Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pointer jumps around on screen, and touch screen stopped working. [Clo

Started by Call Any Vegetable , Dec 16 2018 12:53 AM

  • This topic is locked This topic is locked

#1
Call Any Vegetable
Posted 16 December 2018 - 12:53 AM

Call Any Vegetable

    Member

  • Member
  • PipPip
  • 51 posts

At random, my pointer will relocate to a different spot on my screen. Sometimes it right clicks, sometimes it left clicks. It'll occasionally minimize or close out windows I have open. There doesn't seem to be much of a pattern as to when it happens, either. Also, on a separate note, my touch screen has stopped working. The pen still works. (I have an HP tablet notebook). I don't know if these are connected, or completely different beasts.


Edited by Call Any Vegetable, 16 December 2018 - 12:57 AM.

  • 0

Advertisements

#2
Call Any Vegetable
Posted 16 December 2018 - 12:53 AM

Call Any Vegetable

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018
Ran by Owner (administrator) on OWNER-PC (16-12-2018 00:49:53)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Program Files\WTouch\WTouchUser.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Camshare Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Camshare, Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
() C:\Program Files (x86)\Camfrog\Camfrog Video Chat\camfrog_cef.exe
() C:\Program Files (x86)\Camfrog\Camfrog Video Chat\camfrog_cef.exe
() C:\Program Files (x86)\Camfrog\Camfrog Video Chat\camfrog_cef.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Owner\Desktop\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-02-14] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2824792 2017-08-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2012-02-28] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2395192064-3203352763-3429850395-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2395192064-3203352763-3429850395-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3131680 2018-11-26] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-10-09]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-10-09]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2016-04-27]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZipItFree.lnk [2016-04-27]
ShortcutTarget: ZipItFree.lnk -> C:\Program Files (x86)\ZipItFree\ZipItFree.exe (MicroSmarts LLC.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{175E1A54-DEEE-429B-A1B2-052DCE5C45DD}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{9D261B51-A6EE-486D-BE24-3B1EA0C56F67}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{CF035250-17DE-41F0-BF62-60218D4739BA}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
ManualProxies: 
 
