 13:24 - 2016-09-30 16:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-12 13:24 - 2016-09-30 16:05 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-12 13:24 - 2016-09-30 16:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-12 13:24 - 2016-09-30 15:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-12 13:24 - 2016-09-30 15:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-12 13:24 - 2016-09-30 15:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-12 13:24 - 2016-09-16 02:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-12 13:24 - 2016-09-16 02:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-12 13:24 - 2016-09-13 07:53 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-12 13:24 - 2016-09-13 07:53 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-12 13:24 - 2016-09-13 07:49 - 01063936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-12 13:24 - 2016-09-13 07:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-12 13:24 - 2016-09-13 07:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-12 13:24 - 2016-09-13 07:28 - 02399232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-12 13:24 - 2016-09-13 07:26 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-12 13:24 - 2016-09-13 07:26 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-12 13:24 - 2016-09-13 07:26 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-12 13:24 - 2016-09-13 07:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-12 13:24 - 2016-09-13 07:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-12 13:24 - 2016-09-13 07:25 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-12 13:24 - 2016-09-13 06:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-12 13:24 - 2016-09-13 06:08 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-12 13:24 - 2016-09-11 02:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-12 13:24 - 2016-09-10 05:01 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-12 13:24 - 2016-09-10 05:00 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-12 13:24 - 2016-09-10 05:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-12 13:24 - 2016-09-10 04:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-12 13:24 - 2016-09-10 04:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-12 13:24 - 2016-09-10 04:59 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-12 13:24 - 2016-09-10 04:59 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-12 13:24 - 2016-09-10 04:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-12 13:24 - 2016-09-10 04:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-12 13:24 - 2016-09-10 04:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-12 13:24 - 2016-09-10 04:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-12 13:24 - 2016-09-10 04:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-12 13:24 - 2016-09-10 04:39 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-12 13:24 - 2016-09-10 04:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-12 13:24 - 2016-09-09 07:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-12 13:24 - 2016-09-09 07:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-12 13:24 - 2016-09-09 01:49 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-12 13:24 - 2016-09-09 01:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-12 13:24 - 2016-08-17 05:47 - 00419640 _____ C:\Windows\system32\locale.nls
2016-10-12 13:24 - 2016-08-13 03:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-12 13:24 - 2016-08-13 03:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-12 13:24 - 2016-08-13 03:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-12 13:24 - 2016-08-13 03:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-12 13:24 - 2016-08-13 03:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-12 13:24 - 2016-08-13 03:21 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-12 13:24 - 2016-08-07 02:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-12 13:24 - 2016-08-07 02:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-12 13:24 - 2016-08-07 02:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-12 13:24 - 2016-08-07 02:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-12 13:24 - 2016-08-07 02:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-12 13:24 - 2016-08-07 01:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-12 13:24 - 2016-08-07 01:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-12 13:24 - 2016-08-07 01:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-12 13:24 - 2016-07-23 01:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-12 13:24 - 2016-06-15 02:25 - 00078568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-12 13:24 - 2016-06-15 02:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-12 13:24 - 2016-06-15 02:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-12 13:24 - 2016-06-15 02:17 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-12 13:24 - 2016-06-15 02:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-12 13:24 - 2016-06-15 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-12 13:24 - 2016-06-15 02:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-12 13:24 - 2016-06-15 02:00 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-12 13:24 - 2016-06-15 01:55 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-12 13:24 - 2016-06-15 01:55 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-12 13:24 - 2016-06-15 01:54 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-11 22:56 - 2016-10-11 22:56 - 00000000 ____D C:\Users\Cheryl's\Downloads\Vince Staples - Prima Donna - EP (2016) [MP3~320Kbps]~[Hunter] [FRG]
