Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

On Windows 10 startup, Chrome opens to website


  • This topic is locked This topic is locked
13 replies to this topic

#1 jkxs

jkxs

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 04 July 2016 - 11:57 PM

Hello! This is the same issue as seen here and I believe it is due to the use of KMSpico to activate windows 10 pro. Basically, what happens when I startup my laptop is that Chrome (default browser) starts up and opens a page (http://bestprosoft.com/category/download-latest-best-professional-software-2016/) which looks like this (screenshot of Google security warning page). I have run a full scan via Kaspersky Total Security several times and have found no malware. I think it's worth mentioning that I uninstalled KMSpico
 
FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by jkxs (administrator) on DESKTOP-LE21JQ9 (05-07-2016 00:53:42)
Running from C:\Users\jkxs\Downloads
Loaded Profiles: jkxs (Available Profiles: jkxs)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Node.js) C:\Windows\Prey\versions\1.6.1\bin\node.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.6.1\node_modules\triggers\bin\lightevt.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Spotify Ltd) C:\Users\jkxs\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Flux Software LLC) C:\Users\jkxs\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\wmi64.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3358952 2015-09-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795912 2015-07-23] (NVIDIA Corporation)
HKLM-x32\...\Run: [DriverPack Notifier] => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe [258560 2015-12-18] ()
HKU\S-1-5-21-2077950710-3557759484-1799977053-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-30] (Disc Soft Ltd)
HKU\S-1-5-21-2077950710-3557759484-1799977053-1001\...\Run: [Spotify Web Helper] => C:\Users\jkxs\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1553520 2016-07-04] (Spotify Ltd)
HKU\S-1-5-21-2077950710-3557759484-1799977053-1001\...\Run: [f.lux] => C:\Users\jkxs\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2077950710-3557759484-1799977053-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-05-25] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2077950710-3557759484-1799977053-1001\...\MountPoints2: {218de9b4-d382-11e5-ae5f-0090f5cf07c7} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-2077950710-3557759484-1799977053-1001\...\MountPoints2: {47e7536a-b0db-11e5-ae54-0090f5cf07c7} - "F:\DriverPack.exe" 
HKU\S-1-5-21-2077950710-3557759484-1799977053-1001\...\MountPoints2: {c004284b-e30a-11e5-ae62-0090f5cf07c7} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-05-25] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2016-01-05]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
InternetURL: C:\Users\jkxs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Latest Windows 10 Pro Permanent Activator 2016.url -> URL: hxxp://bestprosoft.com/category/download-latest-best-professional-software-2016/
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{952da38b-8277-4418-b158-3613e860a4c3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c4ec18f6-56c0-424a-bcb7-f773954764b2}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2077950710-3557759484-1799977053-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2077950710-3557759484-1799977053-1001 -> {673F0FB7-E635-4E5E-B3F7-349D9458FB02} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-05-05] (AO Kaspersky Lab)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-10] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-05-05] (AO Kaspersky Lab)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-06-10] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-05-05] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-05-05] (AO Kaspersky Lab)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2016-01-03] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-06-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-05-23]
 