Internet Explorer:
==================
HKU\S-1-5-21-2395192064-3203352763-3429850395-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m5pksqjx.default-1447621952731 [2018-04-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-06] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2018-12-16]
CHR Extension: (Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-08]
CHR Extension: (Honey) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-11-14]
CHR Extension: (Adobe Acrobat) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-25]
CHR Extension: (Wikibuy) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2018-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-08]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc.)
R2 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1063968 2016-12-18] (Camshare Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-09] (Reason Software Company Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [114544 2011-01-07] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260480 2018-12-16] (Malwarebytes)
R3 WacomVTHid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [16368 2011-01-07] (Wacom Technology)
R3 wisdpen; C:\Windows\System32\DRIVERS\wisdpen.sys [44656 2011-01-07] (Wacom Technology)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-12-16 00:49 - 2018-12-16 00:50 - 000014246 _____ C:\Users\Owner\Desktop\FRST.txt
2018-12-16 00:49 - 2018-12-16 00:49 - 002417152 _____ (Farbar) C:\Users\Owner\Desktop\FRST64 (1).exe
2018-12-16 00:47 - 2018-12-16 00:47 - 002417152 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2018-12-16 00:44 - 2018-12-16 00:44 - 000260480 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-13 00:54 - 2018-12-13 00:54 - 000072991 _____ C:\Users\Owner\Downloads\Lesson10.pdf
2018-12-13 00:45 - 2018-12-13 00:45 - 000122607 _____ C:\Users\Owner\Downloads\Lesson9.pdf
2018-12-12 23:51 - 2018-12-12 23:51 - 000077164 _____ C:\Users\Owner\Downloads\Lesson8.pdf
2018-12-06 17:18 - 2018-12-06 17:18 - 000083057 _____ C:\Users\Owner\Downloads\Lesson6.pdf
2018-12-06 16:58 - 2018-12-06 16:58 - 001303856 _____ C:\Users\Owner\Downloads\Section1-Complete.pdf
2018-12-06 16:44 - 2018-12-06 16:44 - 000251624 _____ C:\Users\Owner\Downloads\Lesson1.pdf
2018-11-23 21:56 - 2018-11-23 21:56 - 005641024 _____ C:\Users\Owner\Downloads\AFTER-You-Get-Your-Puppy.pdf
2018-11-23 21:54 - 2018-11-23 21:54 - 003535933 _____ C:\Users\Owner\Downloads\BEFORE-You-Get-Your-Puppy.pdf
2018-11-23 21:49 - 2018-11-23 21:49 - 001845162 _____ C:\Users\Owner\Downloads\SIRIUS-Academy-Slides.pdf
2018-11-23 21:47 - 2018-11-23 21:47 - 000227764 _____ C:\Users\Owner\Downloads\ID-Academy-NOTES.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-12-16 00:50 - 2009-07-13 23:13 - 000782010 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-16 00:49 - 2015-10-09 11:18 - 000000000 ____D C:\FRST
2018-12-16 00:45 - 2015-10-08 22:21 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Camfrog
2018-12-16 00:44 - 2017-11-25 12:19 - 000000000 ____D C:\Program Files (x86)\Steam
2018-12-16 00:44 - 2015-09-26 12:29 - 000000000 ____D C:\Users\Owner\AppData\Local\Adobe
2018-12-16 00:44 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-14 00:15 - 2015-09-26 12:30 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-12-14 00:09 - 2009-07-13 22:45 - 000017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-14 00:09 - 2009-07-13 22:45 - 000017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-14 00:07 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2018-12-07 00:27 - 2015-10-08 22:21 - 000000000 ____D C:\ProgramData\Camfrog Update
2018-12-06 16:50 - 2018-03-14 21:36 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-12-06 16:50 - 2015-09-26 12:31 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-12-06 16:50 - 2015-09-26 12:31 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-12-06 16:50 - 2015-09-26 12:31 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-12-06 16:50 - 2015-09-26 12:31 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-12-06 16:50 - 2015-09-26 12:31 - 000000000 ____D C:\Windows\system32\Macromed
2018-11-28 23:13 - 2015-10-06 12:35 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2018-11-19 12:54 - 2017-12-30 15:53 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Kodi
 
==================== Files in the root of some directories =======
 
2018-11-28 23:13 - 2018-11-28 23:13 - 000000000 _____ () C:\Users\Owner\AppData\Local\oobelibMkey.log
2017-10-16 16:41 - 2017-10-16 16:41 - 000004626 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
 
Some files in TEMP:
====================
2016-06-14 12:35 - 2016-06-14 12:35 - 002458672 _____ (The OpenSSL Project, http://www.openssl.org/)C:\Users\Owner\AppData\Local\Temp\libeay32.dll
2016-06-14 12:35 - 2016-06-14 12:35 - 000970912 _____ (Microsoft Corporation) C:\Users\Owner\AppData\Local\Temp\msvcr120.dll
2004-12-29 22:23 - 2004-12-29 22:23 - 000032768 _____ () C:\Users\Owner\AppData\Local\Temp\rcinst.exe
2016-06-14 12:35 - 2016-06-14 12:35 - 000772672 _____ () C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-11-14 19:48
 
