Strange "Jumping Up and Down" Behavior on My Screen....

[Skyclad]

Hello to my friends at FreePCHelp...!

I do have a bit of a problem that seems to be cropping up more and more frequently of late, and there appears to be no pattern in what causes this to happen.. It is my hope that the "symptoms" I describe below is something you guys have seen before, know what it is, and ultimately fix it..

What happens is, out of the blue, my screen begins jumping up and down rapidly whenever the cursor is over a part of the page that I could click on.. This occurrs on AOL, Internet Explorer and Google Chrome.. Simply ANYTHING I have up on the screen is affected.. The only way I have "fixed" this in the past is to reboot my computer, and even this sometimes doesn't work.. The main thing that I've noticed is that the cursor has to be over the screen somewhere, and if it's off to the side a bit there is no rapid jumping up and down and the page appears normal....

So, hopefully this will sound familiar and you will know what this is.. Historically though, my computer problems are rarely solved this easily.. Hopefully this will be an exception!

Thanks in advance for any help you can provide....

[Starbuck]

Hi Skyclad,

 

It's good to see you again.

Just a couple of questions before we start...

Is this a laptop or a desktop computer?

 

This occurrs on AOL, Internet Explorer and Google Chrome.. Simply ANYTHING I have up on the screen is affected..

Does this happen when just using browsers or does this happen when you're working offline?

 

This may well not be caused through malware etc, but we'll take a look anyway.

 

Note:

There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

 

If you are unsure what you're system bit type is..... click Here for help.

 

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

 

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

 

• Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator
   
  http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png
   
  
• When the tool opens click Yes to disclaimer.
   
  http://img.photobucket.com/albums/v708/starbuck50/frstdis_zps7f598f12.png
   
  
• Make sure that Addition.txt is selected at the bottom
  
• Press Scan button.
   
  http://img.photobucket.com/albums/v708/starbuck50/newfrst_zpsa63ffa3d.png
   
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
  

 

 

In your next reply, please submit:

Both reports from Frst

and answer the couple of questions at the beginning.

 

 

Thanks.

[Skyclad]

Hi Skyclad,

 

It's good to see you again.

Just a couple of questions before we start...

Is this a laptop or a desktop computer?

 

 

Does this happen when just using browsers or does this happen when you're working offline?

 

This may well not be caused through malware etc, but we'll take a look anyway.

 

Note:

There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

 

If you are unsure what you're system bit type is..... click Here for help.

 

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

 

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

 

• Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator
   
  
  
• When the tool opens click Yes to disclaimer.
   
  
  
• Make sure that Addition.txt is selected at the bottom
  
• Press Scan button.
   
  
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
  

 

 

In your next reply, please submit:

Both reports from Frst

and answer the couple of questions at the beginning.

 

 

Thanks.

 

Hi Starbuck...

Good to see you as well!

To answer your questions first, I'm referring to a desktop computer, and I mainly notice this happening when I'm online using various browsers.. Since it doesn't happen all the time or even that frequently, I cannot recall if it does this also when offline.. Very possibly does, but just not sure at this point...

Please find the results of the two scans below.. Awaiting further instructions..

Thanks again!!

PS In regard to Ken's suggestion, I do not have an extra Mouse to test that possibility....:/

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017

Ran by Mike (administrator) on HOME (23-01-2017 15:03:20)

Running from C:\Users\Mike\Downloads

Loaded Profiles: Mike (Available Profiles: Mike & HP_OWNER)

Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe

(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe

(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe

(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE

(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe

(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE

(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe

(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\AOLBrowser\AolBrowserTab.exe

(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\AOLBrowser\AolBrowserTab.exe

(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe

(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\shellmon.exe

(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe

(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\AOLBrowser\aolbrowser.exe

(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\AOLBrowser\AolBrowserTab.exe

(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\AOLBrowser\AolBrowserTab.exe

(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ====================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1387389289\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)

HKLM-x32\...\Run: [Cobian Backup 11] => C:\Program Files (x86)\Cobian Backup 11\Cobian.exe [720896 2013-03-07] (Luis Cobian, CobianSoft)

HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)

HKU\S-1-5-21-4197961188-714576266-808560349-1000\...\Run: [Google Update] => C:\Users\Mike\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)

HKU\S-1-5-21-4197961188-714576266-808560349-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.8.2\AOL.EXE [73584 2015-12-15] (AOL Inc.)

HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-17] (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

Tcpip\..\Interfaces\{30240170-2754-43C0-8F1E-C67D1234ECC7}: [DhcpNameServer] 10.0.0.1

 

Internet Explorer:

==================

HKU\S-1-5-21-4197961188-714576266-808560349-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hbcams.com/

BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)

BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)

BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File

BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)

BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)

BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File

Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)

Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)

Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)

Toolbar: HKU\S-1-5-21-4197961188-714576266-808560349-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)

 

FireFox:

========

FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\olk2c82k.default [2016-09-06]

FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi

FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-08]

FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-02-26] (Google)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-4197961188-714576266-808560349-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

FF Plugin HKU\S-1-5-21-4197961188-714576266-808560349-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)

 

Chrome:

=======

CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default [2017-01-23]

CHR Extension: (Google Slides) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-20]

CHR Extension: (Google Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-20]

CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-20]

CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-20]

CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-20]

CHR Extension: (Google Sheets) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-20]

CHR Extension: (Google Docs Offline) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]

CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-20]

CHR Extension: (Chrome Media Router) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]

CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

StartMenuInternet: Google Chrome.AULL7JPKOAZNRFMN4VMN37U7VU - C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)

R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]

R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)

S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-01-17] (Puran Software) [File not signed]

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)

R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)

R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)

R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)

R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [189264 2016-06-26] (AO Kaspersky Lab)

R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [305496 2016-09-12] (AO Kaspersky Lab)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1036512 2016-12-08] (AO Kaspersky Lab)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57936 2016-12-08] (AO Kaspersky Lab)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)

R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)

R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab)

R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [134880 2016-12-08] (AO Kaspersky Lab)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-01-23] (Malwarebytes)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-01-23 15:03 - 2017-01-23 15:03 - 00014018 _____ C:\Users\Mike\Downloads\FRST.txt

2017-01-23 15:01 - 2017-01-23 15:03 - 00000000 ____D C:\FRST

2017-01-23 15:00 - 2017-01-23 15:01 - 02420736 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe

2017-01-23 15:00 - 2017-01-23 15:01 - 02420736 _____ (Farbar) C:\Users\Mike\Downloads\FRST64 (1).exe

2017-01-21 11:29 - 2017-01-21 11:29 - 00001380 _____ C:\Users\Mike\Desktop\DSC08134 - Shortcut.lnk

2017-01-19 18:07 - 2017-01-20 14:30 - 00000000 ____D C:\Users\Mike\Desktop\PicFaves

2017-01-11 07:44 - 2017-01-05 12:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2017-01-11 07:44 - 2017-01-05 12:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2017-01-11 07:44 - 2017-01-05 12:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2017-01-11 07:44 - 2017-01-05 12:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2017-01-11 07:44 - 2017-01-05 12:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2017-01-11 07:44 - 2017-01-05 12:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2017-01-11 07:44 - 2017-01-05 12:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2017-01-11 07:44 - 2017-01-05 12:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2017-01-11 07:44 - 2017-01-05 12:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2017-01-11 07:44 - 2017-01-05 12:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2017-01-11 07:44 - 2017-01-05 12:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2017-01-11 07:44 - 2017-01-05 12:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

2017-01-11 07:44 - 2017-01-05 12:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2017-01-11 07:44 - 2017-01-05 12:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2017-01-11 07:44 - 2017-01-05 12:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll

2017-01-11 07:44 - 2017-01-05 12:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2017-01-11 07:44 - 2017-01-05 12:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2017-01-11 07:44 - 2017-01-05 12:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2017-01-11 07:44 - 2017-01-05 12:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2017-01-11 07:44 - 2017-01-05 12:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2017-01-11 07:44 - 2017-01-05 12:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2017-01-11 07:44 - 2017-01-05 11:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2017-01-11 07:44 - 2017-01-05 11:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2017-01-11 07:44 - 2017-01-05 11:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2017-01-11 07:44 - 2017-01-05 11:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2017-01-11 07:44 - 2017-01-05 11:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2017-01-11 07:44 - 2017-01-05 11:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2017-01-11 07:44 - 2017-01-05 11:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2017-01-11 07:44 - 2017-01-05 11:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2017-01-11 07:44 - 2017-01-05 11:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll

2017-01-11 07:44 - 2017-01-05 11:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2017-01-11 07:44 - 2017-01-05 11:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll

2017-01-11 07:44 - 2017-01-05 11:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2017-01-11 07:44 - 2017-01-05 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2017-01-11 07:44 - 2017-01-05 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2017-01-11 07:44 - 2017-01-05 11:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2017-01-11 07:44 - 2017-01-05 11:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2017-01-11 07:44 - 2017-01-05 11:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2017-01-11 07:44 - 2017-01-05 11:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2017-01-11 07:44 - 2017-01-05 11:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2017-01-11 07:44 - 2017-01-05 11:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2017-01-11 07:44 - 2017-01-05 11:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2017-01-11 07:44 - 2017-01-05 11:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2017-01-11 07:44 - 2017-01-05 11:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2017-01-05 19:53 - 2017-01-05 19:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\32AF5AA6.sys

2017-01-02 19:49 - 2017-01-02 19:49 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\5A6E6D54.sys

2016-12-29 19:49 - 2016-12-29 19:49 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\47AF34EA.sys

2016-12-27 12:29 - 2017-01-12 14:54 - 00000000 ____D C:\Users\Mike\Desktop\Winter16

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-01-23 14:35 - 2015-09-22 15:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2017-01-23 14:07 - 2013-12-17 13:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2017-01-23 13:09 - 2014-01-02 14:33 - 00000000 ____D C:\ProgramData\Kaspersky Lab

2017-01-23 03:29 - 2009-07-13 22:45 - 00028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-01-23 03:29 - 2009-07-13 22:45 - 00028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-01-21 11:28 - 2015-08-23 12:12 - 00000000 ____D C:\Users\Mike\Desktop\Recipes16

2017-01-20 15:34 - 2016-11-26 18:57 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}

2017-01-20 15:24 - 2009-07-13 23:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI

2017-01-20 15:24 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf

2017-01-20 15:18 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2017-01-20 15:16 - 2015-09-08 18:18 - 00000000 ____D C:\Users\Mike\Desktop\Pics

2017-01-20 01:01 - 2013-12-17 21:34 - 00000000 ____D C:\Users\Mike\Documents\InterestingInfo

2017-01-19 08:53 - 2013-12-17 21:53 - 00000000 ____D C:\Users\Mike\Documents\SmokingMeatJeffFile

2017-01-18 15:25 - 2013-12-17 21:33 - 00000000 ____D C:\Users\Mike\Documents\DogStuff

2017-01-18 12:53 - 2013-12-17 21:34 - 00000000 ____D C:\Users\Mike\Documents\Italy

2017-01-17 14:15 - 2014-05-04 09:15 - 00000000 ____D C:\Users\Mike\Documents\Drogas

2017-01-16 09:14 - 2016-12-11 11:51 - 00000000 ____D C:\Users\Mike\Desktop\Tikka

2017-01-15 10:41 - 2016-03-06 15:31 - 00000000 ____D C:\Users\Mike\Desktop\Articles

2017-01-14 13:13 - 2013-12-17 21:34 - 00000000 ____D C:\Users\Mike\Documents\Food Articles

2017-01-14 12:57 - 2013-12-17 21:53 - 00000000 ____D C:\Users\Mike\Documents\Recipes

2017-01-14 02:13 - 2013-12-17 21:53 - 00000000 ____D C:\Users\Mike\Documents\Wikipedia

2017-01-13 08:07 - 2013-12-17 21:53 - 00000000 ____D C:\Users\Mike\Documents\TweedArticles

2017-01-12 15:17 - 2013-12-17 21:53 - 00000000 ____D C:\Users\Mike\Documents\Turmeric

2017-01-12 04:11 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache

2017-01-12 03:03 - 2013-12-17 12:03 - 00000000 ____D C:\Windows\system32\MRT

2017-01-12 03:01 - 2013-12-17 12:03 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2017-01-12 02:50 - 2013-12-17 13:48 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2017-01-12 02:49 - 2014-12-24 15:53 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2017-01-10 16:06 - 2016-07-20 18:24 - 00000000 ____D C:\Users\Mike\Desktop\Cartoons

2017-01-10 09:28 - 2014-04-23 18:12 - 00000000 ____D C:\Users\Mike\Desktop\Movies