Chrome: 
=======
CHR StartupUrls: Default -> "about:blank"
CHR Profile: C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-01]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-06-14]
CHR Extension: (YouTube) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-01]
CHR Extension: (Ebates Cash Back) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2016-06-13]
CHR Extension: (Pushbullet) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2016-05-12]
CHR Extension: (uBlock Origin) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-06-25]
CHR Extension: (Google Search) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-01]
CHR Extension: (Google Play Music) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-06-29]
CHR Extension: (Myibidder Auction Bid Sniper for eBay) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp [2016-07-04]
CHR Extension: (Chrome Remote Desktop) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-05-18]
CHR Extension: (PriceZombie Price Tracker & Price Comparison) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppjmcjmigdbfnpilblnogepgpolhcho [2016-01-01]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-06-23]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-16]
CHR Extension: (Coupons at Checkout) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2016-03-26]
CHR Extension: (GiveBuy) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kibgbkhdjbljddfjlaaefalkepmbobob [2016-01-01]
CHR Extension: (The Great Suspender) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2016-07-04]
CHR Extension: (Auto HD For YouTube™) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2016-05-26]
CHR Extension: (BehindTheOverlay) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljipkdpcjbmhkdjjmbbaggebcednbbme [2016-01-01]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-19]
CHR Extension: (Fakespot - Analyze Fake Amazon Reviews) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nakplnnackehceedgkgkokbgbmfghain [2016-06-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Better History) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb [2016-07-04]
CHR Extension: (Print Friendly & PDF) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2016-01-01]
CHR Extension: (Visualping) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2016-05-04]
CHR Extension: (Gmail) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-01]
CHR Extension: (Chrome Media Router) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-06-24]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2016-05-05] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2016-01-01] (Fork, Ltd.) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [155872 2015-09-17] (ELAN Microelectronics Corp.)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [795664 2016-05-25] (Garmin Ltd. or its subsidiaries)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328616 2015-10-14] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [35328 2011-02-18] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [33240 2015-12-08] (VIA Technologies, Inc.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcmsmbsp; C:\Windows\System32\drivers\bcmsmbsp.sys [53024 2015-07-10] (Broadcom Corporation.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-01-01] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [46392 2016-01-01] (Disc Soft Ltd)
R3 int0800; C:\Windows\System32\drivers\flashud.sys [51712 2009-09-09] (Intel Corporation)
S3 jnprva; C:\Windows\System32\drivers\jnprva.sys [30072 2015-05-24] (Juniper Networks, Inc.)
S3 JnprVaMgr; C:\Windows\System32\drivers\jnprvamgr.sys [45352 2015-05-24] (Juniper Networks, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [77728 2016-05-05] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2016-05-05] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [238000 2016-05-23] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [933808 2016-05-23] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [49240 2016-05-23] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2016-05-05] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87984 2016-05-23] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-01] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185600 2015-10-08] (Intel Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3354384 2015-05-04] (Intel Corporation)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 vl810filter; C:\Windows\system32\DRIVERS\vl810filter.sys [17008 2011-11-17] (VIA Labs, Inc.)
R3 VMfilt; C:\Windows\system32\drivers\VMfilt64.sys [42192 2015-12-08] (Creative Technology Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-05 00:42 - 2016-07-05 00:42 - 00000331 _____ C:\Users\jkxs\Desktop\bleepingcomputer.txt
2016-07-05 00:37 - 2016-07-05 00:53 - 00021762 _____ C:\Users\jkxs\Downloads\FRST.txt
2016-07-04 12:34 - 2016-07-04 12:35 - 00002072 _____ C:\Users\jkxs\Downloads\Fixlog.txt
2016-07-04 12:30 - 2016-07-05 00:53 - 00000000 ____D C:\FRST
2016-07-04 12:30 - 2016-07-04 12:30 - 02390016 _____ (Farbar) C:\Users\jkxs\Downloads\FRST64.exe
2016-07-04 12:27 - 2016-07-04 12:27 - 00001826 _____ C:\Users\jkxs\Desktop\JRT.txt
2016-07-04 12:24 - 2016-07-04 12:24 - 01610816 _____ (Malwarebytes) C:\Users\jkxs\Downloads\JRT.exe
2016-07-04 12:23 - 2016-07-04 12:24 - 00000000 ____D C:\AdwCleaner
2016-07-04 12:22 - 2016-07-04 12:22 - 03712064 _____ C:\Users\jkxs\Downloads\AdwCleaner.exe
2016-07-02 02:30 - 2016-07-02 02:30 - 01384279 _____ C:\Users\jkxs\Downloads\Craigslist.pptx
2016-07-01 01:46 - 2016-07-01 14:13 - 00000000 ____D C:\Program Files\KMSpico
2016-07-01 01:46 - 2016-07-01 01:46 - 00004608 _____ C:\Windows\SECOH-QAD.exe
2016-07-01 01:46 - 2016-07-01 01:46 - 00003584 _____ C:\Windows\SECOH-QAD.dll
2016-07-01 01:45 - 2016-07-01 01:45 - 00004477 _____ C:\Users\jkxs\Downloads\[kat.cr]kmspico.10.1.6.final.windows.10.activator.100.working.torrent
2016-07-01 01:45 - 2016-07-01 01:45 - 00000000 ____D C:\Users\jkxs\Downloads\KMSpico Install
2016-07-01 01:31 - 2016-07-01 01:40 - 00000109 _____ C:\Users\jkxs\Desktop\Download Latest Windows 10 Pro Permanent Activator 2016.url
2016-07-01 01:28 - 2016-07-01 01:28 - 00014594 _____ C:\Users\jkxs\Downloads\[kat.cr]activator.for.windows.10.8.1.8.7.and.office.2007.2010.2013.2016.pc.install.portable.install (1).torrent
2016-07-01 01:27 - 2016-07-01 01:27 - 16471946 _____ (The qBittorrent project) C:\Users\jkxs\Downloads\qbittorrent_3.3.5_setup.exe
2016-07-01 01:27 - 2016-07-01 01:27 - 00014594 _____ C:\Users\jkxs\Downloads\[kat.cr]activator.for.windows.10.8.1.8.7.and.office.2007.2010.2013.2016.pc.install.portable.install.torrent
2016-07-01 01:27 - 2016-07-01 01:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2016-06-26 23:07 - 2016-06-26 23:07 - 06497892 _____ C:\Users\jkxs\Downloads\Every official Game of Thrones posters so far... - Imgur.zip
2016-06-26 23:07 - 2016-06-26 23:07 - 00000000 ____D C:\Users\jkxs\Desktop\Game of Thrones Wallpapers
2016-06-20 08:41 - 2016-06-20 08:41 - 00087858 _____ C:\Users\jkxs\Downloads\201606151428 (1).pdf
2016-06-20 08:36 - 2016-06-20 08:36 - 00000000 ____D C:\Users\jkxs\Downloads\Subaru
2016-06-19 12:23 - 2016-06-19 12:23 - 00023741 _____ C:\Users\jkxs\Downloads\PHR.html
2016-06-19 12:10 - 2016-06-19 12:10 - 82974289 _____ C:\Users\jkxs\Downloads\Bottle Pro.mp4
2016-06-19 02:58 - 2016-06-19 02:58 - 00000135 _____ C:\Users\jkxs\Desktop\Dog tag.txt
2016-06-18 01:48 - 2016-06-18 01:48 - 00087858 _____ C:\Users\jkxs\Downloads\201606151428.pdf
2016-06-16 14:12 - 2016-06-16 14:13 - 00150719 _____ C:\Users\jkxs\Downloads\072444-071775-066335-H631SFJ100ImprezaTweeters.pdf
2016-06-16 14:00 - 2016-06-16 14:15 - 02696488 _____ C:\Users\jkxs\Downloads\070977-h631ssg000.pdf
2016-06-14 23:35 - 2016-06-14 23:35 - 00483344 _____ C:\Users\jkxs\Downloads\Fairfax_20160614_200921.pdf
2016-06-14 21:59 - 2016-05-28 02:13 - 01401024 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-14 21:59 - 2016-05-28 02:13 - 01184960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-14 21:59 - 2016-05-28 02:13 - 00514752 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-14 21:59 - 2016-05-28 02:13 - 00290496 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-14 21:59 - 2016-05-28 02:13 - 00092352 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-14 21:59 - 2016-05-28 02:13 - 00046784 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-14 21:59 - 2016-05-28 01:25 - 04268880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2016-06-14 21:59 - 2016-05-28 01:23 - 00388384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-14 21:59 - 2016-05-28 01:23 - 00312160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-14 21:59 - 2016-05-28 01:22 - 07474528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-06-14 21:59 - 2016-05-28 01:22 - 04387680 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2016-06-14 21:59 - 2016-05-28 01:22 - 00428896 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2016-06-14 21:59 - 2016-05-28 01:22 - 00211296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2016-06-14 21:59 - 2016-05-28 01:22 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2016-06-14 21:59 - 2016-05-28 01:20 - 00430312 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-14 21:59 - 2016-05-28 01:18 - 00357216 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-14 21:59 - 2016-05-28 01:16 - 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-06-14 21:59 - 2016-05-28 01:09 - 00501600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-06-14 21:59 - 2016-05-28 01:09 - 00170848 _____ (Microsoft Corporation) C:\Windows\system32\NetworkUXBroker.exe
2016-06-14 21:59 - 2016-05-28 01:09 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-06-14 21:59 - 2016-05-28 01:08 - 00693600 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-06-14 21:59 - 2016-05-28 01:08 - 00258912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ufx01000.sys
2016-06-14 21:59 - 2016-05-28 01:08 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-06-14 21:59 - 2016-05-28 01:07 - 03675512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-14 21:59 - 2016-05-28 01:07 - 02921880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-14 21:59 - 2016-05-28 01:07 - 01322248 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-06-14 21:59 - 2016-05-28 01:07 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-06-14 21:59 - 2016-05-28 01:07 - 00808288 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-06-14 21:59 - 2016-05-28 01:07 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-06-14 21:59 - 2016-05-28 01:07 - 00331616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-06-14 21:59 - 2016-05-28 01:06 - 22561256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-14 21:59 - 2016-05-28 01:06 - 04074160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-14 21:59 - 2016-05-28 01:06 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2016-06-14 21:59 - 2016-05-28 01:06 - 00303216 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-06-14 21:59 - 2016-05-28 01:06 - 00254656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-06-14 21:59 - 2016-05-28 01:05 - 04515264 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-14 21:59 - 2016-05-28 01:04 - 00604928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-14 21:59 - 2016-05-28 01:04 - 00431296 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-14 21:59 - 2016-05-28 01:04 - 00360480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-14 21:59 - 2016-05-28 01:04 - 00161632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-14 21:59 - 2016-05-28 01:04 - 00111064 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-06-14 21:59 - 2016-05-28 01:04 - 00097096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-06-14 21:59 - 2016-05-28 01:03 - 00131248 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-14 21:59 - 2016-05-28 00:58 - 01996640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-06-14 21:59 - 2016-05-28 00:58 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-14 21:59 - 2016-05-28 00:57 - 02548944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-06-14 21:59 - 2016-05-28 00:57 - 02195632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-06-14 21:59 - 2016-05-28 00:57 - 01594416 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-14 21:59 - 2016-05-28 00:57 - 01372312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-14 21:59 - 2016-05-28 00:57 - 00649792 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-06-14 21:59 - 2016-05-28 00:57 - 00636304 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-06-14 21:59 - 2016-05-28 00:57 - 00577376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-06-14 21:59 - 2016-05-28 00:57 - 00546456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-06-14 21:59 - 2016-05-28 00:57 - 00521664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-06-14 21:59 - 2016-05-28 00:57 - 00316256 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-14 21:59 - 2016-05-28 00:35 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\tdlrecover.exe
2016-06-14 21:59 - 2016-05-28 00:35 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll
2016-06-14 21:59 - 2016-05-28 00:35 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsdport.sys
2016-06-14 21:59 - 2016-05-28 00:31 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdlrecover.exe
2016-06-14 21:59 - 2016-05-28 00:31 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-06-14 21:59 - 2016-05-28 00:31 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\MosHostClient.dll
2016-06-14 21:59 - 2016-05-28 00:29 - 22379008 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-06-14 21:59 - 2016-05-28 00:29 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2016-06-14 21:59 - 2016-05-28 00:29 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-14 21:59 - 2016-05-28 00:29 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\httpprxp.dll
2016-06-14 21:59 - 2016-05-28 00:28 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2016-06-14 21:59 - 2016-05-28 00:28 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-14 21:59 - 2016-05-28 00:28 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-14 21:59 - 2016-05-28 00:27 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosHostClient.dll
2016-06-14 21:59 - 2016-05-28 00:27 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll
2016-06-14 21:59 - 2016-05-28 00:26 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2016-06-14 21:59 - 2016-05-28 00:26 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe
2016-06-14 21:59 - 2016-05-28 00:26 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\omadmclient.exe
2016-06-14 21:59 - 2016-05-28 00:26 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2016-06-14 21:59 - 2016-05-28 00:26 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
2016-06-14 21:59 - 2016-05-28 00:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-14 21:59 - 2016-05-28 00:25 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-14 21:59 - 2016-05-28 00:24 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-06-14 21:59 - 2016-05-28 00:24 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Ndu.sys
2016-06-14 21:59 - 2016-05-28 00:24 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-14 21:59 - 2016-05-28 00:24 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-06-14 21:59 - 2016-05-28 00:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2016-06-14 21:59 - 2016-05-28 00:24 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2016-06-14 21:59 - 2016-05-28 00:24 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2016-06-14 21:59 - 2016-05-28 00:24 - 00053760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-14 21:59 - 2016-05-28 00:23 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2016-06-14 21:59 - 2016-05-28 00:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2016-06-14 21:59 - 2016-05-28 00:22 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2016-06-14 21:59 - 2016-05-28 00:22 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2016-06-14 21:59 - 2016-05-28 00:22 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-14 21:59 - 2016-05-28 00:22 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2016-06-14 21:59 - 2016-05-28 00:22 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll
2016-06-14 21:59 - 2016-05-28 00:22 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2016-06-14 21:59 - 2016-05-28 00:22 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-06-14 21:59 - 2016-05-28 00:22 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-06-14 21:59 - 2016-05-28 00:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2016-06-14 21:59 - 2016-05-28 00:21 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2016-06-14 21:59 - 2016-05-28 00:21 - 00239104 _____ (Microsoft Corporation) C:\Windows\system32\BrokerLib.dll
2016-06-14 21:59 - 2016-05-28 00:21 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-06-14 21:59 - 2016-05-28 00:21 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2016-06-14 21:59 - 2016-05-28 00:21 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-14 21:59 - 2016-05-28 00:20 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2016-06-14 21:59 - 2016-05-28 00:20 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\newdev.dll
2016-06-14 21:59 - 2016-05-28 00:20 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-14 21:59 - 2016-05-28 00:20 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2016-06-14 21:59 - 2016-05-28 00:20 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\GnssAdapter.dll
2016-06-14 21:59 - 2016-05-28 00:20 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Privacy.dll
2016-06-14 21:59 - 2016-05-28 00:20 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2016-06-14 21:59 - 2016-05-28 00:19 - 24605696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-14 21:59 - 2016-05-28 00:19 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-06-14 21:59 - 2016-05-28 00:19 - 00567808 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2016-06-14 21:59 - 2016-05-28 00:19 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2016-06-14 21:59 - 2016-05-28 00:19 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2016-06-14 21:59 - 2016-05-28 00:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2016-06-14 21:59 - 2016-05-28 00:18 - 11545088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-06-14 21:59 - 2016-05-28 00:18 - 07977472 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-06-14 21:59 - 2016-05-28 00:18 - 00678912 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-14 21:59 - 2016-05-28 00:18 - 00610816 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2016-06-14 21:59 - 2016-05-28 00:18 - 00591360 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2016-06-14 21:59 - 2016-05-28 00:18 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2016-06-14 21:59 - 2016-05-28 00:18 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-14 21:59 - 2016-05-28 00:18 - 00380416 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2016-06-14 21:59 - 2016-05-28 00:18 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2016-06-14 21:59 - 2016-05-28 00:17 - 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-06-14 21:59 - 2016-05-28 00:17 - 00963072 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2016-06-14 21:59 - 2016-05-28 00:17 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll
2016-06-14 21:59 - 2016-05-28 00:17 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\newdev.dll
2016-06-14 21:59 - 2016-05-28 00:17 - 00415232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2016-06-14 21:59 - 2016-05-28 00:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2016-06-14 21:59 - 2016-05-28 00:17 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2016-06-14 21:59 - 2016-05-28 00:17 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2016-06-14 21:59 - 2016-05-28 00:16 - 19344384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-14 21:59 - 2016-05-28 00:16 - 00690176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-14 21:59 - 2016-05-28 00:16 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-14 21:59 - 2016-05-28 00:16 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\AppContracts.dll
2016-06-14 21:59 - 2016-05-28 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-06-14 21:59 - 2016-05-28 00:16 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-14 21:59 - 2016-05-28 00:16 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-14 21:59 - 2016-05-28 00:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2016-06-14 21:59 - 2016-05-28 00:15 - 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2016-06-14 21:59 - 2016-05-28 00:15 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-06-14 21:59 - 2016-05-28 00:15 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-14 21:59 - 2016-05-28 00:15 - 00579072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-14 21:59 - 2016-05-28 00:15 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2016-06-14 21:59 - 2016-05-28 00:15 - 00349696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-06-14 21:59 - 2016-05-28 00:15 - 00293888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2016-06-14 21:59 - 2016-05-28 00:15 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-14 21:59 - 2016-05-28 00:14 - 18674176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-06-14 21:59 - 2016-05-28 00:14 - 01716736 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2016-06-14 21:59 - 2016-05-28 00:14 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2016-06-14 21:59 - 2016-05-28 00:14 - 00965632 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-06-14 21:59 - 2016-05-28 00:14 - 00784384 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-14 21:59 - 2016-05-28 00:14 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-14 21:59 - 2016-05-28 00:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2016-06-14 21:59 - 2016-05-28 00:14 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2016-06-14 21:59 - 2016-05-28 00:14 - 00200192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2016-06-14 21:59 - 2016-05-28 00:13 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-06-14 21:59 - 2016-05-28 00:13 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-06-14 21:59 - 2016-05-28 00:13 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2016-06-14 21:59 - 2016-05-28 00:13 - 00939520 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2016-06-14 21:59 - 2016-05-28 00:13 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2016-06-14 21:59 - 2016-05-28 00:13 - 00467456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppContracts.dll
2016-06-14 21:59 - 2016-05-28 00:12 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-06-14 21:59 - 2016-05-28 00:12 - 00614400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-14 21:59 - 2016-05-28 00:12 - 00521728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-14 21:59 - 2016-05-28 00:11 - 01445888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-06-14 21:59 - 2016-05-28 00:11 - 00890368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2016-06-14 21:59 - 2016-05-28 00:11 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-06-14 21:59 - 2016-05-28 00:11 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2016-06-14 21:59 - 2016-05-28 00:11 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-06-14 21:59 - 2016-05-28 00:11 - 00687616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-14 21:59 - 2016-05-28 00:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-14 21:59 - 2016-05-28 00:11 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2016-06-14 21:59 - 2016-05-28 00:09 - 01073152 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-06-14 21:59 - 2016-05-28 00:08 - 13385728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-14 21:59 - 2016-05-28 00:08 - 06295552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-06-14 21:59 - 2016-05-28 00:06 - 12128256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-14 21:59 - 2016-05-28 00:06 - 07200256 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-06-14 21:59 - 2016-05-28 00:06 - 01339904 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-14 21:59 - 2016-05-28 00:05 - 03994624 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2016-06-14 21:59 - 2016-05-28 00:05 - 03664896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-14 21:59 - 2016-05-28 00:05 - 02582016 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-06-14 21:59 - 2016-05-28 00:05 - 01797120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2016-06-14 21:59 - 2016-05-28 00:04 - 06973952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-14 21:59 - 2016-05-28 00:04 - 00555520 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll
2016-06-14 21:59 - 2016-05-28 00:04 - 00450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncController.dll
2016-06-14 21:59 - 2016-05-28 00:03 - 05323776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-14 21:59 - 2016-05-28 00:03 - 05205504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-06-14 21:59 - 2016-05-28 00:03 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2016-06-14 21:59 - 2016-05-28 00:03 - 01185280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationFramework.dll
2016-06-14 21:59 - 2016-05-28 00:03 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\internetmail.dll
2016-06-14 21:59 - 2016-05-28 00:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2016-06-14 21:59 - 2016-05-28 00:02 - 03590144 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-06-14 21:59 - 2016-05-28 00:02 - 02061824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-06-14 21:59 - 2016-05-28 00:02 - 01534464 _____ (Microsoft Corporation) C:\Windows\system32\LocationFramework.dll
2016-06-14 21:59 - 2016-05-28 00:02 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2016-06-14 21:59 - 2016-05-28 00:01 - 01799680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-06-14 21:59 - 2016-05-28 00:01 - 01582080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2016-06-14 21:59 - 2016-05-28 00:01 - 01500160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-14 21:59 - 2016-05-28 00:01 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2016-06-14 21:59 - 2016-05-28 00:00 - 05660160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-06-14 21:59 - 2016-05-28 00:00 - 03585536 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-14 21:59 - 2016-05-28 00:00 - 02635776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-06-14 21:59 - 2016-05-28 00:00 - 02230272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-14 21:59 - 2016-05-28 00:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-06-14 21:59 - 2016-05-28 00:00 - 01730560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-14 21:59 - 2016-05-28 00:00 - 01707520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-06-14 21:59 - 2016-05-28 00:00 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2016-06-14 21:59 - 2016-05-28 00:00 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2016-06-14 21:59 - 2016-05-28 00:00 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2016-06-14 21:59 - 2016-05-27 23:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2016-06-14 21:59 - 2016-05-27 23:58 - 07832576 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-06-14 21:59 - 2016-05-27 23:58 - 04896256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-14 21:59 - 2016-05-27 23:58 - 02755584 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-14 21:59 - 2016-05-27 23:58 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-06-14 21:59 - 2016-05-27 23:58 - 01996288 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-06-14 21:59 - 2016-05-27 23:57 - 02281472 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-06-14 21:59 - 2016-05-27 23:55 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2016-06-14 21:59 - 2016-05-27 23:53 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\ngcpopkeysrv.dll
2016-06-13 23:28 - 2016-06-13 23:53 - 139714873 _____ C:\Users\jkxs\Downloads\720P_1500K_76890131.mp4
2016-06-11 17:58 - 2016-06-11 17:58 - 00000040 _____ C:\Users\jkxs\Desktop\Test
2016-06-11 17:55 - 2016-06-11 17:55 - 00004546 _____ C:\Users\jkxs\AppData\Roaming\CamStudio.cfg
2016-06-11 17:55 - 2016-06-11 17:55 - 00000408 _____ C:\Users\jkxs\AppData\Roaming\CamShapes.ini
2016-06-11 17:55 - 2016-06-11 17:55 - 00000408 _____ C:\Users\jkxs\AppData\Roaming\CamLayout.ini
2016-06-11 17:55 - 2016-06-11 17:55 - 00000052 _____ C:\Users\jkxs\AppData\Roaming\Camdata.ini
2016-06-11 17:49 - 2016-06-11 17:52 - 00000000 ____D C:\Users\jkxs\Documents\My CamStudio Temp Files
2016-06-11 17:49 - 2016-06-11 17:49 - 00000000 ____D C:\Users\jkxs\Documents\My CamStudio Videos
2016-06-11 17:48 - 2016-06-11 17:48 - 00000096 _____ C:\Users\jkxs\AppData\Roaming\version2.xml
2016-06-11 17:47 - 2016-06-11 17:47 - 01019280 _____ (CamStudio) C:\Users\jkxs\Downloads\camstudio.exe
2016-06-10 23:16 - 2016-06-10 23:30 - 00000000 ____D C:\Users\jkxs\Downloads\Zootopia 2016 1080p BluRay x264 DTS-JYK
2016-06-10 23:16 - 2016-06-10 23:16 - 00015022 _____ C:\Users\jkxs\Downloads\[kat.cr]zootopia.2016.1080p.bluray.x264.dts.jyk.torrent
2016-06-06 20:21 - 2016-06-06 20:24 - 10270830 _____ C:\Users\jkxs\Downloads\Torque Pro (OBD 2 & Car) v1.8.92 Patched - android-zone.ws.apk
2016-06-05 22:11 - 2016-06-05 22:11 - 00830164 _____ C:\Users\jkxs\Downloads\footwell lighting instructions.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-05 00:52 - 2016-05-05 22:19 - 00002444 _____ C:\Users\jkxs\Desktop\Safe Money.lnk
2016-07-05 00:52 - 2016-05-05 22:18 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-07-05 00:46 - 2016-01-01 18:57 - 00879220 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-05 00:46 - 2015-10-30 03:21 - 00000000 ____D C:\Windows\INF
2016-07-05 00:42 - 2016-01-01 19:36 - 00000000 __SHD C:\Users\jkxs\IntelGraphicsProfiles
2016-07-05 00:42 - 2016-01-01 19:20 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-05 00:42 - 2016-01-01 18:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-05 00:42 - 2015-10-30 02:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-07-05 00:35 - 2016-01-01 19:20 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-04 19:46 - 2016-02-06 15:11 - 00000000 ____D C:\Users\jkxs\AppData\Local\Spotify
2016-07-04 19:19 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\AppReadiness
2016-07-04 14:11 - 2016-02-06 15:10 - 00000000 ____D C:\Users\jkxs\AppData\Roaming\Spotify
2016-07-03 22:01 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-03 15:32 - 2016-05-22 22:44 - 00000000 ____D C:\Users\jkxs\Desktop\Subaru
2016-07-01 23:28 - 2016-01-01 21:17 - 00000000 ____D C:\Users\jkxs\AppData\Roaming\vlc
2016-07-01 14:13 - 2016-05-30 13:03 - 00000000 ____D C:\Users\jkxs\AppData\Roaming\Octoshape
2016-07-01 01:46 - 2016-01-01 20:48 - 00000000 ____D C:\Users\jkxs\AppData\Roaming\qBittorrent
2016-07-01 01:34 - 2015-10-30 02:28 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-07-01 01:27 - 2016-01-01 20:23 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2016-06-30 21:47 - 2016-04-04 18:28 - 00000099 _____ C:\Users\jkxs\Desktop\865 Rent.txt
2016-06-26 01:25 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\NDF
2016-06-23 20:02 - 2016-01-01 20:40 - 00000000 ____D C:\Windows\Prey
2016-06-23 19:21 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-23 19:20 - 2016-01-01 19:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-23 19:15 - 2015-10-30 03:24 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-06-18 00:39 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\rescache
2016-06-18 00:37 - 2015-10-30 03:11 - 00000000 ____D C:\Windows\CbsTemp
2016-06-17 02:10 - 2016-01-01 19:04 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-17 02:10 - 2016-01-01 18:52 - 00333072 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-17 01:34 - 2015-10-30 03:24 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-06-17 01:34 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-06-17 01:34 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\bcastdvr
2016-06-16 14:36 - 2016-01-01 19:20 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-16 14:36 - 2016-01-01 19:20 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-14 14:33 - 2015-10-30 03:26 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-14 14:33 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-10 02:17 - 2016-06-04 00:33 - 00001207 _____ C:\Users\jkxs\Desktop\GCX Flair.txt
2016-06-07 21:44 - 2016-01-02 04:47 - 00003540 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
2016-06-07 21:44 - 2016-01-02 04:47 - 00003404 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2016-06-07 21:44 - 2016-01-02 04:47 - 00000000 ____D C:\Program Files (x86)\Gyazo
 
