Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W10 - chinese filenames in recent with 0 kb size and no creation date


  • This topic is locked This topic is locked
13 replies to this topic

#1 Jayroddd

Jayroddd

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 18 June 2016 - 02:37 PM

Hello everyone,

 

This is my first post to the Bleeping Computer community. I am thankful that such a large volunteer effort exists to help with serious computer problems. You are probably appreciated more than you know.

 

Over the last few months, I've noticed strange filenames in my recent files with 0 kb filesize and no creation date. They appear to be chinese characters but I'm not 100% sure. I tried Google Translate to no avail.

 

Pic:

http://imgur.com/EuxFdEh

 

They would appear to be generated by some (malware?) process and subsequently deleted (they are not on the desktop), and are not in the recycle bin. Would this indicate an infection?

 

This is some of my info:

OS: Windows 10 Home 64-Bit

Antivirus: Windows Defender, MalwareBytes Anti-Malware (nothing found)

 

I've noted a similar thread to Bleeping Computer that appears to have been solved, but I wanted to create a new topic since I'm sure the different computer environments dictate different strategies. Similar thread: http://www.bleepingcomputer.com/forums/t/597789/strange-files-in-recent-files-list-files-have-chinese-names-and-zero-byte-size/

 

Thank you for your help.

 



BC AdBot (Login to Remove)

 


#2 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,656 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:31 PM

Posted 22 June 2016 - 05:55 AM

Sorry for the wait. To better help you I will need you to do this:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

Once you post those logs I will need 24 to 48 hours to process them.
To err is Human. To blame it on someone else is even more Human.

#3 Jayroddd

Jayroddd
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 22 June 2016 - 08:43 PM

Thanks Bezukhov, I'm a big Jazz fan as well!

 