2017-01-09 11:43 - 2016-07-07 08:45 - 00000000 ____D C:\Users\Mike\Documents\RetirementStuff

2017-01-09 08:32 - 2013-12-17 21:35 - 00000000 ____D C:\Users\Mike\Documents\KnifeStuff

2017-01-04 23:57 - 2015-03-12 10:16 - 00000000 ____D C:\Users\Mike\Documents\BrainPickings

2017-01-03 11:03 - 2015-05-26 09:13 - 00000000 ____D C:\Users\Mike\Desktop\WordVarious

2017-01-02 16:00 - 2013-12-17 21:33 - 00000000 ____D C:\Users\Mike\Documents\BBQ

2017-01-02 10:44 - 2013-12-17 21:52 - 00000000 ____D C:\Users\Mike\Documents\NewtonCoStuff

2016-12-31 15:53 - 2013-12-17 21:34 - 00000000 ____D C:\Users\Mike\Documents\HealthStuff

2016-12-31 15:52 - 2013-12-17 21:53 - 00000000 ____D C:\Users\Mike\Documents\Strains

2016-12-30 16:44 - 2013-12-17 21:33 - 00000000 ____D C:\Users\Mike\Documents\CaliStuff

2016-12-27 12:31 - 2016-09-22 14:13 - 00000000 ____D C:\Users\Mike\Desktop\Fall16

2016-12-26 13:08 - 2016-10-24 11:14 - 00524288 ___SH C:\Windows\system32\config\components{6c455619-9a05-11e6-bda4-00038a000015}.TMContainer00000000000000000001.regtrans-ms

 

==================== Files in the root of some directories =======

 

2013-12-24 14:36 - 2013-12-24 14:36 - 0000136 _____ () C:\Users\Mike\AppData\Roaming\mbam.context.scan

2013-12-23 08:43 - 2013-12-23 14:27 - 0004608 _____ () C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-10-30 13:44 - 2014-10-30 13:45 - 0000202 _____ () C:\ProgramData\hpzinstall.log

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2017-01-23 00:38

 

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017

Ran by Mike (23-01-2017 15:04:06)

Running from C:\Users\Mike\Downloads

Windows 7 Professional Service Pack 1 (X64) (2013-12-17 17:27:37)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-4197961188-714576266-808560349-500 - Administrator - Disabled)

Guest (S-1-5-21-4197961188-714576266-808560349-501 - Limited - Disabled)

HP_OWNER (S-1-5-21-4197961188-714576266-808560349-1001 - Administrator - Enabled) => C:\Users\HP_OWNER

Mike (S-1-5-21-4197961188-714576266-808560349-1000 - Administrator - Enabled) => C:\Users\Mike

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}

AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)

Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.19) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)

AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version: - AOL Inc.)

AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)

Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)

Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)

Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.00 - Canon Inc.)

Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)

Canon MG3500 series User Registration (HKLM-x32\...\Canon MG3500 series User Registration) (Version: - *Canon Inc.)

Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)

Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)

Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)

CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )

Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )

Google Chrome (HKU\S-1-5-21-4197961188-714576266-808560349-1000\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)

Google Earth (HKLM-x32\...\{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}) (Version: 7.0.3.8542 - Google)

Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)

Kaspersky Anti-Virus (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden

Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)

Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)

OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)

Puran Defrag 7.6 (HKLM\...\Puran Defrag_is1) (Version: - Puran Software)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {07A0926D-3B93-4542-A293-9D93B3E1751C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.)

Task: {2790EBF7-9F22-4842-BCF2-591079FAAB66} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA1d1e91a93f23e27 => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.)

Task: {2ABD68F6-FB05-4A93-8CD9-05FBCDA5734C} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)

Task: {5F9432D7-7778-4B61-B7A1-9A54A1488CB0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)

Task: {97D0ACD3-7B8B-4AA9-B335-660342A4CCF2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core1d1e91a936c6a61 => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.)

Task: {A6F662DE-561D-4DA5-8C9B-AF7EDE21550A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.)