2016-10-11 19:04 - 2016-10-12 01:44 - 00000000 ____D C:\Users\Cheryl's\Downloads\The Thick Of It Season 1, 2 & 3 + Extras (Extra episodes) DVDRip HDTV
2016-10-11 19:04 - 2016-10-11 19:04 - 00000000 ____D C:\Users\Cheryl's\Downloads\The Thick Of It - Series 4
2016-10-11 01:45 - 2016-10-12 03:01 - 00000000 ____D C:\Users\Cheryl's\Downloads\Curb Your Enthusiasm Season 1, 2, 3, 4, 5, 6, 7 & 8 + Extras DVDRip TSV
2016-10-10 23:31 - 2016-10-10 23:32 - 00000000 ____D C:\Users\Cheryl's\Downloads\Danny Brown - Atrocity Exhibition - 2016
2016-10-09 23:09 - 2016-10-23 10:58 - 00000000 ____D C:\Users\Cheryl's\Downloads\Southpark s20
2016-10-09 12:08 - 2016-10-09 12:08 - 00000000 ____D C:\Users\Cheryl's\Downloads\MATLAB For Dummies [PDF] [StormRG]
2016-10-09 12:07 - 2016-10-09 12:07 - 00000000 ____D C:\Users\Cheryl's\Downloads\Mathworks Matlab R2016a Incl Crack-=TEAM OS=-
2016-10-09 11:18 - 2016-10-09 11:19 - 16895525 _____ (Media Freeware) C:\Users\Cheryl's\Downloads\docviewer_setup.exe
2016-10-08 22:41 - 2016-10-08 23:12 - 00000000 ____D C:\Users\Cheryl's\Downloads\Trailer.Park.Boys.The.Countdown.To.Liquor.Day.LiMiTED.DVDRip.XviD-ExTrAScEnE RG
2016-10-07 15:13 - 2016-10-07 15:13 - 00000000 ____D C:\Users\Cheryl's\AppData\LocalLow\Adobe
2016-10-07 15:13 - 2016-10-07 15:13 - 00000000 ____D C:\Users\Cheryl's\AppData\Local\CEF
2016-10-07 15:10 - 2016-11-06 04:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-07 15:10 - 2016-10-07 15:10 - 00002017 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-10-07 15:09 - 2016-10-07 15:09 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-10-07 15:09 - 2016-10-07 15:09 - 00000000 ____D C:\Program Files\Adobe
2016-10-07 15:08 - 2016-10-07 15:14 - 00000000 ____D C:\ProgramData\Adobe
2016-10-07 15:05 - 2016-10-07 15:13 - 00000000 ____D C:\Users\Cheryl's\AppData\Local\Adobe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-06 15:04 - 2016-09-30 18:36 - 00000000 ____D C:\Users\Cheryl's\AppData\LocalLow\uTorrent
2016-11-06 15:04 - 2016-07-30 23:26 - 00000000 ____D C:\Users\Cheryl's\AppData\Roaming\uTorrent
2016-11-06 14:35 - 2016-07-22 17:53 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-06 14:16 - 2016-07-22 16:37 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-06 14:16 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\inf
2016-11-06 12:05 - 2016-08-02 15:21 - 00000000 ____D C:\Users\Cheryl's\Documents\Aidan
2016-11-06 11:36 - 2016-09-20 15:30 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForCheryl's.job
2016-11-06 09:43 - 2009-07-14 15:34 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-06 09:43 - 2009-07-14 15:34 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-06 09:35 - 2016-09-20 14:07 - 00000000 ____D C:\Users\Cheryl's\AppData\Roaming\PlaysTV
2016-11-06 09:35 - 2016-09-20 14:05 - 00000000 ____D C:\Users\Cheryl's\AppData\Roaming\Raptr
2016-11-06 09:34 - 2016-07-22 17:53 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-06 09:33 - 2009-07-14 15:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-06 08:47 - 2016-09-20 13:58 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-04 20:40 - 2016-07-22 16:28 - 00000000 ____D C:\Users\Cheryl's
2016-10-26 17:29 - 2016-07-22 18:25 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-22 20:21 - 2016-09-20 14:51 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-10-22 01:06 - 2016-08-03 00:34 - 00001112 _____ C:\Users\Cheryl's\Desktop\Potplayer.lnk
2016-10-21 22:02 - 2016-09-20 14:28 - 00000000 ____D C:\Program Files\Hewlett-Packard
2016-10-21 16:05 - 2016-07-12 14:58 - 00000000 ____D C:\AdwCleaner
2016-10-21 11:42 - 2016-07-22 17:54 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-21 11:42 - 2016-07-22 17:54 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-13 04:06 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\rescache
2016-10-13 03:23 - 2009-07-14 15:33 - 00306592 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-13 03:20 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\system32\Dism
2016-10-11 14:12 - 2016-08-25 13:31 - 00000000 ____D C:\Users\Cheryl's\.maplesoft
2016-10-09 14:40 - 2016-08-25 13:32 - 00000000 ____D C:\Users\Cheryl's\.gstreamer-0.10
2016-10-07 15:13 - 2016-08-02 12:06 - 00000000 ____D C:\Users\Cheryl's\AppData\Roaming\Adobe
2016-10-07 10:45 - 2016-10-06 22:39 - 00000000 ____D C:\Users\Cheryl's\Downloads\Amateur Real Couples Homemade 2016 XXX Videos Megapack