==================== Files in the root of some directories =======
 
2016-06-11 17:55 - 2016-06-11 17:55 - 0000052 _____ () C:\Users\jkxs\AppData\Roaming\Camdata.ini
2016-06-11 17:55 - 2016-06-11 17:55 - 0000408 _____ () C:\Users\jkxs\AppData\Roaming\CamLayout.ini
2016-06-11 17:55 - 2016-06-11 17:55 - 0000408 _____ () C:\Users\jkxs\AppData\Roaming\CamShapes.ini
2016-06-11 17:55 - 2016-06-11 17:55 - 0004546 _____ () C:\Users\jkxs\AppData\Roaming\CamStudio.cfg
2016-06-11 17:48 - 2016-06-11 17:48 - 0000096 _____ () C:\Users\jkxs\AppData\Roaming\version2.xml
 
Some files in TEMP:
====================
C:\Users\jkxs\AppData\Local\Temp\GarminExpressInstaller.exe
C:\Users\jkxs\AppData\Local\Temp\libeay32.dll
C:\Users\jkxs\AppData\Local\Temp\msvcr120.dll
C:\Users\jkxs\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-25 15:06
 
==================== End of FRST.txt ============================

 
Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by jkxs (2016-07-05 00:54:07)
Running from C:\Users\jkxs\Downloads
Windows 10 Pro Version 1511 (X64) (2016-01-01 22:59:22)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2077950710-3557759484-1799977053-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2077950710-3557759484-1799977053-503 - Limited - Disabled)
Guest (S-1-5-21-2077950710-3557759484-1799977053-501 - Limited - Disabled)
jkxs (S-1-5-21-2077950710-3557759484-1799977053-1001 - Administrator - Enabled) => C:\Users\jkxs
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 3.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.181.14 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
CPUID CPU-Z 1.74 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0114 - Disc Soft Ltd)
Dot4 (HKLM\...\{3EEDA265-C6F3-4EC1-A317-1C9315DEDDDE}) (Version: 1.0.0.0 - HP)
DriverPack Notifier (HKLM-x32\...\DriverPack Notifier) (Version: 2.0.2 - DriverPack Solution)
ELAN Touchpad 15.10.5.2_X64_WHQL (HKLM\...\Elantech) (Version: 15.10.5.2 - ELAN Microelectronic Corp.)
Elevated Installer (x32 Version: 4.1.22.0 - Garmin Ltd or its subsidiaries) Hidden
f.lux (HKU\S-1-5-21-2077950710-3557759484-1799977053-1001\...\Flux) (Version:  - )
Garmin City Navigator North America NT 2017.20 (HKLM-x32\...\{F57B8B5B-001E-4ABC-A27B-47CB6B805C52}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{54b8854c-ad14-42fe-9dfb-bffd1a23fcf6}) (Version: 4.1.22.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.22.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.22.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Gyazo 3.2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hotkey 6.0044 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 6.0044 - NoteBook)
Hotkey 6.0044 (x32 Version: 6.0044 - NoteBook) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4303 - Intel Corporation)
Juniper Networks Setup Client (HKU\S-1-5-21-2077950710-3557759484-1799977053-1001\...\Juniper_Setup_Client) (Version: 8.0.11.56747 - Juniper Networks)
Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.6965.2058 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA Update 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.8.1.21 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Prey Anti-Theft (x32 Version: 1.5.0 - Prey, Inc.) Hidden
Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
qBittorrent 3.3.5 (HKLM-x32\...\qBittorrent) (Version: 3.3.5 - The qBittorrent project)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2077950710-3557759484-1799977053-1001\...\Spotify) (Version: 1.0.32.96.g3c8a06e6 - Spotify AB)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2077950710-3557759484-1799977053-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\jkxs\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2077950710-3557759484-1799977053-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {081FFAF0-E163-4DD5-AA7B-477E15638A21} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-06-10] (Microsoft Corporation)
Task: {204E0543-8B97-4961-B239-86151AE3CA37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-01] (Google Inc.)
Task: {3201CA50-82FD-40B6-8F00-42056ECE772E} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {63349BD5-FFEC-48CE-A218-F2E6DB43B011} - System32\Tasks\{FE894CA1-C40A-46B0-A1E6-ACD6AF7BB40F} => pcalua.exe -a "C:\Program Files (x86)\MapleRoyals\MapleRoyals.exe" -d "C:\Program Files (x86)\MapleRoyals"
Task: {6E7001FF-10B4-496E-B230-C9559AD44809} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {858E5E62-98C8-4B79-9302-E2A6579C11FF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-06-10] (Microsoft Corporation)
Task: {98F4A084-E0B2-485C-9DCE-4CA388287D58} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-01] (Google Inc.)
Task: {9F240062-0448-4FAC-929B-D83EFE328F78} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {A9C9DB03-0DE2-4E01-9DD0-1080ED2B9D22} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-05-25] ()
Task: {B4AED2D4-4B3C-49FB-B130-B50923A7A9AD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {F1B0115F-1B93-4C94-8A74-104276A13C1B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-01-01 19:04 - 2015-12-16 10:54 - 00126256 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-02-18 19:57 - 2011-02-18 19:57 - 00035328 _____ () C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
2016-04-12 19:05 - 2016-03-29 06:20 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-04-12 19:05 - 2016-03-29 06:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-03-14 16:09 - 2016-06-10 05:05 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-01-01 23:24 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 17:28 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-14 21:59 - 2016-05-27 23:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-14 21:59 - 2016-05-27 23:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-14 21:59 - 2016-05-27 23:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-14 21:59 - 2016-05-27 23:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-04-03 02:24 - 2012-04-03 02:24 - 04730368 _____ () C:\Program Files (x86)\Hotkey\Hotkey.exe
2009-06-06 18:50 - 2009-06-06 18:50 - 00019968 _____ () C:\Program Files (x86)\Hotkey\Audiodll.dll
2016-06-16 14:36 - 2016-06-15 05:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-16 14:36 - 2016-06-15 05:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2016-06-16 14:36 - 2016-06-15 05:15 - 17599640 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00143296 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 02631616 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00554944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00041920 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00039872 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 12001728 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2015-04-13 09:58 - 2015-04-13 09:58 - 01264064 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2015-04-13 09:58 - 2015-04-13 09:58 - 00086464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2015-04-13 09:56 - 2015-04-13 09:56 - 00070675 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 02158528 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00114112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00245184 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00089536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00055744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00072128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00593344 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00771520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00131520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00052672 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\librar_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00145856 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 01566656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00332736 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00242112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00069568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00048576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00108992 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00096704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00091584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00344512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00157632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00754624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00031680 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00089024 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00032192 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00046528 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2015-04-13 09:57 - 2015-04-13 09:57 - 00127936 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libhttp_plugin.dll
2015-04-13 09:58 - 2015-04-13 09:58 - 00681408 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
2015-04-13 09:58 - 2015-04-13 09:58 - 00137152 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2015-04-13 09:58 - 2015-04-13 09:58 - 00030144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
2015-04-13 09:58 - 2015-04-13 09:58 - 00026560 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
2015-04-13 09:58 - 2015-04-13 09:58 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00261056 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00304576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 01291200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2015-04-13 10:00 - 2015-04-13 10:00 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00052160 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00456128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00140224 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00176576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00067520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 01504704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00022976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00029632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2015-04-13 09:59 - 2015-04-13 09:59 - 00034240 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 03:24 - 2016-05-01 00:49 - 00003522 ____A C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.0 statsfe2.update.microsoft.com.akadns.net 
0.0.0.0 fe2.update.microsoft.com.akadns.net 
0.0.0.0 s0.2mdn.net 
0.0.0.0 survey.watson.microsoft.com 
0.0.0.0 view.atdmt.com 
0.0.0.0 watson.microsoft.com 
0.0.0.0 watson.ppe.telemetry.microsoft.com 
0.0.0.0 vortex.data.microsoft.com 
0.0.0.0 vortex-win.data.microsoft.com 
0.0.0.0 telecommand.telemetry.microsoft.com 
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net 
0.0.0.0 oca.telemetry.microsoft.com 
0.0.0.0 sqm.telemetry.microsoft.com 
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net 
0.0.0.0 watson.telemetry.microsoft.com 
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net 
0.0.0.0 redir.metaservices.microsoft.com 
0.0.0.0 choice.microsoft.com 
0.0.0.0 choice.microsoft.com.nsatc.net 
0.0.0.0 wes.df.telemetry.microsoft.com 
0.0.0.0 services.wes.df.telemetry.microsoft.com 
0.0.0.0 sqm.df.telemetry.microsoft.com 
0.0.0.0 telemetry.microsoft.com 
0.0.0.0 telemetry.appex.bing.net 
0.0.0.0 telemetry.urs.microsoft.com 
0.0.0.0 settings-sandbox.data.microsoft.com 
0.0.0.0 watson.live.com 
0.0.0.0 statsfe2.ws.microsoft.com 
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com 
0.0.0.0 compatexchange.cloudapp.net 
 