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by jk (administrator) on JK-PC (22-06-2016 21:39:58)
Running from C:\Users\jk\Desktop
Loaded Profiles: jk (Available Profiles: jk)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe
(Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
() C:\Users\jk\AppData\Roaming\ACEStream\engine\ace_engine.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_ep64.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-04-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23972712 2016-05-31] (Dropbox, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-04-27] (Raptr, Inc)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-06-06] (Plays.tv, LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-1373234821-862175783-1456849790-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-14] (Valve Corporation)
HKU\S-1-5-21-1373234821-862175783-1456849790-1001\...\Run: [AceStream] => C:\Users\jk\AppData\Roaming\ACEStream\engine\ace_engine.exe [27000 2015-12-17] ()
HKU\S-1-5-21-1373234821-862175783-1456849790-1001\...\MountPoints2: {68d3401b-f363-11e5-ba71-408d5c728f9c} - "E:\SISetup.exe" 
HKU\S-1-5-21-1373234821-862175783-1456849790-1001\...\MountPoints2: {fdc67906-e7ff-11e5-ba71-408d5c728f9c} - "E:\VZW_Software_upgrade_assistant.exe" 
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2016-03-12]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-01-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{87e9d13c-06b0-4c8c-8f84-30373ec006f5}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-23] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-06-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-23] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-23] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-23] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\jk\AppData\Roaming\Mozilla\Firefox\Profiles\hwslm4xi.default
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-06-10] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-1373234821-862175783-1456849790-1001: @acestream.net/acestreamplugin,version=3.1.2 -> C:\Users\jk\AppData\Roaming\ACEStream\player\npace_plugin.dll [2015-08-06] (Innovative Digital Technologies)
FF Extension: NoScript - C:\Users\jk\AppData\Roaming\Mozilla\Firefox\Profiles\hwslm4xi.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-06-08]
FF Extension: Ghostery - C:\Users\jk\AppData\Roaming\Mozilla\Firefox\Profiles\hwslm4xi.default\Extensions\firefox@ghostery.com.xpi [2016-06-08]
FF Extension: uBlock Origin - C:\Users\jk\AppData\Roaming\Mozilla\Firefox\Profiles\hwslm4xi.default\Extensions\uBlock0@raymondhill.net.xpi [2016-06-08]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF HKU\S-1-5-21-1373234821-862175783-1456849790-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\jk\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: Ace Stream Web Extension - C:\Users\jk\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2015-12-18]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/news
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-27]
CHR Extension: (Google Docs) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-27]
CHR Extension: (Task Timer) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif [2016-01-04]
CHR Extension: (Google Drive) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-27]
CHR Extension: (CIRC) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebigdkelppomhhjaaianniiifjbgocn [2016-02-12]
CHR Extension: (YouTube) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-27]
CHR Extension: (Honey) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-06-10]
CHR Extension: (Timerrr - simple timer) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkegagbhdddkdpigndjjhdjdmcepfcp [2016-01-04]
CHR Extension: (Google Cast) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-23]
CHR Extension: (uBlock Origin) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-05-02]
CHR Extension: (Google Search) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-27]
CHR Extension: (Google Sheets) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-27]
CHR Extension: (IRC QuakeNet webchat) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhaphniflbbhhfailihfckiifpbgeokd [2016-01-04]
CHR Extension: (Rdio Remote) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gacogbklfcapnokldhkhpcecoghbnmlh [2016-01-04]
CHR Extension: (Chrome Remote Desktop) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-06-02]
CHR Extension: (Google Docs Offline) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (The Camelizer) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2016-04-26]
CHR Extension: (PriceZombie Price Tracker & Price Comparison) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppjmcjmigdbfnpilblnogepgpolhcho [2016-01-04]
CHR Extension: (MyFitnessPal Food Diary Percentages) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\iihalhcnelmolmliablkcmhahdnfcejf [2016-01-04]
CHR Extension: (Clearly) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2016-01-04]
CHR Extension: (ReChat for Twitch™) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipplilmaapjjklilmmaccfemdmhkoacd [2016-03-02]
CHR Extension: (Mini Player for YouTube, Vimeo & Facebook) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lebpfaphdkaekngclmiimpneheenipnn [2016-01-04]
CHR Extension: (Linkclump) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2016-01-04]
CHR Extension: (Ace Stream Web Extension) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2016-05-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-27]
CHR HKU\S-1-5-21-1373234821-862175783-1456849790-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-04-03] (Advanced Micro Devices) [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe [68488 2016-04-14] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-27] (Dropbox, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 MouseWithoutBordersSvc; C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [30320 2015-09-22] (Microsoft)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2105352 2016-01-30] (Electronic Arts)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-06-06] (Plays.tv, LLC)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [296648 2016-04-04] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23240 2016-04-04] (Advanced Micro Devices, Inc.)
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [29184 2015-05-12] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102400 2016-04-03] (Advanced Micro Devices)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-22] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [195336 2015-09-04] (Intel Corporation)
R3 pelmouse; C:\Windows\system32\DRIVERS\pelmouse.sys [23040 2015-12-17] (TPMX Electronics Ltd.)
R3 pelusblf; C:\Windows\system32\DRIVERS\pelusblf.sys [35328 2015-12-22] (TPMX Electronics Ltd.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-22 21:39 - 2016-06-22 21:40 - 00024606 _____ C:\Users\jk\Desktop\FRST.txt
2016-06-22 21:39 - 2016-06-22 21:39 - 00000000 ____D C:\FRST
2016-06-22 21:38 - 2016-06-22 21:39 - 02387456 _____ (Farbar) C:\Users\jk\Desktop\FRST64.exe
2016-06-18 13:01 - 2016-06-18 13:01 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-06-18 12:48 - 2016-06-18 13:07 - 00000000 ____D C:\Users\jk\Documents\Kat KPMG laptop files
2016-06-14 22:44 - 2016-05-28 02:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-14 22:44 - 2016-05-28 02:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-14 22:44 - 2016-05-28 02:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-14 22:44 - 2016-05-28 02:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-14 22:44 - 2016-05-28 02:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-14 22:44 - 2016-05-28 02:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-14 22:44 - 2016-05-28 01:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-14 22:44 - 2016-05-28 01:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-14 22:44 - 2016-05-28 01:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-14 22:44 - 2016-05-28 01:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-14 22:44 - 2016-05-28 01:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-14 22:44 - 2016-05-28 01:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-14 22:44 - 2016-05-28 01:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-14 22:44 - 2016-05-28 01:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-14 22:44 - 2016-05-28 01:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-14 22:44 - 2016-05-28 01:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-14 22:44 - 2016-05-28 01:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-14 22:44 - 2016-05-28 01:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-14 22:44 - 2016-05-28 01:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-14 22:44 - 2016-05-28 01:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-14 22:44 - 2016-05-28 01:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-14 22:44 - 2016-05-28 01:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-14 22:44 - 2016-05-28 01:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-14 22:44 - 2016-05-28 01:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-14 22:44 - 2016-05-28 01:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-14 22:44 - 2016-05-28 01:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-14 22:44 - 2016-05-28 01:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-14 22:44 - 2016-05-28 01:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-14 22:44 - 2016-05-28 01:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-14 22:44 - 2016-05-28 01:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-14 22:44 - 2016-05-28 01:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-14 22:44 - 2016-05-28 01:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-14 22:44 - 2016-05-28 01:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-14 22:44 - 2016-05-28 01:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-14 22:44 - 2016-05-28 01:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-14 22:44 - 2016-05-28 01:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-14 22:44 - 2016-05-28 01:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-14 22:44 - 2016-05-28 01:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-14 22:44 - 2016-05-28 01:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-14 22:44 - 2016-05-28 01:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-14 22:44 - 2016-05-28 01:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-14 22:44 - 2016-05-28 01:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-14 22:44 - 2016-05-28 01:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-14 22:44 - 2016-05-28 00:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-14 22:44 - 2016-05-28 00:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-14 22:44 - 2016-05-28 00:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-14 22:44 - 2016-05-28 00:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-14 22:44 - 2016-05-28 00:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-14 22:44 - 2016-05-28 00:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-14 22:44 - 2016-05-28 00:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-14 22:44 - 2016-05-28 00:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-14 22:44 - 2016-05-28 00:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-14 22:44 - 2016-05-28 00:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-14 22:44 - 2016-05-28 00:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-14 22:44 - 2016-05-28 00:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-14 22:44 - 2016-05-28 00:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-14 22:44 - 2016-05-28 00:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-14 22:44 - 2016-05-28 00:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-14 22:44 - 2016-05-28 00:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-14 22:44 - 2016-05-28 00:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-14 22:44 - 2016-05-28 00:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-14 22:44 - 2016-05-28 00:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-14 22:44 - 2016-05-28 00:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-14 22:44 - 2016-05-28 00:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-14 22:44 - 2016-05-28 00:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-14 22:44 - 2016-05-28 00:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-14 22:44 - 2016-05-28 00:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-14 22:44 - 2016-05-28 00:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-14 22:44 - 2016-05-28 00:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-14 22:44 - 2016-05-28 00:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-14 22:44 - 2016-05-28 00:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-14 22:44 - 2016-05-28 00:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-14 22:44 - 2016-05-28 00:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-14 22:44 - 2016-05-28 00:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-14 22:44 - 2016-05-28 00:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-14 22:44 - 2016-05-28 00:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-14 22:44 - 2016-05-28 00:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-14 22:44 - 2016-05-28 00:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-14 22:44 - 2016-05-28 00:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-14 22:44 - 2016-05-28 00:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-14 22:44 - 2016-05-28 00:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-14 22:44 - 2016-05-28 00:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-14 22:44 - 2016-05-28 00:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-14 22:44 - 2016-05-28 00:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-14 22:44 - 2016-05-28 00:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-14 22:44 - 2016-05-28 00:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-14 22:44 - 2016-05-28 00:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-14 22:44 - 2016-05-28 00:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-14 22:44 - 2016-05-28 00:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-14 22:44 - 2016-05-28 00:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-14 