Some files in TEMP:
====================
C:\Users\Cheryl's\AppData\Local\Temp\amd-catalyst-15.7.1-without-dotnet45-win7-32bit.exe
C:\Users\Cheryl's\AppData\Local\Temp\libeay32.dll
C:\Users\Cheryl's\AppData\Local\Temp\Maple2015.2WindowsX86Upgrade.exe
C:\Users\Cheryl's\AppData\Local\Temp\msvcr120.dll
C:\Users\Cheryl's\AppData\Local\Temp\playstv_patch.exe
C:\Users\Cheryl's\AppData\Local\Temp\raptrpatch.exe
C:\Users\Cheryl's\AppData\Local\Temp\raptr_stub.exe
C:\Users\Cheryl's\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-04 00:44

==================== End of FRST.txt ============================

 

[DonnaB]

I am thinking that if you did a fresh OS install after the hack, it could be a problem with Word. Please do post the logs Malnutrition requested so we can have a look.

 

[Rustys]

Merged the two threads together to avoid confusion.

 

[DonnaB]

Got it! Thanks for the merge Rustys..

@j_c1222
Give me a moment to review the logs.. Back soon.

 

[j_c1222]

Thank you! @DonnaB

 

[DonnaB]

Hi j_c1222,

My apologies for the delay.

I don't see any Antivirus (AV) protection installed. Please do not go wandering around the internet unprotected. In this day and age, it is very important that you have Anti-Virus software running on your machine. It is your first line of defense. By having an AntiVirus program running, files will be scanned as you use them, download them, or open them. If a virus is found in one of the items you are about to use, the AntiVirus program will stop you from being able to run that program and infect yourself. They also protect against spyware and other potentially unwanted software. If you had no AV installed when your system was infiltrated the possibility is ever present that this could have been prevented if you had one installed.

Before we go any further, we need to get an AV installed. Do you have a preference in AV software? I use Avast free. If you have a preference, let me know and I can provide a safe link for you to download from, otherwise download and install Avast, update the virus definitions then run a boot scan.

I see that you have µTorrent installed. Though P2P programs themselves are not malicious, the chance of downloading a malicious file is like playing russian roullette. Any file could be the one that will turn your computer into a very expensive door stop, and I would appeciate if you disabled the software and refrained from using it while we are working on your current issue. For all we know, this could be how your system was infiltrated.

Please report back once the above is accomplished. In the meantime, I will be reviewing your logs.

Thank you.

 

[j_c1222]

I uninstalled Utorrent and am currently installing avast

 

[j_c1222]

avast installed and am running a scan

 

[DonnaB]

Excellent! Thank you for being so compliant. Let me know when the scan has finished please and I will post my next set of instructions.

 

[j_c1222]

No worries, thanks so much for the help, it's really appreciated. here's a picture of the scan results for clarification. link is safe. http://imgur.com/iGb4hGJ

 

[DonnaB]

Hi j_c1222,

The free space on your C:\ drive is being gobbled up by downloaded files. At this time you have approximately 30% of free space left. Your system will function best with 20% or more, so you are getting close. I would suggest that you purchase an external storage drive and move those files to the drive which can be accessed from there to add free space to Drive C:\.

FRST fix:

• Open notepad
• Please copy the entire contents of the code box below into Notepad.
  (To do this highlight the contents of the box from start to end, right click on it and select copy. Right-click in the open notepad and select Paste).
• Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt.
  
  Click in quote box below to expand...
  