There are 41 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2077950710-3557759484-1799977053-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jkxs\Downloads\04019_newperspectiveonoldclocktower_1920x1080.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{59435809-2984-4FEB-A82C-36425E41C8C6}] => (Block) C:\Windows\explorer.exe
FirewallRules: [{66D57788-EA82-4E6F-B978-02F29F2D4491}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2207DA9B-FE79-47FE-B65E-6FF4512F0894}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{030168DE-C172-4693-9258-19109279B253}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{03F06708-7AB8-49BE-B820-5617B63FAC4A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{8C2B23C3-C40D-4CB0-A4C9-BCC649DE73E5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1CA4A41E-AE61-4F0C-BEAE-F466C357B98B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FF25F6AD-84B5-4890-8DF9-12E4A5580D50}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AEACB327-704E-4830-AA90-C8645D5E4720}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{42EDD142-64D1-434C-9F14-ED3286605035}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{98DDA295-B8F2-4CA9-9D05-3FB84A55DE87}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{39B4E2CE-777A-4E2C-831D-0843250D6BB8}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{DA38B2BA-709F-4440-A8DA-A4BE01346BFF}C:\users\jkxs\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jkxs\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{301B005A-96A3-4DE5-9E44-C193EDEE1ED8}C:\users\jkxs\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jkxs\appdata\roaming\spotify\spotify.exe
FirewallRules: [{62721312-0F6D-4F96-8C2D-88A76C167088}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{97443C2A-F40D-411E-9C50-F1989364AA22}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{60DF6DB1-4B59-42C5-8D67-91B0A7910237}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F89D2B0C-934B-409C-B369-9C1D919AB160}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{8CC2B06C-906D-4D07-8448-EC59185C4E7B}C:\users\jkxs\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jkxs\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A3ED20C4-5AB5-4685-9666-361580B5B7C8}C:\users\jkxs\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jkxs\appdata\roaming\spotify\spotify.exe
FirewallRules: [{DCE21CEF-C536-46B2-9FE4-8E9D0773C73D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{81836B9D-F92F-4911-B538-CB61E8881679}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7F2D5EE1-20A6-4D84-ACD2-AFB67975E2C5}] => (Allow) C:\Windows\Prey\versions\1.6.1\bin\node.exe
FirewallRules: [{CDCE6C2D-4837-4B65-BBB5-2D069957EC3D}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{D5EA90E4-E2A7-463C-9FBD-C27B9A9F24F5}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{B799DED3-03B9-43A7-B000-4217BE8D8FA0}C:\users\jkxs\appdata\local\directv player\ndspcshowserver.exe] => (Block) C:\users\jkxs\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [UDP Query User{0668651D-538F-4712-95BD-F84931F61D4A}C:\users\jkxs\appdata\local\directv player\ndspcshowserver.exe] => (Block) C:\users\jkxs\appdata\local\directv player\ndspcshowserver.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/01/2016 01:38:40 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/01/2016 01:36:56 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (07/01/2016 01:36:48 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (07/01/2016 01:36:35 AM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (1868) SRUJet: Database recovery/restore failed with unexpected error -1216.
 
Error: (07/01/2016 01:36:35 AM) (Source: ESENT) (EventID: 494) (User: )
Description: svchost (1868) SRUJet: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Windows\system32\SRU\SRUDB.dat', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
 
Error: (07/01/2016 01:34:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-LE21JQ9)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/01/2016 01:33:59 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: DESKTOP-LE21JQ9)
Description: C:\Users\jkxs\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalStateMicrosoft.Windows.Cortana_cw5n1h2txyewy-2147024769
 
Error: (07/01/2016 01:21:29 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=3
 
Error: (07/01/2016 01:21:27 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (06/30/2016 09:36:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
 
 
System errors:
=============
Error: (07/05/2016 12:52:37 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-LE21JQ9)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-LE21JQ9jkxsS-1-5-21-2077950710-3557759484-1799977053-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (07/05/2016 12:52:37 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-LE21JQ9)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-LE21JQ9jkxsS-1-5-21-2077950710-3557759484-1799977053-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (07/05/2016 12:52:36 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-LE21JQ9)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-LE21JQ9jkxsS-1-5-21-2077950710-3557759484-1799977053-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (07/05/2016 12:52:36 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-LE21JQ9)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-LE21JQ9jkxsS-1-5-21-2077950710-3557759484-1799977053-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (07/05/2016 12:42:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_4ffb63 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (07/05/2016 12:42:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_4ffb63 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (07/05/2016 12:42:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_4ffb63 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (07/05/2016 12:42:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4ffb63 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (07/05/2016 12:42:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (07/04/2016 07:46:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_2cbd6 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-06-23 19:20:44.665
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-23 19:20:43.932
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-18 00:53:37.354
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-17 02:10:17.787
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-17 00:22:35.891
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-10 23:41:12.405
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-27 12:48:27.578
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-17 20:52:44.683
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-16 05:41:18.363
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-14 22:15:16.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 36%
Total physical RAM: 8085.13 MB
Available physical RAM: 5158.91 MB
Total Virtual: 9365.13 MB
Available Virtual: 6267.5 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.24 GB) (Free:59.75 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: E2B9C6B6)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 
AdwCleaner[C2].txt

# AdwCleaner v5.201 - Logfile created 05/07/2016 at 00:59:48
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-04.1 [Server]
# Operating system : Windows 10 Pro  (X64)
# Username : jkxs - DESKTOP-LE21JQ9
# Running from : C:\Users\jkxs\Downloads\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fmebanjjkaohcmifehogijfgcoieefnp
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1856 bytes] - [04/07/2016 12:24:39]
C:\AdwCleaner\AdwCleaner[C2].txt - [1055 bytes] - [05/07/2016 00:59:48]
C:\AdwCleaner\AdwCleaner[S1].txt - [1738 bytes] - [04/07/2016 12:23:35]
C:\AdwCleaner\AdwCleaner[S2].txt - [1179 bytes] - [05/07/2016 00:57:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1274 bytes] ##########

 
AdwCleaner[S2].txt

# AdwCleaner v5.201 - Logfile created 05/07/2016 at 00:57:11
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-04.1 [Server]
# Operating system : Windows 10 Pro  (X64)
# Username : jkxs - DESKTOP-LE21JQ9
# Running from : C:\Users\jkxs\Downloads\AdwCleaner.exe
# Option : Scan
# Support : https://toolslib.net/forum
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : fmebanjjkaohcmifehogijfgcoieefnp
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1856 bytes] - [04/07/2016 12:24:39]
C:\AdwCleaner\AdwCleaner[S1].txt - [1738 bytes] - [04/07/2016 12:23:35]
C:\AdwCleaner\AdwCleaner[S2].txt - [1027 bytes] - [05/07/2016 00:57:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1100 bytes] ##########
 

JRT.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Pro x64 
Ran by jkxs (Administrator) on Tue 07/05/2016 at  1:02:38.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg (Folder) 
Successfully deleted: C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/05/2016 at  1:04:03.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 
I am at this step now, but am not sure what code I should copy and paste into fixlist.txt for FRST. Thank you!


Edited by jkxs, 05 July 2016 - 12:24 AM.


BC AdBot (Login to Remove)

 


#2 jkxs

jkxs
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 05 July 2016 - 12:26 AM

Uploaded .txt files
 
Also screenshot of Kaspersky full scan here.

Attached Files


Edited by jkxs, 05 July 2016 - 12:30 AM.


#3 jkxs

jkxs
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 06 July 2016 - 03:14 PM

Bump



#4 jkxs

jkxs
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 08 July 2016 - 03:55 PM

Bump



#5 jkxs

jkxs
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 09 July 2016 - 03:07 PM

Bump



#6 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 PM

Posted 10 July 2016 - 12:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/619006 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#7 jkxs

jkxs
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 10 July 2016 - 12:25 AM

FRST Log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-07-2016
Ran by jkxs (administrator) on DESKTOP-LE21JQ9 (10-07-2016 01:24:03)
Running from C:\Users\jkxs\Downloads
Loaded Profiles: jkxs (Available Profiles: jkxs)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Node.js) C:\Windows\Prey\versions\1.6.1\bin\node.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.6.1\node_modules\triggers\bin\lightevt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Spotify Ltd) C:\Users\jkxs\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Flux Software LLC) C:\Users\jkxs\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3358952 2015-09-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795912 2015-07-23] (NVIDIA Corporation)
HKLM-x32\...\Run: [DriverPack Notifier] => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe [258560 2015-12-18] ()
HKU\S-1-5-21-2077950710-3557759484-1799977053-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-30] (Disc Soft Ltd)
HKU\S-1-5-21-2077950710-3557759484-1799977053-1001\...\Run: [Spotify Web Helper] => C:\Users\jkxs\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1553520 2016-07-04] (Spotify Ltd)
HKU\S-1-5-21-2077950710-3557759484-1799977053-1001\...\Run: [f.lux] => C:\Users\jkxs\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2077950710-3557759484-1799977053-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-05-25] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2077950710-3557759484-1799977053-1001\...\MountPoints2: {218de9b4-d382-11e5-ae5f-0090f5cf07c7} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-2077950710-3557759484-1799977053-1001\...\MountPoints2: {47e7536a-b0db-11e5-ae54-0090f5cf07c7} - "F:\DriverPack.exe" 
HKU\S-1-5-21-2077950710-3557759484-1799977053-1001\...\MountPoints2: {c004284b-e30a-11e5-ae62-0090f5cf07c7} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-05-25] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2016-01-05]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
InternetURL: C:\Users\jkxs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Latest Windows 10 Pro Permanent Activator 2016.url -> URL: hxxp://bestprosoft.com/category/download-latest-best-professional-software-2016/

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{952da38b-8277-4418-b158-3613e860a4c3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c4ec18f6-56c0-424a-bcb7-f773954764b2}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2077950710-3557759484-1799977053-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2077950710-3557759484-1799977053-1001 -> {673F0FB7-E635-4E5E-B3F7-349D9458FB02} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-05-05] (AO Kaspersky Lab)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-10] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-05-05] (AO Kaspersky Lab)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-06-10] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-05-05] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-05-05] (AO Kaspersky Lab)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2016-01-03] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-06-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-05-23]