Task: {B0BAD826-55FF-4D0D-BA85-3A7C89BCE42B} - System32\Tasks\{623394EB-E332-4EE6-87FC-185678DA9EE3} => pcalua.exe -a "C:\ProgramData\AOL Downloads\SUD4624\waol-0.4346.19.1.exe" -d C:\Users\Mike\Desktop

Task: {C25D5070-BB51-4587-B189-2AE097F66BE4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kpcengine.2.3.dll

2015-12-07 12:21 - 2015-12-07 12:21 - 45365248 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\AOLBrowser\libcef.dll

2015-12-15 10:14 - 2015-12-15 10:14 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\zlib.dll

2015-12-15 10:14 - 2015-12-15 10:14 - 21151232 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\libcef.dll

2015-12-15 10:14 - 2015-12-15 10:14 - 00648704 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\libglesv2.dll

2015-12-15 10:14 - 2015-12-15 10:14 - 00122880 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\libegl.dll

2015-12-15 10:14 - 2015-12-15 10:14 - 00094208 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\Components\Tier2Svc.dll

2015-12-15 10:14 - 2015-12-15 10:14 - 00060928 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\Components\DataSvcs.dll

2016-05-13 10:07 - 2016-05-13 10:07 - 19427520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll

2016-12-14 15:02 - 2016-12-08 01:29 - 01829208 _____ () C:\Users\Mike\AppData\Local\Google\Chrome\Application\55.0.2883.87\libglesv2.dll

2016-12-14 15:02 - 2016-12-08 01:29 - 00085848 _____ () C:\Users\Mike\AppData\Local\Google\Chrome\Application\55.0.2883.87\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 20:34 - 2015-09-22 15:49 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-4197961188-714576266-808560349-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 10.0.0.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [sPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe

FirewallRules: [sPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe

FirewallRules: [{C3E8EF01-3391-440D-8E60-7DFA4FFB6252}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe

FirewallRules: [{99BF0AA0-61CC-4402-91DD-688187EF1C2C}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe

FirewallRules: [{507D92DA-D18F-456B-8580-CF4D7D3D4C34}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe

FirewallRules: [{6F25575C-4239-41E2-AF88-A8E4837B1FE8}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe

FirewallRules: [{9ECD1C4E-7353-4D91-AE28-3F5E0B6F6894}] => C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe

FirewallRules: [{4E7E02DE-3224-4EEB-B741-CD4BCE906F97}] => C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe

FirewallRules: [{934581BF-C000-4943-A1A9-8D708C0DAC5D}] => C:\Program Files (x86)\AOL Desktop 9.7\waol.exe

FirewallRules: [{3617D4CB-7140-499B-8EF7-6114519D869E}] => C:\Program Files (x86)\AOL Desktop 9.7\waol.exe

FirewallRules: [{F500CF40-7A91-41A3-AF7B-C3C6A51D14AC}] => C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe

FirewallRules: [{43A258A9-3E67-4B57-971F-C5F555144649}] => C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe

FirewallRules: [{80476B99-EE1F-4C04-A3EF-3BD08D4FB9DF}] => C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe

FirewallRules: [{489929A1-B33D-450F-9710-BBC963D0F529}] => C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe

FirewallRules: [{06DFBD27-BEA0-49DF-9B1C-DB89A93EB606}] => C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe

FirewallRules: [{8B5C5F96-14EA-4F12-9D95-8B28902D0B10}] => C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe

FirewallRules: [{54A0577E-3E4F-4E17-A785-666F27081CBF}] => C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe

FirewallRules: [{D10B1CEC-C576-4E4A-A262-C61C93C61591}] => C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe

FirewallRules: [{48B5CAF3-443C-435D-B13D-92C41E118353}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe

FirewallRules: [{02E4057D-CA37-4B4A-AFDA-1209DE386279}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe

FirewallRules: [{8AF77200-EAEE-46C8-886A-9584425FB642}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe

FirewallRules: [{88D1214E-2B23-4A42-AD05-5F9BB4E4824C}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe

FirewallRules: [{D080DA85-6382-47D7-AB8E-BD03A8676BA5}] => C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe

FirewallRules: [{84AB735B-D1AA-41CF-A172-F1CDF3B02D67}] => C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe

FirewallRules: [{EABF4886-EBCB-439E-BCC4-51D532737B94}] => C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe

FirewallRules: [{8A159DB4-5EB9-4714-AF31-A1E0E954D74F}] => C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe

FirewallRules: [{79A1C0C6-DEA7-45B5-831B-B01DB292203D}] => C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe

FirewallRules: [{47F41458-5C50-4009-BC73-121478D3BF8D}] => C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe

FirewallRules: [{DC881B37-D9F3-4E8B-B374-E8F09B6F17D4}] => C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe

FirewallRules: [{3CCB0AFC-552C-47BF-921C-21E84C782125}] => C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe

FirewallRules: [{13C79176-45D2-49E0-A01A-047B42F2A1CD}] => C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe

FirewallRules: [{0DD3A617-96B7-481D-AE9B-C4120FC44844}] => C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe

FirewallRules: [{883D8B11-2CDA-4848-8E6A-FDA27359ACD5}] => C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe

FirewallRules: [{A6A724BC-3293-4F09-BAC8-1980D2D9FEAA}] => C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe

FirewallRules: [{3F4722D1-3B44-4D4A-897A-4399C7F87769}] => C:\Program Files (x86)\AOL Desktop 9.8.0\waol.exe

FirewallRules: [{E9658CBE-25EC-4ECD-A959-F1498392F780}] => C:\Program Files (x86)\AOL Desktop 9.8.0\waol.exe

FirewallRules: [{8E051556-1681-4B46-BF41-11651985A308}] => C:\Program Files (x86)\AOL Desktop 9.8.1\waol.exe

FirewallRules: [{686645B1-A3D8-4D97-8E46-64585B91A100}] => C:\Program Files (x86)\AOL Desktop 9.8.1\waol.exe

FirewallRules: [{887AFAF5-9173-4281-BFE1-92FE5FAF4090}] => C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe

FirewallRules: [{DECA53EA-D174-47CE-9CAB-A82A113B469D}] => C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe

 

==================== Restore Points =========================

 

12-01-2017 03:00:16 Windows Update

17-01-2017 11:37:06 Windows Update

20-01-2017 16:22:32 Windows Update

 

==================== Faulty Device Manager Devices =============

 

Name: WAN Miniport (ATW) #2

Description: WAN Miniport (ATW)

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: America Online, Inc.

Service: wanatw

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/23/2017 02:00:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )

Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).

 

Error: (01/22/2017 07:00:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )

Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).

 

Error: (01/22/2017 12:00:03 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )

Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).

 

Error: (01/21/2017 05:00:04 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )

Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).

 

Error: (01/20/2017 10:00:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )

Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).

 

Error: (01/19/2017 03:00:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )

Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).

 

Error: (01/18/2017 08:00:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )

Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).

 

Error: (01/18/2017 10:00:53 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: CNQMUPDT.EXE, version: 2.2.1.0, time stamp: 0x517a49ec

Faulting module name: CNMDWLD.DLL, version: 1.0.0.0, time stamp: 0x4f5eedc8

Exception code: 0xc0000005

Fault offset: 0x000023c6

Faulting process id: 0x10d8

Faulting application start time: 0x01d26cd9fc04d574

Faulting application path: C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE

Faulting module path: C:\Program Files (x86)\Canon\Quick Menu\CNMDWLD.DLL

Report Id: 4954a4e7-dd97-11e6-83d2-00038a000015

 

Error: (01/18/2017 01:00:03 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )

Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).

 

Error: (01/17/2017 06:02:23 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )

Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).

 

 

System errors:

=============

Error: (01/21/2017 03:04:50 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)

Description: 0x8000002a45\??\C:\Windows\AppCompat\Programs\Amcache.hve

 

Error: (01/20/2017 03:17:13 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

 

Error: (01/20/2017 02:02:34 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 20.

 

Error: (01/13/2017 04:06:42 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)

Description: 0x8000002a45\??\C:\Windows\AppCompat\Programs\Amcache.hve

 

Error: (01/12/2017 03:19:48 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

 

Error: (01/06/2017 04:15:16 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)

Description: 0x8000002a45\??\C:\Windows\AppCompat\Programs\Amcache.hve

 

Error: (01/05/2017 01:05:08 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

 

Error: (12/19/2016 03:29:38 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)

Description: 0x8000002a45\??\C:\Windows\AppCompat\Programs\Amcache.hve

 

Error: (12/18/2016 12:59:57 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 12:57:45 PM on ‎12/‎18/‎2016 was unexpected.

 

Error: (12/14/2016 03:35:51 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)

Description: 0x8000002a45\??\C:\Windows\AppCompat\Programs\Amcache.hve

 

 

CodeIntegrity:

===================================

Date: 2014-10-15 00:27:41.501

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

Date: 2014-10-15 00:27:41.501

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

Date: 2014-10-15 00:27:41.501

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

Date: 2014-10-15 00:27:41.454

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

Date: 2014-10-15 00:27:41.454

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

Date: 2014-10-15 00:27:41.454

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

Date: 2014-10-15 00:27:41.438

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

Date: 2014-10-15 00:27:41.438

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

Date: 2014-10-15 00:27:41.423

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

Date: 2014-10-13 00:22:23.266

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info ===========================

 

Processor: AMD Phenom 8650 Triple-Core Processor

Percentage of memory in use: 47%

Total physical RAM: 5630.49 MB

Available physical RAM: 2958.83 MB

Total Virtual: 11259.17 MB

Available Virtual: 7136.57 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:465.66 GB) (Free:365.58 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 94549454)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

[Starbuck]

Hi Skyclad,

 

There's only a few orphan entries to remove.

We may as well do that and cleanup some other bits.

Ken's idea of trying another mouse sounds good, especially as there's nothing showing in the reports to suggest a problem.

You can pick these up really cheap now.

 

Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\Mike\Downloads.

NOTE.

It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on that particular machine.

Running this on another machine may cause damage to your operating system

 

Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

 

http://img.photobucket.com/albums/v708/starbuck50/frstfix_zps7db0c905.png

 

The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.

 

Thanks

fixlist.txt

[Skyclad]

Hello Starbuck...

Just a minor glitch here as well as a habit of mine that I hope didn't disrupt the process.. Whenever I download a file or just about anything for that matter, I always save to desktop.. I find things easier that way....:) So, yesterday I downloaded both the FRST and Addition file to desktop.. When I opened the fixlist.txt I saved that to desktop as well............then I clicked "fix" as instructed.. After it finished I got a window saying that I should reboot my system (at that point assuming the download folder mentioned above would show up on desktop after reboot completed).. Bottom line, there was no folder on desktop after the reboot, so not sure how to proceed.. If I need to go to the download folder...........and please forgive me for asking this.........could you fill me in on how to find it? Since I don't download there, and haven't been to that locale in years, my memory needs refreshing.. Please advise on how to proceed..

Thanks again!

[Starbuck]

Hi Skyclad

 

Then this is really confusing.

The Desktop is always the preferred location for downloading our tools..... but not everyone follows our instructions properly.

When I post the fix instructions I always copy the folder that FRST was run from.... from the report it self.

This way there can be no problem with the fixlist being downloaded to the wrong folder.

If you look at the 'header' on the reports, is clearly states:

Ran by Mike (administrator) on HOME (23-01-2017 15:03:20)

Running from C:\Users\Mike\Downloads

Loaded Profiles: Mike (Available Profiles: Mike & HP_OWNER)

So FRST wasn't run from the Desktop.

The report also bares this out:

2017-01-23 15:03 - 2017-01-23 15:03 - 00014018 _____ C:\Users\Mike\Downloads\FRST.txt

2017-01-23 15:01 - 2017-01-23 15:03 - 00000000 ____D C:\FRST

2017-01-23 15:00 - 2017-01-23 15:01 - 02420736 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe

2017-01-23 15:00 - 2017-01-23 15:01 - 02420736 _____ (Farbar) C:\Users\Mike\Downloads\FRST64 (1).exe

could you fill me in on how to find it? Since I don't download there, and haven't been to that locale in years

If you don't download to the Download folder.... how was FRST run from there?

 

Have a look in the Download folder....

Click Start and then click on your user name..... A list of folders will come up.

Double-click the downloads folder to open it.

[Skyclad]

Hi Starbuck...

I went to the download folder per your request and found the fixlog you asked for previously...... Hoping this is what you were wanting.. Let me know..

Thanks!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017

Ran by Mike (24-01-2017 14:45:27) Run:1

Running from C:\Users\Mike\Downloads

Loaded Profiles: Mike (Available Profiles: Mike & HP_OWNER)

Boot Mode: Normal

==============================================

 

 

fixlist content:

*****************

CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.30.3 \psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.31.5 \psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.29.5 \psuser_64.dll => No File

CMD: ipconfig /flushdns

EmptyTemp:

 

 

*****************

 

 

HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully

HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully

HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully

 

 

========= ipconfig /flushdns =========

 

 

 

 

Windows IP Configuration

 

 

Successfully flushed the DNS Resolver Cache.