==================== End of FRST.txt ============================

  • 0

#3
Call Any Vegetable
Posted 16 December 2018 - 12:54 AM

Call Any Vegetable

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by Owner (16-12-2018 00:50:21)
Running from C:\Users\Owner\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-09-25 04:01:30)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2395192064-3203352763-3429850395-500 - Administrator - Disabled)
Guest (S-1-5-21-2395192064-3203352763-3429850395-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2395192064-3203352763-3429850395-1002 - Limited - Enabled)
Owner (S-1-5-21-2395192064-3203352763-3429850395-1000 - Administrator - Enabled) => C:\Users\Owner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2395192064-3203352763-3429850395-1000\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.)
7-Zip 15.11 beta (HKLM-x32\...\7-Zip) (Version: 15.11 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20064 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Camfrog Video Chat 6.23 (HKLM-x32\...\Camfrog) (Version: 6.23.688 - Camshare, Inc.)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
iCopyBot for Windows 8.0.0 (HKLM-x32\...\iCopyBot for Windows) (Version: 8.0.0 - VOW Software)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.3 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{BE065D5C-5EB5-4F39-A112-32897C297935}) (Version: 12.7.5.9 - Apple Inc.)
Kodi (HKU\S-1-5-21-2395192064-3203352763-3429850395-1000\...\Kodi) (Version:  - XBMC-Foundation)
Krita (x64) 3.0 (HKLM\...\Krita_x64) (Version: 3.0.0.0 - Krita Foundation)
LibreOffice 5.3.2.2 (HKLM-x32\...\{8DA98699-6AD4-49CF-A9A0-B5E7B7981BE6}) (Version: 5.3.2.2 - The Document Foundation)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.37.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Spotify (HKU\S-1-5-21-2395192064-3203352763-3429850395-1000\...\Spotify) (Version: 1.0.90.268.ga8a0ceb4 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.25 - Synaptics Incorporated)
Touch Driver (HKLM-x32\...\Touch Driver) (Version: 3.0.7.24 - )
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Intel (NETwLv64) net  (10/07/2010 13.4.0.139) (HKLM\...\EA1C8ECD4E416637C38F0079F98C8C7B0A112265) (Version: 10/07/2010 13.4.0.139 - Intel)
Windows Driver Package - Intel (NETwNs64) net  (08/03/2011 14.2.0.10) (HKLM\...\E2EE673C57E78D934638ED288907F5794CF48BC3) (Version: 08/03/2011 14.2.0.10 - Intel)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
Yousician Launcher version 1.0 (HKLM-x32\...\{EF45EAE9-523E-47C3-8634-A81923B11DD5}_is1) (Version: 1.0 - Yousician)
ZipItFree 2.30 (HKLM-x32\...\zipitfree) (Version: 2.30 - MicroSmarts LLC)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-14] (Igor Pavlov)
ContextMenuHandlers1-x32: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-06-16] (WinZip Computing, S.L.)
ContextMenuHandlers1-x32-x32: [ZipItFreeContextMenu] -> {9FCB3717-B87B-421E-BB30-61769539EA23} => C:\Program Files (x86)\ZipItFree\ZFreeEx.dll [2007-12-03] (MicroSmarts LLC.)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-14] (Igor Pavlov)
ContextMenuHandlers4-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-06-16] (WinZip Computing, S.L.)
ContextMenuHandlers4-x32-x32: [ZipItFree] -> {9FCB3717-B87B-421E-BB30-61769539EA23} => C:\Program Files (x86)\ZipItFree\ZFreeEx.dll [2007-12-03] (MicroSmarts LLC.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-01-16] (Intel Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-14] (Igor Pavlov)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-06-16] (WinZip Computing, S.L.)
ContextMenuHandlers6-x32-x32: [ZipItFree] -> {9FCB3717-B87B-421E-BB30-61769539EA23} => C:\Program Files (x86)\ZipItFree\ZFreeEx.dll [2007-12-03] (MicroSmarts LLC.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {221D96EC-A17B-44FC-A256-DBE56A3C9EEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-09] (Google Inc.)
Task: {56E67175-EFE2-4081-A64E-E99727152EE3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-09] (Google Inc.)
Task: {61E04DDD-C614-4AC8-956E-4A02EFD48700} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-06] (Adobe Systems Incorporated)
Task: {774F23CD-1746-46C6-A2EB-7B978D2ADB9B} - System32\Tasks\AdobeAAMUpdater-1.0-Owner-PC-Owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {80B00DEE-5BAD-48C1-B536-23849CBFBFEF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {990993D2-C1D5-4DF7-98B8-E7C12B656733} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {CD1A60E4-B67F-4B45-959E-B4E6DF3F75DD} - System32\Tasks\AdobeGCInvoker-1.0-Owner-PC-Owner => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-09-10] (Adobe Systems, Incorporated)