Chrome: 
=======
CHR StartupUrls: Default -> "about:blank"
CHR Profile: C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-01]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-06-14]
CHR Extension: (YouTube) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-01]
CHR Extension: () - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-07-10]
CHR Extension: (Ebates Cash Back) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2016-07-07]
CHR Extension: (Pushbullet) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2016-05-12]
CHR Extension: (uBlock Origin) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-06-25]
CHR Extension: (Google Search) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-01]
CHR Extension: (Google Play Music) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-07-07]
CHR Extension: (Myibidder Auction Bid Sniper for eBay) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp [2016-07-05]
CHR Extension: (Chrome Remote Desktop) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-05-18]
CHR Extension: (PriceZombie Price Tracker & Price Comparison) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppjmcjmigdbfnpilblnogepgpolhcho [2016-01-01]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-06-23]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-16]
CHR Extension: (Coupons at Checkout) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2016-03-26]
CHR Extension: (GiveBuy) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kibgbkhdjbljddfjlaaefalkepmbobob [2016-01-01]
CHR Extension: (The Great Suspender) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2016-07-05]
CHR Extension: (Auto HD For YouTube™) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2016-05-26]
CHR Extension: (BehindTheOverlay) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljipkdpcjbmhkdjjmbbaggebcednbbme [2016-01-01]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-19]
CHR Extension: (Fakespot - Analyze Fake Amazon Reviews) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nakplnnackehceedgkgkokbgbmfghain [2016-06-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Better History) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb [2016-07-05]
CHR Extension: (Print Friendly & PDF) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2016-01-01]
CHR Extension: (Visualping) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2016-05-04]
CHR Extension: (Gmail) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-01]
CHR Extension: (Chrome Media Router) - C:\Users\jkxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-06-24]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2016-05-05] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2016-01-01] (Fork, Ltd.) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [155872 2015-09-17] (ELAN Microelectronics Corp.)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [795664 2016-05-25] (Garmin Ltd. or its subsidiaries)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328616 2015-10-14] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [35328 2011-02-18] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [33240 2015-12-08] (VIA Technologies, Inc.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcmsmbsp; C:\Windows\System32\drivers\bcmsmbsp.sys [53024 2015-07-10] (Broadcom Corporation.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-01-01] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [46392 2016-01-01] (Disc Soft Ltd)
R3 int0800; C:\Windows\System32\drivers\flashud.sys [51712 2009-09-09] (Intel Corporation)
S3 jnprva; C:\Windows\System32\drivers\jnprva.sys [30072 2015-05-24] (Juniper Networks, Inc.)
S3 JnprVaMgr; C:\Windows\System32\drivers\jnprvamgr.sys [45352 2015-05-24] (Juniper Networks, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [77728 2016-05-05] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2016-05-05] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [238000 2016-05-23] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [933808 2016-05-23] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [49240 2016-05-23] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2016-05-05] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87984 2016-05-23] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-01] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185600 2015-10-08] (Intel Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3354384 2015-05-04] (Intel Corporation)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 vl810filter; C:\Windows\system32\DRIVERS\vl810filter.sys [17008 2011-11-17] (VIA Labs, Inc.)
R3 VMfilt; C:\Windows\system32\drivers\VMfilt64.sys [42192 2015-12-08] (Creative Technology Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-10 01:23 - 2016-07-10 01:23 - 00000000 ____D C:\Users\jkxs\Downloads\FRST-OlderVersion
2016-07-07 02:36 - 2016-07-08 17:58 - 00000421 _____ C:\Users\jkxs\Desktop\Tracking.txt
2016-07-05 08:55 - 2016-07-05 08:55 - 00000104 _____ C:\Users\jkxs\Desktop\Eyeglasses SHIPPING INFO.txt
2016-07-05 00:54 - 2016-07-05 00:54 - 00041301 _____ C:\Users\jkxs\Downloads\Addition.txt
2016-07-05 00:42 - 2016-07-05 00:42 - 00000331 _____ C:\Users\jkxs\Desktop\bleepingcomputer.txt
2016-07-05 00:37 - 2016-07-10 01:24 - 00021651 _____ C:\Users\jkxs\Downloads\FRST.txt
2016-07-04 12:34 - 2016-07-04 12:35 - 00002072 _____ C:\Users\jkxs\Downloads\Fixlog.txt
2016-07-04 12:30 - 2016-07-10 01:23 - 02390016 _____ (Farbar) C:\Users\jkxs\Downloads\FRST64.exe
2016-07-04 12:30 - 2016-07-10 01:23 - 00000000 ____D C:\FRST
2016-07-04 12:27 - 2016-07-05 01:04 - 00000827 _____ C:\Users\jkxs\Desktop\JRT.txt
2016-07-04 12:24 - 2016-07-04 12:24 - 01610816 _____ (Malwarebytes) C:\Users\jkxs\Downloads\JRT.exe
2016-07-04 12:23 - 2016-07-05 00:59 - 00000000 ____D C:\AdwCleaner
2016-07-04 12:22 - 2016-07-04 12:22 - 03712064 _____ C:\Users\jkxs\Downloads\AdwCleaner.exe
2016-07-02 02:30 - 2016-07-02 02:30 - 01384279 _____ C:\Users\jkxs\Downloads\Craigslist.pptx
2016-07-01 01:46 - 2016-07-01 14:13 - 00000000 ____D C:\Program Files\KMSpico
2016-07-01 01:46 - 2016-07-01 01:46 - 00004608 _____ C:\Windows\SECOH-QAD.exe
2016-07-01 01:46 - 2016-07-01 01:46 - 00003584 _____ C:\Windows\SECOH-QAD.dll
2016-07-01 01:45 - 2016-07-01 01:45 - 00004477 _____ C:\Users\jkxs\Downloads\[kat.cr]kmspico.10.1.6.final.windows.10.activator.100.working.torrent
2016-07-01 01:45 - 2016-07-01 01:45 - 00000000 ____D C:\Users\jkxs\Downloads\KMSpico Install
2016-07-01 01:31 - 2016-07-01 01:40 - 00000109 _____ C:\Users\jkxs\Desktop\Download Latest Windows 10 Pro Permanent Activator 2016.url
2016-07-01 01:28 - 2016-07-01 01:28 - 00014594 _____ C:\Users\jkxs\Downloads\[kat.cr]activator.for.windows.10.8.1.8.7.and.office.2007.2010.2013.2016.pc.install.portable.install (1).torrent
2016-07-01 01:27 - 2016-07-01 01:27 - 16471946 _____ (The qBittorrent project) C:\Users\jkxs\Downloads\qbittorrent_3.3.5_setup.exe
2016-07-01 01:27 - 2016-07-01 01:27 - 00014594 _____ C:\Users\jkxs\Downloads\[kat.cr]activator.for.windows.10.8.1.8.7.and.office.2007.2010.2013.2016.pc.install.portable.install.torrent
2016-07-01 01:27 - 2016-07-01 01:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2016-06-26 23:07 - 2016-06-26 23:07 - 06497892 _____ C:\Users\jkxs\Downloads\Every official Game of Thrones posters so far... - Imgur.zip
2016-06-26 23:07 - 2016-06-26 23:07 - 00000000 ____D C:\Users\jkxs\Desktop\Game of Thrones Wallpapers
2016-06-20 08:41 - 2016-06-20 08:41 - 00087858 _____ C:\Users\jkxs\Downloads\201606151428 (1).pdf
2016-06-20 08:36 - 2016-06-20 08:36 - 00000000 ____D C:\Users\jkxs\Downloads\Subaru
2016-06-19 12:23 - 2016-06-19 12:23 - 00023741 _____ C:\Users\jkxs\Downloads\PHR.html
2016-06-19 12:10 - 2016-06-19 12:10 - 82974289 _____ C:\Users\jkxs\Downloads\Bottle Pro.mp4
2016-06-19 02:58 - 2016-06-19 02:58 - 00000135 _____ C:\Users\jkxs\Desktop\Dog tag.txt
2016-06-18 01:48 - 2016-06-18 01:48 - 00087858 _____ C:\Users\jkxs\Downloads\201606151428.pdf
2016-06-16 14:12 - 2016-06-16 14:13 - 00150719 _____ C:\Users\jkxs\Downloads\072444-071775-066335-H631SFJ100ImprezaTweeters.pdf
2016-06-16 14:00 - 2016-06-16 14:15 - 02696488 _____ C:\Users\jkxs\Downloads\070977-h631ssg000.pdf
2016-06-14 23:35 - 2016-06-14 23:35 - 00483344 _____ C:\Users\jkxs\Downloads\Fairfax_20160614_200921.pdf
2016-06-14 21:59 - 2016-05-28 02:13 - 01401024 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-14 21:59 - 2016-05-28 02:13 - 01184960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-14 21:59 - 2016-05-28 02:13 - 00514752 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-14 21:59 - 2016-05-28 02:13 - 00290496 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-14 21:59 - 2016-05-28 02:13 - 00092352 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-14 21:59 - 2016-05-28 02:13 - 00046784 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-14 21:59 - 2016-05-28 01:25 - 04268880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2016-06-14 21:59 - 2016-05-28 01:23 - 00388384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-14 21:59 - 2016-05-28 01:23 - 00312160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-14 21:59 - 2016-05-28 01:22 - 07474528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-06-14 21:59 - 2016-05-28 01:22 - 04387680 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2016-06-14 21:59 - 2016-05-28 01:22 - 00428896 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2016-06-14 21:59 - 2016-05-28 01:22 - 00211296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2016-06-14 21:59 - 2016-05-28 01:22 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2016-06-14 21:59 - 2016-05-28 01:20 - 00430312 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-14 21:59 - 2016-05-28 01:18 - 00357216 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-14 21:59 - 2016-05-28 01:16 - 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-06-14 21:59 - 2016-05-28 01:09 - 00501600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-06-14 21:59 - 2016-05-28 01:09 - 00170848 _____ (Microsoft Corporation) C:\Windows\system32\NetworkUXBroker.exe
2016-06-14 21:59 - 2016-05-28 01:09 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-06-14 21:59 - 2016-05-28 01:08 - 00693600 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-06-14 21:59 - 2016-05-28 01:08 - 00258912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ufx01000.sys
2016-06-14 21:59 - 2016-05-28 01:08 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-06-14 21:59 - 2016-05-28 01:07 - 03675512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-14 21:59 - 2016-05-28 01:07 - 02921880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-14 21:59 - 2016-05-28 01:07 - 01322248 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-06-14 21:59 - 2016-05-28 01:07 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-06-14 21:59 - 2016-05-28 01:07 - 00808288 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-06-14 21:59 - 2016-05-28 01:07 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-06-14 21:59 - 2016-05-28 01:07 - 00331616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-06-14 21:59 - 2016-05-28 01:06 - 22561256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-14 21:59 - 2016-05-28 01:06 - 04074160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-14 21:59 - 2016-05-28 01:06 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2016-06-14 21:59 - 2016-05-28 01:06 - 00303216 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-06-14 21:59 - 2016-05-28 01:06 - 00254656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-06-14 21:59 - 2016-05-28 01:05 - 04515264 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-14 21:59 - 2016-05-28 01:04 - 00604928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-14 21:59 - 2016-05-28 01:04 - 00431296 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-14 21:59 - 2016-05-28 01:04 - 00360480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-14 21:59 - 2016-05-28 01:04 - 00161632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-14 21:59 - 2016-05-28 01:04 - 00111064 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-06-14 21:59 - 2016-05-28 01:04 - 00097096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-06-14 21:59 - 2016-05-28 01:03 - 00131248 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-14 21:59 - 2016-05-28 00:58 - 01996640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-06-14 21:59 - 2016-05-28 00:58 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-14 21:59 - 2016-05-28 00:57 - 02548944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-06-14 21:59 - 2016-05-28 00:57 - 02195632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-06-14 21:59 - 2016-05-28 00:57 - 01594416 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-14 21:59 - 2016-05-28 00:57 - 01372312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-14 21:59 - 2016-05-28 00:57 - 00649792 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-06-14 21:59 - 2016-05-28 00:57 - 00636304 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-06-14 21:59 - 2016-05-28 00:57 - 00577376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-06-14 21:59 - 2016-05-28 00:57 - 00546456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-06-14 21:59 - 2016-05-28 00:57 - 00521664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-06-14 21:59 - 2016-05-28 00:57 - 00316256 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-14 21:59 - 2016-05-28 00:35 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\tdlrecover.exe
2016-06-14 21:59 - 2016-05-28 00:35 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll
2016-06-14 21:59 - 2016-05-28 00:35 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsdport.sys
2016-06-14 21:59 - 2016-05-28 00:31 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdlrecover.exe
2016-06-14 21:59 - 2016-05-28 00:31 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-06-14 21:59 - 2016-05-28 00:31 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\MosHostClient.dll
2016-06-14 21:59 - 2016-05-28 00:29 - 22379008 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-06-14 21:59 - 2016-05-28 00:29 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2016-06-14 21:59 - 2016-05-28 00:29 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-14 21:59 - 2016-05-28 00:29 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\httpprxp.dll
2016-06-14 21:59 - 2016-05-28 00:28 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2016-06-14 21:59 - 2016-05-28 00:28 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-14 21:59 - 2016-05-28 00:28 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-14 21:59 - 2016-05-28 00:27 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosHostClient.dll
2016-06-14 21:59 - 2016-05-28 00:27 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll
2016-06-14 21:59 - 2016-05-28 00:26 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2016-06-14 21:59 - 2016-05-28 00:26 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe
2016-06-14 21:59 - 2016-05-28 00:26 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\omadmclient.exe
2016-06-14 21:59 - 2016-05-28 00:26 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2016-06-14 21:59 - 2016-05-28 00:26 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
2016-06-14 21:59 - 2016-05-28 00:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-14 21:59 - 2016-05-28 00:25 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-14 21:59 - 2016-05-28 00:24 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-06-14 21:59 - 2016-05-28 00:24 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Ndu.sys
2016-06-14 21:59 - 2016-05-28 00:24 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-14 21:59 - 2016-05-28 00:24 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-06-14 21:59 - 2016-05-28 00:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2016-06-14 21:59 - 2016-05-28 00:24 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2016-06-14 21:59 - 2016-05-28 00:24 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2016-06-14 21:59 - 2016-05-28 00:24 - 00053760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-14 21:59 - 2016-05-28 00:23 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2016-06-14 21:59 - 2016-05-28 00:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2016-06-14 21:59 - 2016-05-28 00:22 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2016-06-14 21:59 - 2016-05-28 00:22 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2016-06-14 21:59 - 2016-05-28 00:22 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-14 21:59 - 2016-05-28 00:22 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2016-06-14 21:59 - 2016-05-28 00:22 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll
2016-06-14 21:59 - 2016-05-28 00:22 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2016-06-14 21:59 - 2016-05-28 00:22 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-06-14 21:59 - 2016-05-28 00:22 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-06-14 21:59 - 2016-05-28 00:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2016-06-14 21:59 - 2016-05-28 00:21 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2016-06-14 21:59 - 2016-05-28 00:21 - 00239104 _____ (Microsoft Corporation) C:\Windows\system32\BrokerLib.dll
2016-06-14 21:59 - 2016-05-28 00:21 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-06-14 21:59 - 2016-05-28 00:21 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2016-06-14 21:59 - 2016-05-28 00:21 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-14 21:59 - 2016-05-28 00:20 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2016-06-14 21:59 - 2016-05-28 00:20 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\newdev.dll
2016-06-14 21:59 - 2016-05-28 00:20 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-14 21:59 - 2016-05-28 00:20 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2016-06-14 21:59 - 2016-05-28 00:20 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\GnssAdapter.dll
2016-06-14 21:59 - 2016-05-28 00:20 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Privacy.dll
2016-06-14 21:59 - 2016-05-28 00:20 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2016-06-14 21:59 - 2016-05-28 00:19 - 24605696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-14 21:59 - 2016-05-28 00:19 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-06-14 21:59 - 2016-05-28 00:19 - 00567808 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2016-06-14 21:59 - 2016-05-28 00:19 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2016-06-14 21:59 - 2016-05-28 00:19 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2016-06-14 21:59 - 2016-05-28 00:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2016-06-14 21:59 - 2016-05-28 00:18 - 11545088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-06-14 21:59 - 2016-05-28 00:18 - 07977472 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-06-14 21:59 - 2016-05-28 00:18 - 00678912 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-14 21:59 - 2016-05-28 00:18 - 00610816 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2016-06-14 21:59 - 2016-05-28 00:18 - 00591360 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2016-06-14 21:59 - 2016-05-28 00:18 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2016-06-14 21:59 - 2016-05-28 00:18 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-14 21:59 - 2016-05-28 00:18 - 00380416 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2016-06-14 21:59 - 2016-05-28 00:18 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2016-06-14 21:59 - 2016-05-28 00:17 - 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-06-14 21:59 - 2016-05-28 00:17 - 00963072 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2016-06-14 21:59 - 2016-05-28 00:17 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll
2016-06-14 21:59 - 2016-05-28 00:17 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\newdev.dll
2016-06-14 21:59 - 2016-05-28 00:17 - 00415232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2016-06-14 21:59 - 2016-05-28 00:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2016-06-14 21:59 - 2016-05-28 00:17 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2016-06-14 21:59 - 2016-05-28 00:17 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2016-06-14 21:59 - 2016-05-28 00:16 - 19344384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-14 21:59 - 2016-05-28 00:16 - 00690176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-14 21:59 - 2016-05-28 00:16 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-14 21:59 - 2016-05-28 00:16 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\AppContracts.dll
2016-06-14 21:59 - 2016-05-28 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-06-14 21:59 - 2016-05-28 00:16 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-14 21:59 - 2016-05-28 00:16 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-14 21:59 - 2016-05-28 00:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2016-06-14 21:59 - 2016-05-28 00:15 - 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2016-06-14 21:59 - 2016-05-28 00:15 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-06-14 21:59 - 2016-05-28 00:15 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-14 21:59 - 2016-05-28 00:15 - 00579072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-14 21:59 - 2016-05-28 00:15 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2016-06-14 21:59 - 2016-05-28 00:15 - 00349696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-06-14 21:59 - 2016-05-28 00:15 - 00293888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2016-06-14 21:59 - 2016-05-28 00:15 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-14 21:59 - 2016-05-28 00:14 - 18674176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-06-14 21:59 - 2016-05-28 00:14 - 01716736 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2016-06-14 21:59 - 2016-05-28 00:14 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2016-06-14 21:59 - 2016-05-28 00:14 - 00965632 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-06-14 21:59 - 2016-05-28 00:14 - 00784384 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-14 21:59 - 2016-05-28 00:14 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-14 21:59 - 2016-05-28 00:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2016-06-14 21:59 - 2016-05-28 00:14 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2016-06-14 21:59 - 2016-05-28 00:14 - 00200192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2016-06-14 21:59 - 2016-05-28 00:13 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-06-14 21:59 - 2016-05-28 00:13 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-06-14 21:59 - 2016-05-28 00:13 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2016-06-14 21:59 - 2016-05-28 00:13 - 00939520 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2016-06-14 21:59 - 2016-05-28 00:13 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2016-06-14 21:59 - 2016-05-28 00:13 - 00467456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppContracts.dll
2016-06-14 21:59 - 2016-05-28 00:12 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-06-14 21:59 - 2016-05-28 00:12 - 00614400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-14 21:59 - 2016-05-28 00:12 - 00521728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-14 21:59 - 2016-05-28 00:11 - 01445888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-06-14 21:59 - 2016-05-28 00:11 - 00890368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2016-06-14 21:59 - 2016-05-28 00:11 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-06-14 21:59 - 2016-05-28 00:11 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2016-06-14 21:59 - 2016-05-28 00:11 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-06-14 21:59 - 2016-05-28 00:11 - 00687616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-14 21:59 - 2016-05-28 00:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-14 21:59 - 2016-05-28 00:11 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2016-06-14 21:59 - 2016-05-28 00:09 - 01073152 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-06-14 21:59 - 2016-05-28 00:08 - 13385728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-14 21:59 - 2016-05-28 00:08 - 06295552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-06-14 21:59 - 2016-05-28 00:06 - 12128256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-14 21:59 - 2016-05-28 00:06 - 07200256 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-06-14 21:59 - 2016-05-28 00:06 - 01339904 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-14 21:59 - 2016-05-28 00:05 - 03994624 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2016-06-14 21:59 - 2016-05-28 00:05 - 03664896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-14 21:59 - 2016-05-28 00:05 - 02582016 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-06-14 21:59 - 2016-05-28 00:05 - 01797120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2016-06-14 21:59 - 2016-05-28 00:04 - 06973952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-14 21:59 - 2016-05-28 00:04 - 00555520 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll
2016-06-14 21:59 - 2016-05-28 00:04 - 00450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncController.dll
2016-06-14 21:59 - 2016-05-28 00:03 - 05323776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-14 21:59 - 2016-05-28 00:03 - 05205504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-06-14 21:59 - 2016-05-28 00:03 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2016-06-14 21:59 - 2016-05-28 00:03 - 01185280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationFramework.dll
2016-06-14 21:59 - 2016-05-28 00:03 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\internetmail.dll
2016-06-14 21:59 - 2016-05-28 00:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2016-06-14 21:59 - 2016-05-28 00:02 - 03590144 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-06-14 21:59 - 2016-05-28 00:02 - 02061824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-06-14 21:59 - 2016-05-28 00:02 - 01534464 _____ (Microsoft Corporation) C:\Windows\system32\LocationFramework.dll
2016-06-14 21:59 - 2016-05-28 00:02 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2016-06-14 21:59 - 2016-05-28 00:01 - 01799680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-06-14 21:59 - 2016-05-28 00:01 - 01582080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2016-06-14 21:59 - 2016-05-28 00:01 - 01500160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-14 21:59 - 2016-05-28 00:01 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2016-06-14 21:59 - 2016-05-28 00:00 - 05660160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-06-14 21:59 - 2016-05-28 00:00 - 03585536 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-14 21:59 - 2016-05-28 00:00 - 02635776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-06-14 21:59 - 2016-05-28 00:00 - 02230272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-14 21:59 - 2016-05-28 00:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-06-14 21:59 - 2016-05-28 00:00 - 01730560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-14 21:59 - 2016-05-28 00:00 - 01707520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-06-14 21:59 - 2016-05-28 00:00 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2016-06-14 21:59 - 2016-05-28 00:00 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2016-06-14 21:59 - 2016-05-28 00:00 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2016-06-14 21:59 - 2016-05-27 23:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2016-06-14 21:59 - 2016-05-27 23:58 - 07832576 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-06-14 21:59 - 2016-05-27 23:58 - 04896256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-14 21:59 - 2016-05-27 23:58 - 02755584 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-14 21:59 - 2016-05-27 23:58 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-06-14 21:59 - 2016-05-27 23:58 - 01996288 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-06-14 21:59 - 2016-05-27 23:57 - 02281472 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-06-14 21:59 - 2016-05-27 23:55 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2016-06-14 21:59 - 2016-05-27 23:53 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\ngcpopkeysrv.dll
2016-06-13 23:28 - 2016-06-13 23:53 - 139714873 _____ C:\Users\jkxs\Downloads\720P_1500K_76890131.mp4
2016-06-11 17:55 - 2016-06-11 17:55 - 00004546 _____ C:\Users\jkxs\AppData\Roaming\CamStudio.cfg
2016-06-11 17:55 - 2016-06-11 17:55 - 00000408 _____ C:\Users\jkxs\AppData\Roaming\CamShapes.ini
2016-06-11 17:55 - 2016-06-11 17:55 - 00000408 _____ C:\Users\jkxs\AppData\Roaming\CamLayout.ini
2016-06-11 17:55 - 2016-06-11 17:55 - 00000052 _____ C:\Users\jkxs\AppData\Roaming\Camdata.ini
2016-06-11 17:49 - 2016-06-11 17:52 - 00000000 ____D C:\Users\jkxs\Documents\My CamStudio Temp Files
2016-06-11 17:49 - 2016-06-11 17:49 - 00000000 ____D C:\Users\jkxs\Documents\My CamStudio Videos
2016-06-11 17:48 - 2016-06-11 17:48 - 00000096 _____ C:\Users\jkxs\AppData\Roaming\version2.xml
2016-06-11 17:47 - 2016-06-11 17:47 - 01019280 _____ (CamStudio) C:\Users\jkxs\Downloads\camstudio.exe
2016-06-10 23:16 - 2016-06-10 23:30 - 00000000 ____D C:\Users\jkxs\Downloads\Zootopia 2016 1080p BluRay x264 DTS-JYK
2016-06-10 23:16 - 2016-06-10 23:16 - 00015022 _____ C:\Users\jkxs\Downloads\[kat.cr]zootopia.2016.1080p.bluray.x264.dts.jyk.torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-10 01:12 - 2016-01-01 18:57 - 00879220 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-10 01:12 - 2015-10-30 03:21 - 00000000 ____D C:\Windows\INF
2016-07-10 00:35 - 2016-01-01 19:20 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-09 23:33 - 2016-05-05 22:18 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-07-09 16:11 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-09 16:11 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\AppReadiness
2016-07-09 16:06 - 2016-01-01 19:36 - 00000000 __SHD C:\Users\jkxs\IntelGraphicsProfiles
2016-07-09 16:06 - 2016-01-01 19:20 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-07 21:43 - 2016-02-06 15:10 - 00000000 ____D C:\Users\jkxs\AppData\Roaming\Spotify
2016-07-07 21:08 - 2016-02-06 15:11 - 00000000 ____D C:\Users\jkxs\AppData\Local\Spotify
2016-07-07 02:19 - 2016-01-01 18:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-05 01:00 - 2015-10-30 02:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-07-05 00:52 - 2016-05-05 22:19 - 00002444 _____ C:\Users\jkxs\Desktop\Safe Money.lnk
2016-07-03 15:32 - 2016-05-22 22:44 - 00000000 ____D C:\Users\jkxs\Desktop\Subaru
2016-07-01 23:28 - 2016-01-01 21:17 - 00000000 ____D C:\Users\jkxs\AppData\Roaming\vlc
2016-07-01 14:13 - 2016-05-30 13:03 - 00000000 ____D C:\Users\jkxs\AppData\Roaming\Octoshape
2016-07-01 01:46 - 2016-01-01 20:48 - 00000000 ____D C:\Users\jkxs\AppData\Roaming\qBittorrent
2016-07-01 01:34 - 2015-10-30 02:28 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-07-01 01:27 - 2016-01-01 20:23 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2016-06-30 21:47 - 2016-04-04 18:28 - 00000099 _____ C:\Users\jkxs\Desktop\865 Rent.txt
2016-06-26 01:25 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\NDF
2016-06-23 20:02 - 2016-01-01 20:40 - 00000000 ____D C:\Windows\Prey
2016-06-23 19:21 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-23 19:20 - 2016-01-01 19:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-23 19:15 - 2015-10-30 03:24 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-06-18 00:39 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\rescache
2016-06-18 00:37 - 2015-10-30 03:11 - 00000000 ____D C:\Windows\CbsTemp
2016-06-17 02:10 - 2016-01-01 19:04 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-17 02:10 - 2016-01-01 18:52 - 00333072 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-17 01:34 - 2015-10-30 03:24 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-06-17 01:34 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-06-17 01:34 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\bcastdvr
2016-06-16 14:36 - 2016-01-01 19:20 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-16 14:36 - 2016-01-01 19:20 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-14 14:33 - 2015-10-30 03:26 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-14 14:33 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-10 02:17 - 2016-06-04 00:33 - 00001207 _____ C:\Users\jkxs\Desktop\GCX Flair.txt