  

  start
  CreateRestorePoint:
  CloseProcesses:
  FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
  FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
  Tcpip\..\Interfaces\{9DBD8FFC-D2C4-4F22-88C5-D3DF9103C9CF}: [DhcpNameServer] 192.168.2.1
  CHR StartupUrls: Default -> "hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=306F6F379543335AADA27BA2AED1828D&v=20160329&ts=AHEpCHUpBH8mAU.."
  CHR Extension: (Sci-Hub) - C:\Users\Cheryl's\Documents\Aidan\Sci-Hub [2016-10-16] [UpdateUrl: hxxp://31.184.194.81/update] <==== ATTENTION
  S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
  S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
  S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
  S3 VGPU; System32\drivers\rdvgkmd.sys [X]
  Hosts:
  Emptytemp:
  CMD: netsh advfirewall reset
  CMD: netsh advfirewall set allprofiles state on
  CMD: ipconfig /flushdns
  end

  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
• Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
• The tool will make a log (Fixlog.txt) which you will find where you saved FRST. Please post it to your reply.

I see that you have Junkware removal tool and AdwCleaner installed.

(Malwarebytes) C:\Users\Cheryl's\Documents\JRT.exe
C:\Users\Cheryl's\Documents\adwcleaner_6.030.exe

Please move (drag and drop) them from the Documents folder to your desktop.

I see you also have Malwarebytes installed. After you run the fix I provided above, please run the following programs in the order I have listed below:

Next:

• Disable your protection software now to avoid potential conflicts. For Avast, right click on the orange icon in the notification tray and choose Avast Sheilds Control > Disable until computer is restarted
• Run the JRT tool by right clicking the icon and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Next:

• Right-click on AdwCleaner.exe and select Run As Administrator
• The tool will start to update the database, please wait a bit.
• Click on the Scan button.
• AdwCleaner will begin. Please be patient as the scan may take some time to complete.
• After the scan has finished, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Next:
Malwarebytes 2.0, please run a Threat Scan:

• Click on the Dashboard tab and to the right of Database Version, click the Update Now >> link.
• After the updates complete, click on the Settings tab at the top then click on Detection and Protection.
• Under Detection Options, make sure all 3 options are checked.
• Just below that, under Non-Malware Protection, click on the drop down arrow under PUP (Potentially Unwanted Program) detections: and choose Treat detections as malware.
• Click on the Scan tab at the top, then click on the Scan Now >> button. (There is also a Scan Now >> button on the Dashboard you can click as well.
• If you are offered to update again, go ahead and click the Update Now >> button. Once complete, the Threat Scan will begin.
• When the scan is complete, if there have been any detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

Post log:

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click Copy to Clipboard
• Paste the contents of the clipboard into your reply.

In your next reply, please post the following logs:

• Fixlog.txt
• JRT.txt
• AdwCleaner[S#].txt
• MBAM log

 

[j_c1222]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/11/2016
Scan Time: 7:35 AM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.07.09
Rootkit Database: v2016.10.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Cheryl's

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 268088
Time Elapsed: 22 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Fix result of Farbar Recovery Scan Tool (x86) Version: 06-11-2016
Ran by Cheryl's (08-11-2016 07:05:42) Run:1
Running from C:\Users\Cheryl's\Desktop
Loaded Profiles: Cheryl's (Available Profiles: Cheryl's)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
Tcpip\..\Interfaces\{9DBD8FFC-D2C4-4F22-88C5-D3DF9103C9CF}: [DhcpNameServer] 192.168.2.1
CHR StartupUrls: Default -> "hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=306F6F379543335AADA27BA2AED1828D&v=20160329&ts=AHEpCHUpBH8mAU.."
CHR Extension: (Sci-Hub) - C:\Users\Cheryl's\Documents\Aidan\Sci-Hub [2016-10-16] [UpdateUrl: hxxp://31.184.194.81/update] <==== ATTENTION
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Hosts:
Emptytemp:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
end
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully.
C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll => moved successfully
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully.
"C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll" => not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9DBD8FFC-D2C4-4F22-88C5-D3DF9103C9CF}\\DhcpNameServer => value removed successfully.
Chrome StartupUrls => removed successfully.
C:\Users\Cheryl's\Documents\Aidan\Sci-Hub <==== ATTENTION => not found.
rpcapd => service removed successfully.
Synth3dVsc => service removed successfully.
tsusbhub => service removed successfully.
VGPU => service removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12665925 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 504154616 B
Edge => 0 B
Chrome => 63278776 B
Firefox => 17763160 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 65960 B
LocalService => 66228 B
NetworkService => 205026 B
Cheryl's => 856273873 B