 

 

========= End of CMD: =========

 

 

 

 

=========== EmptyTemp: ==========

 

 

BITS transfer queue => 12582912 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 89918994 B

Java, Flash, Steam htmlcache => 870 B

Windows/system/drivers => 23937527 B

Edge => 0 B

Chrome => 945443013 B

Firefox => 0 B

Opera => 0 B

 

 

Temp, IE cache, history, cookies, recent:

Users => 0 B

Default => 0 B

Public => 0 B

ProgramData => 0 B

systemprofile => 128 B

systemprofile32 => 0 B

LocalService => 0 B

NetworkService => 169048 B

Mike => 28701822 B

HP_OWNER => 0 B

 

 

RecycleBin => 3187000 B

EmptyTemp: => 1 GB temporary data Removed.

 

 

================================

 

 

 

 

The system needed a reboot.

 

 

==== End of Fixlog 14:45:39 ====

[Starbuck]

Hi Skyclad,

 

Hoping this is what you were wanting.. Let me know..

Yep, that's it :)

The next step now is to try another mouse.

Even if you don't buy one.... try and borrow one off somebody.

We just need to rule this out as the problem.

 

Thanks

[Skyclad]

Hi Starbuck, and so glad that was what you needed..

In regard to the mouse, I believe I might have one in some random location here in the house.. Will make an effort to find it.. Now here is the issue.............this jumping thing only happens rarely.. It could literally be months for this to happen again.. So, when it does, I suspect the plan to quickly switch out to the different mouse and check if it continues, right? Please let me know if you have something else in mind..

While we are waiting on that, I did have a security issue I wanted to check out with you.........but I suspect I should create another thread for that.....:) Will be in touch about that before long..

Thanks again so much for your help, and will now endeavor to find that other mouse...:)

 

 

 

Hi Skyclad,

 

 

Yep, that's it :)

The next step now is to try another mouse.

Even if you don't buy one.... try and borrow one off somebody.

We just need to rule this out as the problem.

 

Thanks

[Starbuck]

Hi Skyclad,

 

this jumping thing only happens rarely.. It could literally be months for this to happen again.

With that sort of timescale it will be quite difficult to pin it down.

 

when it does, I suspect the plan to quickly switch out to the different mouse and check if it continues, right?

You could do, the only problem there is that you stated earlier...

The only way I have "fixed" this in the past is to reboot my computer, and even this sometimes doesn't work..

So just changing the mouse and restarting the system won't tell you whether it's a change of mouse or rebooting the system that may fix it.

Maybe best to change it anyway and then see if the problem occurs in the future.

 

While we are waiting on that, I did have a security issue I wanted to check out with you.........but I suspect I should create another thread for that...

If the security problem is related to this system, then you can post about it in this thread.

It only requires posting in another thread if it relates to another system.

This saves confusion.

[KenB]

The next step now is to try another mouse........We just need to rule this out as the problem.

I suggested this earlier and the OP ignored my post ..... so I deleted it.

 

If the OP doesn't re-boot he should be able to see if the new mouse is giving the same problem.

[Starbuck]

FRST can now be removed:

 

Right click on the FRST icon and select delete.

Right click on any fixlog.txt or fixlist.txt files and select delete.

Navigate to: C:\frst and delete the frst folder

 

As this problem is not malware related, I'll move the thread to the Hardware forum so that anyone can reply.

[Skyclad]

Hi Starbuck...

That sounds good, and I will follow up once I find the Mouse and the screen begins jumping up and down again....

Regarding my current issue.......please let me know if I need to post this elsewhere, as I'm not for sure if this is a "security" issue..

I just wanted to address something that has been going on for awhile, both with Internet Explorer (awhile back) and with Google Chrome (currently).. Whenever I see a page I want to save to the computer, I click on "Save As" and the download begins to the designated spot (usually desktop).. However, in many instances the download does not complete (especially with large pages/downloads) but stops usually about 3/4 of the way through and just stops/freezes..........eventually stating that the download was cancelled if left in that state for a bit.. Am I doing something wrong? Wondering if you have any ideas about how to fix this so I can download normally again.. Please advise..

Thanks again for any info you can provide...!!

[Skyclad]

All above files are now deleted.. Also, sounds good one the transfer to Hardware Forum... Thanks for your help on this!

S