22:44 - 2016-05-28 00:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-14 22:44 - 2016-05-28 00:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-14 22:44 - 2016-05-28 00:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-14 22:44 - 2016-05-28 00:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-14 22:44 - 2016-05-28 00:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-14 22:44 - 2016-05-28 00:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-14 22:44 - 2016-05-28 00:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-14 22:44 - 2016-05-28 00:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-14 22:44 - 2016-05-28 00:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-14 22:44 - 2016-05-28 00:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-14 22:44 - 2016-05-28 00:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-14 22:44 - 2016-05-28 00:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-14 22:44 - 2016-05-28 00:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-14 22:44 - 2016-05-28 00:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-14 22:44 - 2016-05-28 00:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-14 22:44 - 2016-05-28 00:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-14 22:44 - 2016-05-28 00:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-14 22:44 - 2016-05-28 00:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-14 22:44 - 2016-05-28 00:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-14 22:44 - 2016-05-28 00:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-14 22:44 - 2016-05-28 00:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-14 22:44 - 2016-05-28 00:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-14 22:44 - 2016-05-28 00:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-14 22:44 - 2016-05-28 00:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-14 22:44 - 2016-05-28 00:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-14 22:44 - 2016-05-28 00:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-14 22:44 - 2016-05-28 00:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-14 22:44 - 2016-05-28 00:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-14 22:44 - 2016-05-28 00:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-14 22:44 - 2016-05-28 00:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-14 22:44 - 2016-05-28 00:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-14 22:44 - 2016-05-28 00:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-14 22:44 - 2016-05-28 00:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-14 22:44 - 2016-05-28 00:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-14 22:44 - 2016-05-28 00:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-14 22:44 - 2016-05-28 00:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-14 22:44 - 2016-05-28 00:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-14 22:44 - 2016-05-28 00:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-14 22:44 - 2016-05-28 00:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-14 22:44 - 2016-05-28 00:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-14 22:44 - 2016-05-28 00:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-14 22:44 - 2016-05-28 00:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-14 22:44 - 2016-05-28 00:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-14 22:44 - 2016-05-28 00:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-14 22:44 - 2016-05-28 00:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-14 22:44 - 2016-05-28 00:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-14 22:44 - 2016-05-28 00:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-14 22:44 - 2016-05-28 00:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-14 22:44 - 2016-05-28 00:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-14 22:44 - 2016-05-28 00:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-14 22:44 - 2016-05-28 00:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-14 22:44 - 2016-05-28 00:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-14 22:44 - 2016-05-28 00:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-14 22:44 - 2016-05-28 00:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-14 22:44 - 2016-05-28 00:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-14 22:44 - 2016-05-28 00:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-14 22:44 - 2016-05-28 00:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-14 22:44 - 2016-05-28 00:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-14 22:44 - 2016-05-28 00:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-14 22:44 - 2016-05-28 00:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-14 22:44 - 2016-05-28 00:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-14 22:44 - 2016-05-28 00:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-14 22:44 - 2016-05-28 00:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-14 22:44 - 2016-05-28 00:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-14 22:44 - 2016-05-28 00:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-14 22:44 - 2016-05-28 00:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-14 22:44 - 2016-05-28 00:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-14 22:44 - 2016-05-28 00:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-14 22:44 - 2016-05-28 00:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-14 22:44 - 2016-05-28 00:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-14 22:44 - 2016-05-28 00:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-14 22:44 - 2016-05-28 00:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-14 22:44 - 2016-05-28 00:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-14 22:44 - 2016-05-28 00:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-14 22:44 - 2016-05-28 00:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-14 22:44 - 2016-05-28 00:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-14 22:44 - 2016-05-28 00:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-14 22:44 - 2016-05-28 00:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-14 22:44 - 2016-05-28 00:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-14 22:44 - 2016-05-28 00:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-14 22:44 - 2016-05-28 00:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-14 22:44 - 2016-05-28 00:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-14 22:44 - 2016-05-28 00:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-14 22:44 - 2016-05-28 00:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-14 22:44 - 2016-05-28 00:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-14 22:44 - 2016-05-28 00:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-14 22:44 - 2016-05-28 00:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-14 22:44 - 2016-05-28 00:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-14 22:44 - 2016-05-28 00:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-14 22:44 - 2016-05-28 00:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-14 22:44 - 2016-05-28 00:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-14 22:44 - 2016-05-28 00:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-14 22:44 - 2016-05-28 00:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-14 22:44 - 2016-05-28 00:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-14 22:44 - 2016-05-28 00:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-14 22:44 - 2016-05-28 00:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-14 22:44 - 2016-05-28 00:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-14 22:44 - 2016-05-28 00:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-14 22:44 - 2016-05-28 00:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-14 22:44 - 2016-05-28 00:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-14 22:44 - 2016-05-28 00:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-14 22:44 - 2016-05-28 00:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-14 22:44 - 2016-05-28 00:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-14 22:44 - 2016-05-28 00:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-14 22:44 - 2016-05-28 00:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-14 22:44 - 2016-05-28 00:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-14 22:44 - 2016-05-28 00:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-14 22:44 - 2016-05-28 00:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-14 22:44 - 2016-05-28 00:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-14 22:44 - 2016-05-28 00:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-14 22:44 - 2016-05-28 00:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-14 22:44 - 2016-05-28 00:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-14 22:44 - 2016-05-28 00:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-14 22:44 - 2016-05-28 00:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-14 22:44 - 2016-05-28 00:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-14 22:44 - 2016-05-28 00:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-14 22:44 - 2016-05-27 23:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-14 22:44 - 2016-05-27 23:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-14 22:44 - 2016-05-27 23:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-14 22:44 - 2016-05-27 23:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-14 22:44 - 2016-05-27 23:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-14 22:44 - 2016-05-27 23:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-14 22:44 - 2016-05-27 23:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-14 22:44 - 2016-05-27 23:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-14 22:44 - 2016-05-27 23:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-08 21:20 - 2016-06-08 21:26 - 00000000 ____D C:\Users\jk\AppData\Local\Mozilla
2016-06-08 21:20 - 2016-06-08 21:20 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-08 21:20 - 2016-06-08 21:20 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-08 21:20 - 2016-06-08 21:20 - 00000000 ____D C:\Users\jk\AppData\Roaming\Mozilla
2016-06-08 21:20 - 2016-06-08 21:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-08 21:20 - 2016-06-08 21:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-08 21:19 - 2016-06-08 21:19 - 00307200 _____ (Secure By Design Inc.) C:\Users\jk\Downloads\Ninite Firefox Installer.exe
2016-06-05 13:44 - 2016-06-05 13:59 - 00000000 ____D C:\Users\jk\Desktop\L pics
2016-06-03 20:24 - 2016-06-03 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-02 05:13 - 2016-06-02 05:13 - 00000000 ____D C:\Users\jk\.cache
2016-06-01 16:59 - 2016-06-01 16:59 - 00000000 ____D C:\Users\jk\AppData\Roaming\mpv
2016-06-01 16:49 - 2016-06-01 16:50 - 00000000 ____D C:\Users\jk\AppData\Roaming\mps-youtube
2016-06-01 16:47 - 2016-06-01 16:48 - 00000000 ____D C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.5
2016-06-01 16:47 - 2016-06-01 16:47 - 00000000 ____D C:\Users\jk\AppData\Local\Package Cache
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-22 21:38 - 2015-12-29 14:02 - 00000000 ____D C:\Users\jk\AppData\Roaming\Raptr
2016-06-22 21:37 - 2015-12-27 13:47 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-22 21:36 - 2016-03-06 23:09 - 00000000 ____D C:\Users\jk\AppData\Roaming\PlaysTV
2016-06-22 21:36 - 2015-12-27 23:40 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-22 21:36 - 2015-12-27 13:48 - 00000908 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-22 21:36 - 2015-12-27 13:18 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-22 21:36 - 2015-12-27 12:57 - 00000000 ____D C:\Users\jk
2016-06-22 21:36 - 2015-12-27 06:33 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-22 21:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-22 21:36 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-22 21:35 - 2015-12-27 12:58 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-22 21:35 - 2015-12-27 12:56 - 00337392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-18 23:12 - 2015-12-27 13:22 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-06-18 23:12 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-06-18 23:12 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-18 23:12 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-18 23:12 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-18 22:53 - 2015-12-27 13:48 - 00000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-18 22:48 - 2015-12-27 06:33 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-18 13:55 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-18 13:04 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-18 13:01 - 2015-12-27 14:51 - 00000000 ____D C:\Program Files\Microsoft Office
2016-06-18 13:01 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-18 13:01 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-18 12:58 - 2015-12-27 13:18 - 00000000 ____D C:\Users\jk\AppData\Local\Packages
2016-06-18 12:50 - 2015-12-27 06:34 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-18 12:50 - 2015-12-27 06:34 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-15 16:40 - 2010-11-20 23:27 - 00484008 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-06-15 09:36 - 2015-12-27 15:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-15 09:35 - 2015-12-27 15:52 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-14 22:33 - 2015-12-27 13:02 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-14 14:33 - 2015-10-30 03:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-14 14:33 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-12 09:52 - 2015-12-29 12:22 - 00000000 ____D C:\Users\jk\AppData\Roaming\vlc
2016-06-11 14:31 - 2015-12-27 13:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-08 22:58 - 2016-05-06 21:59 - 00000000 ____D C:\Users\jk\AppData\Roaming\.ACEStream
2016-06-03 20:24 - 2015-12-27 13:48 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-06-02 05:48 - 2015-12-27 06:33 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-01 16:47 - 2015-12-27 13:22 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-28 01:55 - 2015-12-27 12:59 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-05-24 16:16 - 2015-12-27 13:19 - 00002389 _____ C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-24 16:16 - 2015-12-27 13:19 - 00000000 ___RD C:\Users\jk\OneDrive
 