==================== Files in the root of some directories =======

2016-06-11 17:55 - 2016-06-11 17:55 - 0000052 _____ () C:\Users\jkxs\AppData\Roaming\Camdata.ini
2016-06-11 17:55 - 2016-06-11 17:55 - 0000408 _____ () C:\Users\jkxs\AppData\Roaming\CamLayout.ini
2016-06-11 17:55 - 2016-06-11 17:55 - 0000408 _____ () C:\Users\jkxs\AppData\Roaming\CamShapes.ini
2016-06-11 17:55 - 2016-06-11 17:55 - 0004546 _____ () C:\Users\jkxs\AppData\Roaming\CamStudio.cfg
2016-06-11 17:48 - 2016-06-11 17:48 - 0000096 _____ () C:\Users\jkxs\AppData\Roaming\version2.xml

Some files in TEMP:
====================
C:\Users\jkxs\AppData\Local\Temp\GarminExpressInstaller.exe
C:\Users\jkxs\AppData\Local\Temp\libeay32.dll
C:\Users\jkxs\AppData\Local\Temp\msvcr120.dll
C:\Users\jkxs\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-06 21:28

==================== End of FRST.txt ============================

Attached Files

  • Attached File  FRST.txt   55.57KB   0 downloads


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,441 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:39 PM

Posted 10 July 2016 - 08:10 AM

Greetings jkxs and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. If you do not have a valid Product Key for your Windows installation we will be unable to assist you. Please run the following for me.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ckfiles.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,441 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:39 PM

Posted 13 July 2016 - 09:18 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 jkxs

jkxs
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 13 July 2016 - 09:26 AM

<p>
Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.

  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Yes I still need help

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,441 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:39 PM

Posted 13 July 2016 - 10:04 AM

Very good, thanks. I will await your reply,
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 jkxs

jkxs
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 13 July 2016 - 08:12 PM

Very good, thanks. I will await your reply,

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\kmspico\tokensbackup\keys.txt
c:\program files\kmspico\tokensbackup\windows\data.dat
c:\program files\kmspico\tokensbackup\windows\pkeyconfig.xrm-ms
c:\program files\kmspico\tokensbackup\windows\tokens.dat
c:\program files\kmspico\tokensbackup\windows\cache\cache.dat
c:\users\jkxs\downloads\nine - exchange activesync v1.4.2 [with keygen] - android-zone.org.rar
c:\users\jkxs\downloads\[kat.cr]kmspico.10.1.6.final.windows.10.activator.100.working.torrent
c:\users\jkxs\downloads\kmspico install\kmspico_setup.exe
c:\users\jkxs\downloads\kmspico install\readme kmspico install.txt
c:\users\jkxs\downloads\kmspico install\uninstall_service.cmd
scanner sequence 3.CG.11.FINAJZ
 ----- EOF ----- 
 
Hi Gary, I don't believe I have a valid key at the moment and so I will have to get one through my school and reformat. I say this because I saw your earlier post that said "If you do not have a valid Product Key for your Windows installation we will be unable to assist you." Thanks!

Attached Files


Edited by jkxs, 13 July 2016 - 08:14 PM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,441 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:39 PM

Posted 13 July 2016 - 09:17 PM

OK, thank you for letting me know. Sorry I was unable to assist.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,441 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:39 PM

Posted 13 July 2016 - 09:17 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users