Task: {EAB6E049-BCB5-4059-BC5B-B0F6E90F328B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [2018-12-06] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Program Files (x86)\Google\Chrome\Application\5afc9d3edf802162e90c94e2445861f9"
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-06 10:27 - 2011-01-07 10:11 - 001108336 _____ () C:\Program Files\WTouch\WTouchUser.exe
2018-05-15 17:58 - 2018-05-15 17:58 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-16 16:27 - 2013-01-16 16:27 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-05-22 21:08 - 2018-05-22 21:08 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-05-22 21:09 - 2018-05-22 21:09 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-10-12 18:59 - 2018-11-09 19:24 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-09-03 18:09 - 2018-10-30 12:06 - 001057056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\SDL2.dll
2018-09-03 18:09 - 2018-09-22 18:00 - 102804768 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2018-09-03 18:09 - 2018-09-22 18:00 - 004866336 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2018-09-03 18:09 - 2018-09-22 18:00 - 000116000 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2018-11-28 05:04 - 2018-11-28 05:04 - 000772104 _____ () C:\Program Files (x86)\Camfrog\Camfrog Video Chat\camfrog_cef.exe
2018-11-23 16:10 - 2018-11-15 23:43 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libglesv2.dll
2018-11-23 16:10 - 2018-11-15 23:43 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libegl.dll
2018-12-06 16:50 - 2018-12-06 16:50 - 031311872 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\User Data\PepperFlash\32.0.0.101\pepflashplayer.dll
2017-11-25 12:20 - 2018-10-30 12:06 - 000879904 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-11-25 12:20 - 2016-08-31 19:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-11-25 12:20 - 2016-08-31 19:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-11-25 12:20 - 2016-08-31 19:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-11-25 12:20 - 2018-11-26 14:29 - 002649376 _____ () C:\Program Files (x86)\Steam\video.dll
2017-12-19 02:28 - 2017-12-19 19:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-19 02:28 - 2017-12-19 19:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-19 02:28 - 2017-12-19 19:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-19 02:28 - 2017-12-19 19:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-19 02:28 - 2017-12-19 19:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2017-11-25 12:20 - 2018-11-26 14:29 - 001028384 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-11-25 12:20 - 2016-07-04 16:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-05-13 01:59 - 2016-05-13 01:59 - 048936448 _____ () C:\Program Files (x86)\Camfrog\Camfrog Video Chat\libcef.dll
2017-10-20 06:50 - 2017-10-20 06:50 - 000345600 _____ () C:\Program Files (x86)\Camfrog\Camfrog Video Chat\opus.dll
2016-05-13 01:59 - 2016-05-13 01:59 - 001665024 _____ () C:\Program Files (x86)\Camfrog\Camfrog Video Chat\libglesv2.dll
2016-05-13 01:59 - 2016-05-13 01:59 - 000075264 _____ () C:\Program Files (x86)\Camfrog\Camfrog Video Chat\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2018-12-16 00:44 - 000002103 _____ C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2395192064-3203352763-3429850395-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{D7AE70A5-1B86-4616-B4A5-5DC518B91DD7}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
FirewallRules: [UDP Query User{27876E5F-8174-4B18-A882-935F0DBBC050}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
FirewallRules: [TCP Query User{0EC954AB-288C-470D-913D-479D39A1B943}C:\users\owner\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\owner\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{1196AFA3-43A3-44B4-A807-6773187965E1}C:\users\owner\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\owner\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{F92D97E0-F532-4ECB-87EF-61368412C84D}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
FirewallRules: [UDP Query User{0EC244D7-2F55-4043-B056-25BD3F7FF128}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