RecycleBin => 9402514983 B
EmptyTemp: => 10.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 07:10:33 ====
# AdwCleaner v6.030 - Logfile created 08/11/2016 at 07:23:58
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-07.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X86)
# Username : Cheryl's - CHERYLS-PC
# Running from : C:\Users\Cheryl's\Desktop\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[#] Folder deleted on reboot: C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl


***** [ Files ] *****

[#] File deleted: C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nonjdcjchghhkdoolnlbekcfllmednbl_0.localstorage
[#] File deleted: C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nonjdcjchghhkdoolnlbekcfllmednbl_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****

[-] [C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=306F6F379543335AADA27BA2AED1828D&v=20160329&ts=AHEpCHUpBH8mAU..
[-] [C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: nonjdcjchghhkdoolnlbekcfllmednbl


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2944 Bytes] - [12/07/2016 15:11:37]
C:\AdwCleaner\AdwCleaner[C2].txt - [1386 Bytes] - [20/07/2016 13:52:25]
C:\AdwCleaner\AdwCleaner[C3].txt - [1727 Bytes] - [08/11/2016 07:23:58]
C:\AdwCleaner\AdwCleaner[S1].txt - [2963 Bytes] - [12/07/2016 14:59:12]
C:\AdwCleaner\AdwCleaner[S2].txt - [1212 Bytes] - [20/07/2016 12:01:08]
C:\AdwCleaner\AdwCleaner[S3].txt - [2166 Bytes] - [21/10/2016 16:05:09]
C:\AdwCleaner\AdwCleaner[S4].txt - [2237 Bytes] - [08/11/2016 07:23:25]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [2092 Bytes] ##########

 

[j_c1222]

Just before I post the logs, I just want to say thanks so much for your help. Very comprehensive and detailed, really appreciate it. Would be lost without this help.


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/11/2016
Scan Time: 7:35 AM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.07.09
Rootkit Database: v2016.10.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Cheryl's

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 268088
Time Elapsed: 22 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Fix result of Farbar Recovery Scan Tool (x86) Version: 06-11-2016
Ran by Cheryl's (08-11-2016 07:05:42) Run:1
Running from C:\Users\Cheryl's\Desktop
Loaded Profiles: Cheryl's (Available Profiles: Cheryl's)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
Tcpip\..\Interfaces\{9DBD8FFC-D2C4-4F22-88C5-D3DF9103C9CF}: [DhcpNameServer] 192.168.2.1
CHR StartupUrls: Default -> "hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=306F6F379543335AADA27BA2AED1828D&v=20160329&ts=AHEpCHUpBH8mAU.."
CHR Extension: (Sci-Hub) - C:\Users\Cheryl's\Documents\Aidan\Sci-Hub [2016-10-16] [UpdateUrl: hxxp://31.184.194.81/update] <==== ATTENTION
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Hosts:
Emptytemp:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
end
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully.
C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll => moved successfully
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully.
"C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll" => not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9DBD8FFC-D2C4-4F22-88C5-D3DF9103C9CF}\\DhcpNameServer => value removed successfully.
Chrome StartupUrls => removed successfully.
C:\Users\Cheryl's\Documents\Aidan\Sci-Hub <==== ATTENTION => not found.
rpcapd => service removed successfully.
Synth3dVsc => service removed successfully.
tsusbhub => service removed successfully.
VGPU => service removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12665925 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 504154616 B
Edge => 0 B
Chrome => 63278776 B
Firefox => 17763160 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 65960 B
LocalService => 66228 B
NetworkService => 205026 B
Cheryl's => 856273873 B

RecycleBin => 9402514983 B
EmptyTemp: => 10.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 07:10:33 ====
# AdwCleaner v6.030 - Logfile created 08/11/2016 at 07:23:58
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-07.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X86)
# Username : Cheryl's - CHERYLS-PC
# Running from : C:\Users\Cheryl's\Desktop\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[#] Folder deleted on reboot: C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl


***** [ Files ] *****

[#] File deleted: C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nonjdcjchghhkdoolnlbekcfllmednbl_0.localstorage
[#] File deleted: C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nonjdcjchghhkdoolnlbekcfllmednbl_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****

[-] [C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=306F6F379543335AADA27BA2AED1828D&v=20160329&ts=AHEpCHUpBH8mAU..
[-] [C:\Users\Cheryl's\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: nonjdcjchghhkdoolnlbekcfllmednbl


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2944 Bytes] - [12/07/2016 15:11:37]
C:\AdwCleaner\AdwCleaner[C2].txt - [1386 Bytes] - [20/07/2016 13:52:25]
C:\AdwCleaner\AdwCleaner[C3].txt - [1727 Bytes] - [08/11/2016 07:23:58]
C:\AdwCleaner\AdwCleaner[S1].txt - [2963 Bytes] - [12/07/2016 14:59:12]
C:\AdwCleaner\AdwCleaner[S2].txt - [1212 Bytes] - [20/07/2016 12:01:08]
C:\AdwCleaner\AdwCleaner[S3].txt - [2166 Bytes] - [21/10/2016 16:05:09]
C:\AdwCleaner\AdwCleaner[S4].txt - [2237 Bytes] - [08/11/2016 07:23:25]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [2092 Bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Ultimate x86
Ran by Cheryl's (Administrator) on Tue 08/11/2016 at 8:11:21.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 9

Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\Users\Cheryl's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MFJ2R1M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Cheryl's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGRBIALV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Cheryl's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XICVBQU5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Cheryl's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YHX4IQ32 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MFJ2R1M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGRBIALV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XICVBQU5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YHX4IQ32 (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/11/2016 at 8:14:10.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[DonnaB]

My pleasure to help. And thank you for the compliment.

Before I remove my tools, how is your computer behaving? I didn't see anything in the logs to be concerned about. Do you have any questions or concerns of your own that you would like to address?

 

[j_c1222]

My laptop is working fine. I have no other questions or concerns to raise.
You're doing heaps of work for me so I think you definitely deserve the compliment.

 

[DonnaB]

I am so glad your laptop is behaving as should be. And thank you again for the nice words of appreciation.

Let's remove those tools and I'll give you a couple of tips to stay safe and clean:

Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the [img=[URL]http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.png[/URL]] icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run.
• The program will run for a few seconds and display a notepad report.
  Paste it for my review.

Now for some tips on safe computing...

It is not my place to tell you not to use P2P software but I feel it is my duty to educate you on the dangers of. P2P Programs if used for file sharing at sites that are of the suspicious nature can invite spyware, viruses, Trojan horses, or worms into your computer. When the files are downloaded, your computer becomes infected. If you share these files with others, their computer becomes infected as well. You also invite the possibilities of others hacking your system, stealing your personal information such as passwords, online banking accounts, personal files, etc., but most important it is illegal, especially it the files are have a copywrite.

Please read the following link for more information:

P2P File-Sharing: Evaluate the Risks

File encrypting ransomeware is running rampant in the wild. Please read Protect Yourself Against Ransomware by jmarket. The best practice is learning how to prevent it. I use and recommend the installation of Cryptoprevent.

1. Download CryptoPrevent free for home use here following the instructions below.
2. Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
3. Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
4. You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
5. You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
6. You will then be prompted to apply all default protections. Answer Yes.
7. You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
8. That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.

You already have Malwarebytes Antimalware installed. Keep it updated and run a scan weekly.

I also use and recommend Unchecky. This program is great at preventing the installation of pre-checked software that comes bundled along side other software that you download.

• Click on the link above to be taken to Unchecky.com
• click the very large Download button.
• click Save
• Click Open folder
• Right click on the Unchecky_setup and choose to Run as Administrator
• Once open click the Install button.
• Then click on Finish

Unchecky is now installed and will help you keep any unwanted check boxes unchecked, this is a fire and forget programme

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

If you have any questions or concerns, doesn't hesitate to ask.

Donna