Files to move or delete:
====================
C:\Users\jk\ffmpeg.exe
C:\Users\jk\ffplay.exe
C:\Users\jk\ffprobe.exe
 
 
Some files in TEMP:
====================
C:\Users\jk\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\jk\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\jk\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\jk\AppData\Local\Temp\playstv_patch.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-15 09:35
 
==================== End of FRST.txt ============================
 
Addition log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by jk (2016-06-22 21:40:23)
Running from C:\Users\jk\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-27 17:17:57)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1373234821-862175783-1456849790-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1373234821-862175783-1456849790-503 - Limited - Disabled)
Guest (S-1-5-21-1373234821-862175783-1456849790-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1373234821-862175783-1456849790-1002 - Limited - Enabled)
jk (S-1-5-21-1373234821-862175783-1456849790-1001 - Administrator - Enabled) => C:\Users\jk
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Ace Stream Media 3.1.2 (HKU\S-1-5-21-1373234821-862175783-1456849790-1001\...\AceStream) (Version: 3.1.2 - Ace Stream Media) <==== ATTENTION
ACP Application (Version: 2016.0403.2316.14 - Advanced Micro Devices, Inc.) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AutoHotkey 1.1.23.01 (HKLM\...\AutoHotkey) (Version: 1.1.23.01 - Lexikos)
Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 7.9 - Codeusa Software)
Catalyst Control Center Next Localization BR (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Chrome Remote Desktop Host (HKLM-x32\...\{95EB2FCC-AE0B-40E9-B804-347C6358923B}) (Version: 51.0.2704.7 - Google Inc.)
D2SE V2.2.0 (HKLM-x32\...\{65B43D6A-6B8F-46F1-8362-7985822F3A80}_is1) (Version: 2.2.0 - Seltsamuel)
Dropbox (HKLM-x32\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
Evernote v. 5.9.6 (HKLM-x32\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.4.18.7 - HP)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
K-Lite Codec Pack 11.8.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.8.0 - )
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.0.3 - LG Electronics)
LOOT version 0.8.1 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.8.1 - LOOT Team)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Garage Mouse without Borders (HKLM-x32\...\{D3BC954F-D661-474C-B367-30EB6E56542E}) (Version: 2.1.5.1103 - Microsoft Garage)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.7.133.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.6965.2058 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.5 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.11.2.10120 - Electronic Arts, Inc.)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.11.2-r113542-release - Plays.tv, LLC)
Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
Python 3.5.1 (64-bit) (HKU\S-1-5-21-1373234821-862175783-1456849790-1001\...\{b8440650-9dbe-4b7d-8167-6e0e3dcdf5d0}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Add to Path (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Core Interpreter (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{EC00AEF9-6544-4FEC-8152-C8949CDDCC85}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.0-r112326-release - Raptr, Inc)
ScanSnap (x32 Version: 5.1.30.19 - PFU Limited) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L30 - PFU)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Skyrim Script Extender (SKSE) (HKLM-x32\...\Steam App 365720) (Version:  - The SKSE Team)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.14.49.1020 - Electronic Arts Inc.)
The Ultimate DOOM (HKLM\...\Steam App 2280) (Version:  - id Software)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WinDirStat 1.1.2 (HKU\S-1-5-21-1373234821-862175783-1456849790-1001\...\WinDirStat) (Version:  - )
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.6 - Wrye & Wrye Bash Development Team)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1373234821-862175783-1456849790-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\jk\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {010B0656-DD73-46C4-84AA-C7CEB34E8242} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {0166E9E8-2A59-41F2-8C66-71495BE837E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-27] (Google Inc.)
Task: {0D30CB81-5F22-4538-9789-13E69F14A068} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {0F9B28A5-B399-4E7B-97B1-D025F4E488A2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {102202A2-E1F1-4161-8CEC-F0BEED035806} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {2A75D83B-6CEC-4D09-B756-B284973949F3} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {2C4C6088-5D1F-434B-B90E-6DC494826A63} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {3AD3D059-2BB2-47C4-AC45-D2A86C33D314} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3C1445E6-0966-4014-9220-8D1AA350FC64} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {3F2F527D-1C48-45C9-B347-E7EAAA8A25E4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-06-10] (Microsoft Corporation)
Task: {41EC3B20-6BE8-4E41-9F17-84EC730CE042} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {4514F33C-9A08-43C3-A0C6-7C0B60378665} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {495E49CF-67EE-44F2-B268-9AE056F4D3AD} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4A84F5DE-356F-4505-A5B8-BC91E1332F69} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {4DAB9A5C-93DD-4766-A9DD-93DE94E92858} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {53B54860-05A1-4AB9-ACB1-4195519E125A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-27] (Dropbox, Inc.)
Task: {620A0022-BFD2-4655-B228-201F6BB55EAB} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {65AA2D22-54B4-4BCC-8F09-218D8735712A} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {6FAF7D3E-B4AB-4C51-A878-B46754D2CD21} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-12-09] (Microsoft Corporation)
Task: {826921CC-7BB1-41D4-8CE4-36F1A542F4F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-27] (Google Inc.)
Task: {8B61EBFC-1BA5-409F-92EB-A18216A1893C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {921970F5-8200-4A43-B999-07D3C717BFB0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {9552D17A-7AE3-4B7F-A800-B27739A33AB4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-06-10] (Microsoft Corporation)
Task: {9F96A723-5D3D-43D1-ACD0-57C98C3316CD} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-12-09] (Microsoft Corporation)
Task: {9FBA5F06-397A-41FA-A63D-16854A903E31} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-12-09] (Microsoft)
Task: {A176C0B7-05A6-4EFC-8B4E-3A905E14B275} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {AAC72902-AC61-4220-A48A-E6AC8B9C113B} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-12-23] ()
Task: {AF19987E-92D6-4552-968B-0AA3BE87EAF2} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {B281D470-A9D8-4CA8-A7B4-CAFC595DE3BB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {B7C68A35-D00C-4409-B260-C70347BDA4C3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {BA307B9F-77A2-4A77-A7DA-543DD430CC94} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-12-09] (Microsoft Corporation)
Task: {BB354A14-AE41-463F-A7A7-CF10C8A2CED7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {D1D0ABEB-B70C-4AA3-8668-D5FEB24AAFD2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-12-09] (Microsoft Corporation)
Task: {E012B178-7D29-4271-8B3D-3714C361C994} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-27] (Dropbox, Inc.)
Task: {E6E28F6F-FCBF-4724-A17B-34DD5B845005} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {F2AC67E1-FA48-4377-A165-52BDB9019EBE} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-04-04] (Advanced Micro Devices, Inc.)
Task: {F3387ECC-C8FC-48FF-AEE9-6BC089B73894} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {F757048B-D34D-471E-8205-B9092E4A70EE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {F803E256-03F4-44F6-B169-8039FA7CB760} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {F98D0EA2-EB04-42E0-B9C0-F0265B46841D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\CIRC.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=bebigdkelppomhhjaaianniiifjbgocn
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-02 16:48 - 2012-08-31 15:03 - 00288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL
2016-04-02 16:48 - 2012-08-31 15:02 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2016-04-12 22:46 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 22:46 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-24 16:16 - 2016-05-24 16:16 - 00959168 _____ () C:\Users\jk\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-04-15 16:13 - 2015-04-15 16:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-04-19 23:45 - 2016-04-19 23:45 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-27 15:50 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 22:17 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-14 22:44 - 2016-05-27 23:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-14 22:44 - 2016-05-27 23:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-14 22:44 - 2016-05-27 23:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-14 22:44 - 2016-05-27 23:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-17 20:26 - 2015-12-17 20:26 - 00027000 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\ace_engine.exe
2015-11-24 16:48 - 2015-11-24 16:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd
2015-11-24 16:46 - 2015-11-24 16:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll
2015-11-24 16:48 - 2015-11-24 16:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd
2015-11-24 16:48 - 2015-11-24 16:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2015-11-24 16:43 - 2015-11-24 16:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd
2015-11-24 16:48 - 2015-11-24 16:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd
2015-11-24 16:48 - 2015-11-24 16:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd
2015-11-24 16:48 - 2015-11-24 16:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2015-11-24 16:43 - 2015-11-24 16:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd
2015-11-24 16:43 - 2015-11-24 16:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd
2015-11-24 16:43 - 2015-11-24 16:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd
2015-11-24 16:46 - 2015-11-24 16:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll
2015-11-24 16:48 - 2015-11-24 16:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2015-11-24 16:47 - 2015-11-24 16:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2015-12-07 16:57 - 2015-12-07 16:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2015-11-24 16:47 - 2015-11-24 16:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2015-11-24 16:47 - 2015-11-24 16:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2015-11-24 16:47 - 2015-11-24 16:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2015-11-24 16:43 - 2015-11-24 16:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd
2016-02-22 22:17 - 2016-06-10 03:58 - 08919752 _____ () C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-04-19 23:45 - 2016-04-19 23:45 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 23:45 - 2016-04-19 23:45 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-05-24 16:16 - 2016-05-24 16:16 - 00679624 _____ () C:\Users\jk\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2015-12-17 20:27 - 2015-12-17 20:27 - 00309248 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
2011-06-12 09:09 - 2011-06-12 09:09 - 00038400 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
2011-06-12 09:09 - 2011-06-12 09:09 - 00720896 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
2011-06-12 09:06 - 2011-06-12 09:06 - 00287232 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
2015-04-16 08:27 - 2015-04-16 08:27 - 00018944 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
2014-01-23 07:37 - 2014-01-23 07:37 - 00036352 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
2012-02-07 12:37 - 2012-02-07 12:37 - 00098816 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
2012-02-07 12:35 - 2012-02-07 12:35 - 00110080 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
2012-02-07 12:38 - 2012-02-07 12:38 - 00358912 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
2012-02-07 12:36 - 2012-02-07 12:36 - 00111616 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
2012-02-07 12:36 - 2012-02-07 12:36 - 00024064 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
2015-04-16 08:27 - 2015-04-16 08:27 - 02386432 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pywebrtc.pyd
2015-12-17 20:24 - 2015-12-17 20:24 - 02997760 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
2013-12-21 09:20 - 2013-12-21 09:20 - 00053248 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
2011-06-12 09:06 - 2011-06-12 09:06 - 00106496 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
2013-12-21 09:20 - 2013-12-21 09:20 - 00040448 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
2011-06-12 09:06 - 2011-06-12 09:06 - 00011776 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\select.pyd
2015-12-17 17:19 - 2015-12-17 17:19 - 00240232 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pysegmenter.pyd
2015-04-16 08:29 - 2015-04-16 08:29 - 00112142 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\libgcc_s_dw2-1.dll
2011-01-18 17:56 - 2011-01-18 17:56 - 00334336 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
2011-06-12 09:06 - 2011-06-12 09:06 - 00152576 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
2011-02-13 11:02 - 2011-02-13 11:02 - 00031232 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
2015-12-17 20:46 - 2015-12-17 20:46 - 04100608 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
2010-10-10 18:23 - 2010-10-10 18:23 - 00723968 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
2013-01-29 12:20 - 2013-01-29 12:20 - 00082944 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
2011-07-15 15:37 - 2011-07-15 15:37 - 00981504 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
2011-07-15 15:38 - 2011-07-15 15:38 - 00746496 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
2011-07-15 15:38 - 2011-07-15 15:38 - 00670720 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
2011-07-15 15:38 - 2011-07-15 15:38 - 00966144 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
2011-07-15 15:38 - 2011-07-15 15:38 - 00674816 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
2012-02-07 12:37 - 2012-02-07 12:37 - 00167424 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\win32gui.pyd
2012-02-07 12:36 - 2012-02-07 12:36 - 00035840 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\win32process.pyd
2011-06-12 09:06 - 2011-06-12 09:06 - 00688128 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
2015-04-16 08:29 - 2015-04-16 08:29 - 00061952 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
2013-01-29 12:20 - 2013-01-29 12:20 - 00066048 _____ () C:\Users\jk\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
2015-12-27 13:49 - 2016-05-05 06:09 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-06-03 20:24 - 2016-05-05 06:10 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-06-03 20:24 - 2016-05-05 06:09 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-27 13:49 - 2016-05-05 06:09 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-27 13:49 - 2016-05-05 06:09 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-27 13:49 - 2016-05-31 14:34 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-27 13:49 - 2016-05-05 06:11 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-06-03 20:24 - 2016-05-05 06:09 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-27 13:49 - 2016-05-31 14:34 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-27 13:49 - 2016-05-05 06:09 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-06-03 20:24 - 2016-05-31 14:34 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-27 13:49 - 2016-05-05 06:10 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-06-03 20:24 - 2016-05-31 14:34 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-06-03 20:24 - 2016-05-31 14:34 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-27 13:49 - 2016-05-31 14:34 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-06-03 20:24 - 2016-05-31 14:34 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-06-03 20:24 - 2016-05-05 06:11 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-27 13:49 - 2016-05-05 06:11 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-27 13:49 - 2016-05-05 06:11 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-27 13:49 - 2016-05-05 06:11 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-18 23:21 - 2016-05-31 14:34 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-27 13:49 - 2016-05-05 06:11 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-27 13:49 - 2016-05-05 06:11 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-27 13:49 - 2016-05-05 06:11 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-27 13:49 - 2016-05-05 06:11 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-27 13:49 - 2016-05-05 06:11 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-02-18 23:21 - 2016-05-31 14:34 - 00023872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-06-03 20:24 - 2016-05-05 06:09 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-06-03 20:24 - 2016-05-31 14:34 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-27 13:49 - 2016-05-05 06:11 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-27 13:49 - 2016-05-05 06:11 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-06-03 20:24 - 2016-05-31 14:33 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2015-12-27 13:49 - 2016-05-05 06:11 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-06-03 20:24 - 2016-05-31 14:34 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2015-12-27 13:49 - 2016-05-05 06:09 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-06-03 20:24 - 2016-05-05 06:10 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-02-18 23:21 - 2016-05-31 14:34 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-18 23:21 - 2016-05-31 14:34 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-18 23:21 - 2016-05-31 14:34 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-06-03 20:24 - 2016-05-31 14:34 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-27 13:49 - 2016-05-31 14:34 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-27 13:49 - 2016-05-05 06:11 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-18 23:21 - 2016-05-31 14:34 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-06-03 20:24 - 2016-05-31 14:34 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-06-03 20:24 - 2016-05-05 06:12 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-06-03 20:24 - 2016-05-31 14:34 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-06-03 20:24 - 2016-03-11 20:46 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-06-03 20:24 - 2016-05-31 14:34 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-06-03 20:24 - 2016-05-31 14:34 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-27 13:49 - 2016-05-05 06:10 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-06-03 20:24 - 2016-05-31 14:34 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-06-03 20:24 - 2016-05-31 14:34 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-06-03 20:24 - 2016-05-31 14:34 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-06-03 20:24 - 2016-05-31 14:34 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-06-03 20:24 - 2016-05-31 14:34 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-06-03 20:24 - 2016-05-31 14:34 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-27 13:49 - 2016-05-05 06:11 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-04-15 22:17 - 2016-05-31 14:34 - 00025928 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2015-12-27 13:49 - 2016-05-31 14:34 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-06-03 20:24 - 2016-05-31 14:34 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-06-03 20:24 - 2016-05-31 14:34 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-12-01 16:37 - 2015-12-01 16:37 - 00439504 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-12-01 16:37 - 2015-12-01 16:37 - 00321232 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-12-27 23:33 - 2016-04-29 16:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-12-27 23:33 - 2015-07-03 12:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-12-27 23:33 - 2016-06-14 20:47 - 02387024 _____ () C:\Program Files (x86)\Steam\video.dll
2015-12-27 23:33 - 2015-07-03 12:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-12-27 23:33 - 2015-07-03 12:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-12-27 23:33 - 2016-02-08 19:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-12-27 23:33 - 2016-02-08 19:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-12-27 23:33 - 2016-02-08 19:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-12-27 23:33 - 2016-02-08 19:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-12-27 23:33 - 2016-02-08 19:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-12-27 23:33 - 2016-06-14 20:47 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-11 23:11 - 2016-02-17 18:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-12-27 23:33 - 2016-06-14 15:14 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 05812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 01662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2011-02-15 14:17 - 2011-02-15 14:17 - 00417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-10-21 16:29 - 2015-10-21 16:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-10-21 16:29 - 2015-10-21 16:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00324608 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PIL._imaging.pyd
2011-05-10 15:01 - 2011-05-10 15:01 - 00030208 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\simplejson._speedups.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00024064 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32pipe.pyd
2015-06-26 19:09 - 2015-06-26 19:09 - 00271872 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\amd_ags.dll
2015-11-24 16:43 - 2015-11-24 16:43 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_sqlite3.pyd
2015-11-24 16:43 - 2015-11-24 16:43 - 00387072 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sqlite3.dll
2015-10-21 16:29 - 2015-10-21 16:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\libvlc.dll
2015-10-21 16:29 - 2015-10-21 16:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\libvlccore.dll
2015-11-24 16:48 - 2015-11-24 16:48 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32file.pyd
2015-11-24 16:47 - 2015-11-24 16:47 - 00216064 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWebKitWidgets.pyd
2015-11-24 16:47 - 2015-11-24 16:47 - 00118784 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWebKit.pyd
2015-11-24 16:47 - 2015-11-24 16:47 - 00199680 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtPrintSupport.pyd
2015-06-26 19:09 - 2015-06-26 19:09 - 00271872 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\amd_ags.dll
2015-11-24 16:47 - 2015-11-24 16:47 - 00263168 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32com.shell.shell.pyd
2015-11-24 16:43 - 2015-11-24 16:43 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\unicodedata.pyd
2015-10-21 16:29 - 2015-10-21 16:29 - 00027667 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\audio_output\libdirectsound_plugin.dll
2015-10-21 16:29 - 2015-10-21 16:29 - 00031251 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\audio_output\libwaveout_plugin.dll
2015-10-21 16:29 - 2015-10-21 16:29 - 00066579 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\video_output\libdirectdraw_plugin.dll
2016-05-26 18:50 - 2016-05-26 18:50 - 02619144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\ltc_host_ex.DLL
2016-06-18 12:50 - 2016-06-15 05:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-18 12:50 - 2016-06-15 05:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2016-04-19 13:08 - 2016-04-19 13:08 - 02717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2011-02-15 14:17 - 2011-02-15 14:17 - 01213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2010-11-22 19:06 - 2010-11-22 19:06 - 00055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 00495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 01183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 00483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 01306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 00565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 01640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 00506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 01053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1373234821-862175783-1456849790-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{ED017FE5-8E76-44E4-8D67-D117531140DE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1A91E324-0B22-4521-A7FA-51A0F59CB5DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0D5F78E2-31CF-48EF-9491-35541233E025}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C7E682EC-8100-4602-B864-D64A8A627B5F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E51E8244-DECB-4417-9049-A0EB81E6C6EB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{B1D30F2A-A050-4FAE-B0E9-6F20D1FDAD0C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{908C6597-5ECE-4FB1-B42E-939D16B3B669}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1C45E4B5-4E19-4232-AF5F-1242424FB3ED}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D0A11F6B-6D88-4921-A7D4-D545357880C5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E7910D7D-0B0E-494B-824D-AEFCEF11A316}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{0B9D54C3-896C-4AB7-BE27-CA4EF96D0E89}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{43AE1285-58D5-4EBB-B48C-7E918A9B9708}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{8ABEA62A-CBCA-4215-8EA9-8524D2A8BA7A}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{7F10DD58-F459-4C0A-BE16-87C08FEE51B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{37B0878A-262C-47C8-B2C5-9A3ADDA7E4D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{ECC4D04A-8BB6-482C-A7DA-B3785D948C77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{31D106EA-BBCA-4D06-B003-B0C0EA9A4D84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{72B52BD0-482C-4656-8258-5D220E8E9858}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{950037A3-E893-4902-91CD-C1D99C524603}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{EC49D9F8-35E5-4789-B7C4-5B67565F03C4}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{8F6661EC-8633-4AA9-B307-6FE3028FBE17}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{0D6EA40B-7310-4388-AE77-759242C991E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{2876A011-3529-4684-8DDC-E85BBC64D10C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{48F12CFD-2C88-49EA-9C43-1BF43FC98BEA}] => (Allow) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
FirewallRules: [{3575AC5C-57BE-4E6F-9ECA-0AF65D06001C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{08E185F4-39B0-45FD-8185-81754C8497B5}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{0D1919C6-977D-4340-A7EA-5359CAFEDD0D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{1B8F303C-19A6-4BD5-A96D-E2D2460FD69C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{10F5BB52-CC31-411A-9CDA-47C8EE88FB01}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe
FirewallRules: [{53BC93FF-F361-4C7C-9863-F59E80FDDF70}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe
FirewallRules: [{6BCD97B1-9A2D-45EE-89A5-B29F8F683ADC}] => (Allow) LPort=9100
FirewallRules: [{0A2C2DB6-4CFC-4104-8C7E-382CBE0E1F9A}] => (Allow) LPort=427
FirewallRules: [{16BAEA10-7FDD-4861-82B5-04F7E37DBA57}] => (Allow) LPort=161
FirewallRules: [TCP Query User{EFF94192-4C4B-4F23-847F-CC18D66EAD30}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{B872CF1B-4E33-4A0A-AAD4-8F83F6B0BEBE}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{279B3B80-0BEB-4EA3-931B-57AE2040F0AF}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{3FC15556-EA72-41F8-804A-35B2AA20914C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{CCEA0920-A419-45A6-912E-CC79D5D3D466}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{67F1CAEA-E039-42CB-A053-A8517ABF6062}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{38512E5C-A115-4FD4-A958-A5F8EAE22F45}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{7CD50753-BDFE-441E-94BE-4A06F6880CBB}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{4F6C1FCD-1E36-403C-89A3-C3F1C35A263A}C:\users\jk\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\jk\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{4A3904C5-74B8-473F-B33E-22D6399176D9}C:\users\jk\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\jk\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{1CD3BD7D-68B1-4242-BD5F-60ABFDDCDA87}] => (Block) C:\users\jk\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{4E3A0647-312B-401B-991E-9ACC02A543B1}] => (Block) C:\users\jk\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{1E79499E-B6FB-4511-BE71-A14308AE43B6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{5C1858DE-7F98-4652-9597-C9D8848B2CB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{9C2F2C92-52DB-43C1-B635-399CED29FBAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{166042C9-695E-4299-A225-88D415B5DF37}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe
FirewallRules: [{4376C6C0-7E1C-45E7-9871-0A6D26A32837}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{5D0D79E2-E04A-4C4B-854D-E39DF5C152EC}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{A30A5B2C-EA2B-4107-B1A5-7950C47ADA63}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{D8A967BF-4E0C-4ED1-924E-84C97775AE8A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{27AC2CEE-DDE2-417D-9303-9E336DA7260E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C06B5DCC-AFC1-4D62-940C-C7A073FFE034}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/18/2016 01:02:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: jk-PC)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/18/2016 01:00:56 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: jk-PC)
Description: Application or service 'Microsoft Excel' could not be shut down.
 
Error: (06/18/2016 01:00:56 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: jk-PC)
Description: Application or service 'Office Telemetry Agent' could not be shut down.
 
Error: (06/15/2016 09:36:40 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (06/01/2016 09:44:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
Exception code: 0xc0000602
Fault offset: 0x000000000022885f
Faulting process id: 0x564
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
 
Error: (06/01/2016 09:44:18 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (1380) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)
 
Error: (06/01/2016 03:30:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: jk-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (05/28/2016 01:18:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: jk-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (05/12/2016 10:08:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: jk-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (05/12/2016 09:15:42 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
 
System errors:
=============
Error: (06/22/2016 09:37:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (06/22/2016 09:37:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (06/22/2016 09:35:12 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5
 
Error: (06/18/2016 11:11:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_2597cef8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/18/2016 11:11:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_2597cef8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/18/2016 11:11:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_2597cef8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/18/2016 11:11:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_2597cef8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/18/2016 01:02:33 PM) (Source: DCOM) (EventID: 10001) (User: jk-PC)
Description: "C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe" -ServerName:SkypeHost.ServerServer15616App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mcaUnavailableUnavailable
 
Error: (06/15/2016 10:19:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_249da92e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/15/2016 10:19:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_249da92e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-06-22 21:40:37.043
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-22 21:40:37.031
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-22 21:40:37.017
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-22 21:35:52.696
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-18 13:07:36.948
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-18 13:07:36.934
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-18 13:07:36.901
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-18 13:07:36.890
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-18 13:07:36.853
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-18 13:07:36.838
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 38%
Total physical RAM: 8144.61 MB
Available physical RAM: 5016.36 MB
Total Virtual: 16336.61 MB
Available Virtual: 12653.68 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.25 GB) (Free:28.81 GB) NTFS
Drive d: (WD 1TB) (Fixed) (Total:931.51 GB) (Free:847.17 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 4B654968)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1C16C8B1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,656 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:31 PM

Posted 23 June 2016 - 08:45 PM

One question, when did these files first start showing up?

Going over your logs I noticed you have System Restore disabled. Is this something that you chose?

I see you have Ace Stream installed. This is considered an undesirable program because one, it uses a Peer to Peer network to stream, always a risky proposition since it leaves you vulnerable to infection from another computer on that network, and two, it does have an adware module built in.

http://magicplayer.acestream.org/license_en.html

I strongly advise that Ace Stream be removed, along with any browser extensions that use Ace Stream.

To remove an extension from Google Chrome:
  • On your browser, click menu OJLhvM9.jpg
  • Select More tools > Extensions.
  • On the extension you want to remove, click Remove from Chrome kWPZE7C.jpg.
  • A notice to remove the extension will appear. Click Remove.
If an extension has an icon in your Chrome toolbar, you can right-click on the icon and select Remove from Chrome to uninstall the extension.

For Firefox

How to remove extensions and themes
  • Click the menu button 2014-01-10-13-08-08-f52b8c.png and choose Add-ons. The Add-ons Manager tab will open.
  • In the Add-ons Manager tab, select the Extensions or Appearance panel.
  • Select the add-on you wish to remove.
  • Click the Remove button.
  • Click Restart now if it pops up. Your tabs will be saved and restored after the restart.
We need to remove programs using "Add/Remove Programs"

Click "Start" on the taskbar and then click on the "Control Panel" icon.
Please double-click the "Add or Remove Programs" icon.
A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

Ace Stream

Additional instructions can be found here if needed.

Last, please run the following tool.

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
Any questions or concerns please let me know.
To err is Human. To blame it on someone else is even more Human.

#5 Jayroddd

Jayroddd
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 23 June 2016 - 10:09 PM

I don't believe I chose for System Restore to be deactivated.

 

I wasn't aware that Ace Stream was dangerous, I uninstalled it immediately using the "Uninstall a Program" in W10, and made sure Google/Firefox had no extensions for it. 

 

EDIT: I realize I didn't answer your question about how long it has been. I think I've been seeing these files be generated every few weeks for the last 1-2 months.

 

AdwCleaner log below. It looks as if there are still remnants of Ace on my computer.

 

# AdwCleaner v5.200 - Logfile created 23/06/2016 at 23:06:25
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-23.1 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : jk - JK-PC
# Running from : C:\Users\jk\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Users\jk\AppData\LocalLow\.acestream
Folder Found : C:\Users\jk\AppData\Roaming\.acestream
Folder Found : C:\Users\jk\AppData\Roaming\acestream
Folder Found : C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj
 
***** [ Files ] *****
 
File Found : C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmnlcjabgnpnenekpadlanbbkooimhnj
File Found : C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Classes\acestream
Key Found : HKU\S-1-5-21-1373234821-862175783-1456849790-1001\Software\Classes\acestream
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{4F6C1FCD-1E36-403C-89A3-C3F1C35A263A}C:\users\jk\appdata\roaming\acestream\engine\ace_engine.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{4A3904C5-74B8-473F-B33E-22D6399176D9}C:\users\jk\appdata\roaming\acestream\engine\ace_engine.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{1CD3BD7D-68B1-4242-BD5F-60ABFDDCDA87}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{4E3A0647-312B-401B-991E-9ACC02A543B1}]
 
***** [ Web browsers ] *****
 
[C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : bmnlcjabgnpnenekpadlanbbkooimhnj
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [2282 bytes] - [23/06/2016 23:06:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2355 bytes] ##########

Edited by Jayroddd, 23 June 2016 - 10:19 PM.


#6 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,656 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:31 PM

Posted 25 June 2016 - 09:55 AM

First off we need to re-enable System Restore.

  • Right click the Start button then Control Panel > System. On the left pane choose System Protection.
  • In the System Properties Window, under Protection Settings choose the drive OS(C:)(System). It will turn Blue.
  • Click the Configure below.
  • In this new Window System Protection for OS(C:) make sure System Protection is turned on.
  • Beneath that use the slider to set the amount of disk space you want to use, 5 to 10 percent is a usual. Now click OK.
  • Back to the System Properties Window. At the bottom click Create to make a Restore point immediately.

If by any chance you are greeted with any Error Messages when doing the above, let me know.

Now we run AdwCleaner once more. Note the extra step in Red.

  • Double click on AdwCleaner.exe to run the tool.
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Now we should take another look with another tool.

Download 51a46ae42d560-malwarebytes_anti_malware.MalwareBytes Anti-Malware to your desktop.

  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
    • If no threats were found, click View detailed log.
      • Click Export and save the log as a .txt file on your Desktop or another location.
    • If the scan detected any threats, click Apply Actions.
      • To complete any actions taken you will be prompted to restart your computer...click on Yes.
      • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
      • Check the box next to Scan Log. Choose the most current scan and click View.
      • Click Export and save the log as a .txt file on your Desktop or another location.
  • Providing the MalwareBytes' Anti-Malware log file
    • Attach the log file you just saved to your next reply for further review.
    Any question please ask. 


To err is Human. To blame it on someone else is even more Human.

#7 Jayroddd

Jayroddd
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 25 June 2016 - 04:04 PM

No issues with system restore.
 
# AdwCleaner v5.200 - Logfile created 25/06/2016 at 16:55:15
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-25.2 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : jk - JK-PC
# Running from : C:\Users\jk\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\jk\AppData\LocalLow\.acestream
[-] Folder Deleted : C:\Users\jk\AppData\Roaming\.acestream
[-] Folder Deleted : C:\Users\jk\AppData\Roaming\acestream
[-] Folder Deleted : C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmnlcjabgnpnenekpadlanbbkooimhnj
[-] File Deleted : C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Classes\acestream
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{4F6C1FCD-1E36-403C-89A3-C3F1C35A263A}C:\users\jk\appdata\roaming\acestream\engine\ace_engine.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{4A3904C5-74B8-473F-B33E-22D6399176D9}C:\users\jk\appdata\roaming\acestream\engine\ace_engine.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{1CD3BD7D-68B1-4242-BD5F-60ABFDDCDA87}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{4E3A0647-312B-401B-991E-9ACC02A543B1}]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bmnlcjabgnpnenekpadlanbbkooimhnj
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [2359 bytes] - [25/06/2016 16:55:15]
C:\AdwCleaner\AdwCleaner[S1].txt - [2434 bytes] - [23/06/2016 23:06:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [2715 bytes] - [23/06/2016 23:16:00]
C:\AdwCleaner\AdwCleaner[S3].txt - [2580 bytes] - [25/06/2016 16:54:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2651 bytes] ##########
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/25/2016
Scan Time: 4:59 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.06.25.05
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: jk
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 301164
Time Elapsed: 3 min, 27 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Scan, 6/25/2016 3:01 AM, SYSTEM, JK-PC, Context, Start:6/25/2016 2:58 AM, Duration:3 min 4 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Update, 6/25/2016 6:44 AM, SYSTEM, JK-PC, Scheduler, Domain Database, 2016.6.24.9, 2016.6.25.1, 
Update, 6/25/2016 6:44 AM, SYSTEM, JK-PC, Scheduler, Malware Database, 2016.6.25.1, 2016.6.25.2, 
Protection, 6/25/2016 6:44 AM, SYSTEM, JK-PC, Protection, Refresh, Starting, 
Protection, 6/25/2016 6:44 AM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 6/25/2016 6:44 AM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 6/25/2016 6:44 AM, SYSTEM, JK-PC, Protection, Refresh, Success, 
Protection, 6/25/2016 6:44 AM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Starting, 
Protection, 6/25/2016 6:44 AM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Started, 
Update, 6/25/2016 7:40 AM, SYSTEM, JK-PC, Scheduler, IP Database, 2016.6.24.1, 2016.6.25.1, 
Update, 6/25/2016 7:40 AM, SYSTEM, JK-PC, Scheduler, Domain Database, 2016.6.25.1, 2016.6.25.2, 
Protection, 6/25/2016 7:40 AM, SYSTEM, JK-PC, Protection, Refresh, Starting, 
Protection, 6/25/2016 7:40 AM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 6/25/2016 7:40 AM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 6/25/2016 7:40 AM, SYSTEM, JK-PC, Protection, Refresh, Success, 
Protection, 6/25/2016 7:40 AM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Starting, 
Protection, 6/25/2016 7:40 AM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Started, 
Update, 6/25/2016 8:24 AM, SYSTEM, JK-PC, Scheduler, IP Database, 2016.6.25.1, 2016.6.25.2, 
Protection, 6/25/2016 8:24 AM, SYSTEM, JK-PC, Protection, Refresh, Starting, 
Protection, 6/25/2016 8:24 AM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 6/25/2016 8:24 AM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 6/25/2016 8:25 AM, SYSTEM, JK-PC, Protection, Refresh, Success, 
Protection, 6/25/2016 8:25 AM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Starting, 
Protection, 6/25/2016 8:25 AM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Started, 
Update, 6/25/2016 8:42 AM, SYSTEM, JK-PC, Scheduler, Domain Database, 2016.6.25.2, 2016.6.25.3, 
Protection, 6/25/2016 8:42 AM, SYSTEM, JK-PC, Protection, Refresh, Starting, 
Protection, 6/25/2016 8:42 AM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 6/25/2016 8:42 AM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 6/25/2016 8:42 AM, SYSTEM, JK-PC, Protection, Refresh, Success, 
Protection, 6/25/2016 8:42 AM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Starting, 
Protection, 6/25/2016 8:42 AM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Started, 
Update, 6/25/2016 9:41 AM, SYSTEM, JK-PC, Scheduler, Malware Database, 2016.6.25.2, 2016.6.25.3, 
Protection, 6/25/2016 9:41 AM, SYSTEM, JK-PC, Protection, Refresh, Starting, 
Protection, 6/25/2016 9:41 AM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 6/25/2016 9:41 AM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 6/25/2016 9:41 AM, SYSTEM, JK-PC, Protection, Refresh, Success, 
Protection, 6/25/2016 9:41 AM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Starting, 
Protection, 6/25/2016 9:41 AM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Started, 
Update, 6/25/2016 1:48 PM, SYSTEM, JK-PC, Scheduler, Domain Database, 2016.6.25.3, 2016.6.25.4, 
Protection, 6/25/2016 1:48 PM, SYSTEM, JK-PC, Protection, Refresh, Starting, 
Protection, 6/25/2016 1:48 PM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 6/25/2016 1:48 PM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 6/25/2016 1:48 PM, SYSTEM, JK-PC, Protection, Refresh, Success, 
Protection, 6/25/2016 1:48 PM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Starting, 
Protection, 6/25/2016 1:48 PM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Started, 
Protection, 6/25/2016 4:46 PM, SYSTEM, JK-PC, Protection, Malware Protection, Stopping, 
Protection, 6/25/2016 4:46 PM, SYSTEM, JK-PC, Protection, Malware Protection, Stopped, 
Protection, 6/25/2016 4:46 PM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 6/25/2016 4:46 PM, SYSTEM, JK-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 6/25/2016 4:58 PM, SYSTEM, JK-PC, Protection, Malware Protection, Stopping, 
Protection, 6/25/2016 4:58 PM, SYSTEM, JK-PC, Protection, Malware Protection, Stopped, 
Update, 6/25/2016 4:59 PM, SYSTEM, JK-PC, Manual, Remediation Database, 2016.2.12.1, 2016.6.21.1, 
Update, 6/25/2016 4:59 PM, SYSTEM, JK-PC, Manual, Rootkit Database, 2016.2.8.1, 2016.5.27.1, 
Update, 6/25/2016 4:59 PM, SYSTEM, JK-PC, Manual, IP Database, 2016.2.8.1, 2016.6.25.2, 
Update, 6/25/2016 4:59 PM, SYSTEM, JK-PC, Manual, Domain Database, 2016.2.16.8, 2016.6.25.4, 
Update, 6/25/2016 4:59 PM, SYSTEM, JK-PC, Manual, Malware Database, 2016.2.16.6, 2016.6.25.5, 
Protection, 6/25/2016 4:59 PM, SYSTEM, JK-PC, Protection, Refresh, Starting, 
Protection, 6/25/2016 4:59 PM, SYSTEM, JK-PC, Protection, Refresh, Success, 
Scan, 6/25/2016 5:03 PM, SYSTEM, JK-PC, Manual, Start:6/25/2016 4:59 PM, Duration:3 min 27 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
 
(end)


#8 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,656 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:31 PM

Posted 26 June 2016 - 08:50 AM

I would like a third and fourth opinion, so a couple of more scans:

Download RogueKiller from HERE and save it to your desktop:

  • Close all programs and disconnect any USB or external drives before running the tool.
  • Double-click RogueKillerX64.exe to run the tool.
  • Click Start Scan.
  • On the next Window click Start Scan at the bottom
  • Once the scan is finished", click the "Open Report" button. <--Don't fix anything!
  • On the next Window click the Open TXT button.
  • Copy and paste the report that opens into your next reply.

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

So for your next reply please post those two new logs. Let me know the next time you see one of those Chinese files. Also let me know how your computer is running. 


To err is Human. To blame it on someone else is even more Human.

#9 Jayroddd

Jayroddd
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 27 June 2016 - 10:09 PM

Seems to be running well, no chinese files since 1-2 weeks before I created the topic.
 
RogueKiller V12.3.6.0 (x64) [Jun 27 2016] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : jk [Administrator]
Started from : D:\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 06/27/2016 22:39:34
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUP][CHROME:Addon] Default : Honey [bmnlcjabgnpnenekpadlanbbkooimhnj] -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SanDisk SDSSDHII120G +++++
--- User ---
[MBR] 4594e64ea4987061abb1a956c38c559d
[BSP] c464ac80ce4e14b8247c47b97bf5a209 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 113921 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 233517056 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ST1000DM003-1ER162 +++++
--- User ---
[MBR] 3e9109d953de26e29f6d9eba26a4010d
[BSP] 254dcb4f699e7461cbfef6dedcd3f80c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2016-06-27 22:41:01
-----------------------------
22:41:01.512    OS Version: Windows x64 6.2.9200 
22:41:01.512    Number of processors: 4 586 0x5E03
22:41:01.512    ComputerName: JK-PC  UserName: jk
22:41:01.722    Initialize success
22:41:01.757    VM: initialized successfully
22:41:01.757    VM: Intel CPU supported 
22:41:11.807    VM: disk I/O storahci.sys
22:41:52.858    AVAST engine defs: 16062701
22:41:58.856    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000033
22:41:58.856    Disk 0 Vendor:   Size: 0MB BusType: 0
22:41:58.856    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000034
22:41:58.861    Disk 1 Vendor:   Size: 0MB BusType: 0
22:41:58.866    Disk 0 MBR read successfully
22:41:58.866    Disk 0 MBR scan
22:41:58.886    Disk 0 Windows 7 default MBR code
22:41:58.886    Disk 0 MBR hidden
22:41:58.891    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 2048
22:41:58.906    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS       113921 MB offset 206848
22:41:59.261    Disk 0 Partition 3 00     27 Hidden NTFS WinRE NTFS          450 MB offset 233517056
22:41:59.296    Disk 0 scanning C:\WINDOWS\system32\drivers
22:42:00.143    Service scanning
22:42:06.969    Modules scanning
22:42:06.974    Disk 0 trace - called modules:
22:42:06.979    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll storahci.sys 
22:42:06.984    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0018595e060]
22:42:06.984    3 CLASSPNP.SYS[fffff801e1597d95] -> nt!IofCallDriver -> [0xffffe0018585ee40]
22:42:06.989    5 ACPI.sys[fffff801e19a1361] -> nt!IofCallDriver -> [0xffffe00185960cf0]
22:42:06.994    7 ACPI.sys[fffff801e19a1361] -> nt!IofCallDriver -> \Device\00000033[0xffffe00185920060]
22:42:07.191    AVAST engine scan C:\WINDOWS
22:42:07.401    AVAST engine scan C:\WINDOWS\system32
22:42:52.166    AVAST engine scan C:\WINDOWS\system32\drivers
22:42:54.132    AVAST engine scan C:\Users\jk
22:44:49.550    AVAST engine scan C:\ProgramData
22:44:58.443    Disk 0 statistics 1768364/0/0 @ 1906.09 MB/s
22:44:58.545    Scan finished successfully
23:08:45.149    Disk 0 MBR has been saved successfully to "C:\Users\jk\Desktop\MBR.dat"
23:08:45.175    The log file has been saved successfully to "C:\Users\jk\Desktop\aswMBR.txt"
 
 


#10 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,656 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:31 PM

Posted 28 June 2016 - 10:39 PM

The only minor problem we're having is this extension called Honey. All the tools ran mark it as Adware, on the other hand perhaps you want it. If you do, tell me and I'll drop the matter. If you don't follows these steps:
  • Access Google Dashboard from HERE
  • If you are not signed in you will be prompted to do so.
  • On the Dashboard page scroll to the bottom and click Reset sync.
  • Sign out of your Google account.
  • If you have multiple accounts do the same for each one.
Please rerun Adwcleaner again.
  • Double click on AdwCleaner.exe to run the tool.
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Any question please ask.
To err is Human. To blame it on someone else is even more Human.

#11 Jayroddd

Jayroddd
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 01 July 2016 - 07:20 AM

No problem getting rid of Honey, it's a coupon extension and I don't think it ever came in handy.

 

# AdwCleaner v5.200 - Logfile created 01/07/2016 at 08:17:41
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-30.2 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : jk - JK-PC
# Running from : C:\Users\jk\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmnlcjabgnpnenekpadlanbbkooimhnj
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bmnlcjabgnpnenekpadlanbbkooimhnj
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [2730 bytes] - [25/06/2016 16:55:15]
C:\AdwCleaner\AdwCleaner[C2].txt - [1172 bytes] - [01/07/2016 08:17:41]
C:\AdwCleaner\AdwCleaner[S1].txt - [2434 bytes] - [23/06/2016 23:06:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [2715 bytes] - [23/06/2016 23:16:00]
C:\AdwCleaner\AdwCleaner[S3].txt - [2580 bytes] - [25/06/2016 16:54:30]
C:\AdwCleaner\AdwCleaner[S4].txt - [1436 bytes] - [01/07/2016 08:17:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1537 bytes] ##########


#12 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,656 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:31 PM

Posted 02 July 2016 - 09:32 AM

Honey is gone, that's good. I don't know if it was the source of those files, truth be told. I really can't say what's causing them. My advice is to keep an eye out for them, if they rear their heads go to your download tab from the three horizontal lines menu at the top right hand corner of your browser. We might catch the webpage they're coming from.


To err is Human. To blame it on someone else is even more Human.

#13 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,656 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:31 PM

Posted 06 July 2016 - 05:45 PM

Do you still need help with this?
To err is Human. To blame it on someone else is even more Human.

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:31 PM

Posted 08 July 2016 - 10:45 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users