FirewallRules: [TCP Query User{AC0E6D74-F18D-4EB1-9CFB-08AD7C58771D}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{9C81E4FA-9D6F-4C76-95F6-33ABA15537DC}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{16C0BAA2-E8DC-4BEE-934D-D3CE200539E5}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{6C170D90-94EC-44A6-AC92-98E4B9AA5CDA}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3C8FD31A-9548-4CBF-A901-14A7A8F77C3A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D1B28ACF-7956-4486-A1C6-2B85A079BE42}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F4BDDB0F-4AE5-4158-BEA8-8043254719CC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9983FB74-93D7-47AA-AE5D-3CDB17962DC3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1D6238BC-56E4-4980-B887-54A207D679BB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3621606F-1E67-41B2-9AB4-E630B20D1561}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FD34FDE7-3F71-497E-B639-EC0A812EADB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C781E545-4941-4479-A857-595689494D6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{9BA633A3-C2C2-4A1E-95A2-011CD88E1ABB}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{019CAEBD-3389-4F51-8669-153F902C7055}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{DBD9A5B7-B1C2-4965-B9B4-4F1A6E813CCF}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{F4C37522-8A9D-403B-B77E-7B0DCFD59036}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{95B491C5-F0BF-4576-A5C0-8AC81D6F64D4}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{22D62741-DBE8-4CFD-9D89-33201D4283AC}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{D8BFB489-3EB2-4278-B886-E6637175DA50}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{DDF7BFF7-B72D-4BBC-88FE-B2913DE9FA77}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BE2D1597-61A5-4A33-AB92-7A4B8657F05E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{7345D236-0D50-4070-8296-590BB8091447}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{3DAA21DA-FA48-499B-BFDA-8A9E9EF9DE34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe
FirewallRules: [{3A0EBA58-8C43-4C5F-AB91-9423B44EF5CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe
FirewallRules: [{50F0880B-D4EE-4FC0-86F1-97C05A18E4AE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
14-09-2018 20:52:07 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
15-09-2018 20:40:49 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
15-09-2018 20:40:56 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
15-09-2018 20:41:03 Installed DirectX
06-10-2018 20:13:13 Scheduled Checkpoint
14-11-2018 19:55:54 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/16/2018 12:46:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/14/2018 12:02:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/12/2018 11:48:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/12/2018 02:17:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/11/2018 10:42:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/06/2018 11:56:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/06/2018 04:42:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/30/2018 07:55:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (11/30/2018 07:53:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/30/2018 07:53:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (11/28/2018 11:09:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (11/28/2018 11:09:18 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (11/24/2018 12:33:53 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
 
Error: (11/15/2018 12:17:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/15/2018 12:17:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (11/14/2018 08:19:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
 
 
Windows Defender:
===================================
Date: 2016-04-27 12:11:00.953
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:SoftwareBundler:Win32/Techsnab
ID:222310
Severity:High
Category:Software Bundler
Path Found:process:pid:5568
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2620M CPU @ 2.70GHz
Percentage of memory in use: 35%
Total physical RAM: 8102.36 MB
Available physical RAM: 5256.88 MB
Total Virtual: 16202.9 MB
Available Virtual: 13220.36 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.95 GB) (Free:23.29 GB) NTFS
 
\\?\Volume{22be32af-6339-11e5-a504-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 6014C311)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#4
Call Any Vegetable
Posted 02 January 2019 - 04:11 PM

Call Any Vegetable

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Hello?


  • 0

#5
iMacg3
Posted 25 February 2019 - 09:45 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts

Sorry for the delay. Do you still need help?


  • 0

#6
iMacg3
Posted 01 March 2019 - 04:17 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP