Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Systems analysis request - Invisible junkware taking up memory


  • This topic is locked This topic is locked
25 replies to this topic

#1 jstyle711

jstyle711

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 27 April 2017 - 11:07 PM

My hard drive says it's full but I've deleted everything. Please review my log and let me know if there are any issues with my system. Thanks!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-04-2017
Ran by jtreez (administrator) on JTREEZ-PC (26-04-2017 22:54:08)
Running from C:\Users\jtreez\Downloads
Loaded Profiles: jtreez (Available Profiles: jtreez)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
() C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Windows\AsScrPro.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
() C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\jtreez\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\jtreez\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\jtreez\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\jtreez\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\SysWOW64\DptfPolicyLpmServiceHelper.exe
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2661672 2012-02-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12460136 2012-03-29] (Realtek Semiconductor)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184632 2013-11-13] (Motorola Solutions, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2984688 2011-08-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-21] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2015-10-12] (ASUS)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328504 2013-01-11] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [205184 2012-10-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2104928586-2285902241-1069930802-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-2104928586-2285902241-1069930802-1001\...\Run: [GoogleChromeAutoLaunch_E5923AAC9BFEDB9BAE59370D5441FDBC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941912 2017-03-28] (Google Inc.)
HKU\S-1-5-21-2104928586-2285902241-1069930802-1001\...\Run: [AceStream] => C:\Users\jtreez\AppData\Roaming\ACEStream\engine\ace_engine.exe
HKU\S-1-5-21-2104928586-2285902241-1069930802-1001\...\Run: [Discord] => C:\Users\jtreez\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2104928586-2285902241-1069930802-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
Startup: C:\Users\jtreez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Jawbone Updater.lnk [2017-01-24]
ShortcutTarget: Launch Jawbone Updater.lnk -> C:\Program Files (x86)\Jawbone\LaunchJU.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9D13DB2F-6DE7-4130-9E05-FFCF0F1CE39C}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2104928586-2285902241-1069930802-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
URLSearchHook: HKU\S-1-5-21-2104928586-2285902241-1069930802-1001 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2104928586-2285902241-1069930802-1001 -> DefaultScope {F0699874-9A7B-40E0-B1A7-76D2862A65D3} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2104928586-2285902241-1069930802-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2104928586-2285902241-1069930802-1001 -> {F0699874-9A7B-40E0-B1A7-76D2862A65D3} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
 
FireFox:
========
FF HKU\S-1-5-21-2104928586-2285902241-1069930802-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\jtreez\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Stream Web Extension) - C:\Users\jtreez\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2015-12-18]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-2104928586-2285902241-1069930802-1001: @acestream.net/acestreamplugin,version=3.1.6 -> C:\Users\jtreez\AppData\Roaming\ACEStream\player\npace_plugin.dll [2015-08-06] (Innovative Digital Technologies)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.yahoo.com/?type=599486&fr=spigot-yhp-ch
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\jtreez\AppData\Local\Google\Chrome\User Data\Default [2017-04-26]
CHR Extension: (Google Docs) - C:\Users\jtreez\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-10]
CHR Extension: (Google Drive) - C:\Users\jtreez\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-10]
CHR Extension: (YouTube) - C:\Users\jtreez\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-10]
CHR Extension: (Google Search) - C:\Users\jtreez\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10]
CHR Extension: (Native HLS Playback) - C:\Users\jtreez\AppData\Local\Google\Chrome\User Data\Default\Extensions\emnphkkblegpebimobpbekeedfgemhof [2017-03-27]
CHR Extension: (Google Docs Offline) - C:\Users\jtreez\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Google Voice (by Google)) - C:\Users\jtreez\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-11-12]
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\jtreez\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2016-05-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jtreez\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Simple EPUB Reader) - C:\Users\jtreez\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhbgcchcbdjdenibfmjofobklkkhofc [2016-01-26]
CHR Extension: (Gmail) - C:\Users\jtreez\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-10]
CHR Extension: (Chrome Media Router) - C:\Users\jtreez\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-07]
CHR HKU\S-1-5-21-2104928586-2285902241-1069930802-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 DptfParticipantProcessorService; C:\Windows\SysWOW64\DptfParticipantProcessorService.exe [18944 2012-02-19] ()
R2 DptfPolicyConfigTDPService; C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe [19968 2012-02-19] ()
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2017-03-11] (Echobit LLC)
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [127216 2015-01-21] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-04-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
R0 assd; C:\Windows\System32\Drivers\assd.sys [27056 2011-10-28] (ASUS Corporation) [File not signed]
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2011-12-21] (Windows ® Win 7 DDK provider)
R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2011-11-07] (Windows ® Win 7 DDK provider)
R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [73512 2015-03-18] (ASUS Corporation)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [87864 2014-11-05] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-10-28] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1448248 2014-11-26] (Motorola Solutions, Inc.)
R3 DptfDevDram; C:\Windows\System32\DRIVERS\DptfDevDram.sys [107288 2012-02-19] (Intel Corporation)
R3 DptfDevFan; C:\Windows\System32\DRIVERS\DptfDevFan.sys [42776 2012-02-19] (Intel Corporation)
R3 DptfDevGen; C:\Windows\System32\DRIVERS\DptfDevGen.sys [64792 2012-02-19] (Intel Corporation)
R3 DptfDevPch; C:\Windows\System32\DRIVERS\DptfDevPch.sys [96024 2012-02-19] (Intel Corporation)
R3 DptfDevProc; C:\Windows\System32\DRIVERS\DptfDevProc.sys [220952 2012-02-19] (Intel Corporation)
R3 DptfManager; C:\Windows\System32\DRIVERS\DptfManager.sys [357656 2012-02-19] (Intel Corporation)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2017-03-11] (Echobit, LLC)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-04-09] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2014-08-15] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-04-26] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [204184 2014-03-04] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-26 22:54 - 2017-04-26 22:54 - 00023238 _____ C:\Users\jtreez\Downloads\FRST.txt
2017-04-26 22:53 - 2017-04-26 22:54 - 00000000 ____D C:\FRST
2017-04-26 22:53 - 2017-04-26 22:53 - 02427392 _____ (Farbar) C:\Users\jtreez\Downloads\FRST64.exe
2017-04-25 21:35 - 2017-04-25 21:39 - 114633361 _____ C:\cab_5296_2
2017-04-25 21:35 - 2017-04-25 21:35 - 00000000 _____ C:\cab_5296_6
2017-04-25 21:35 - 2017-04-25 21:35 - 00000000 _____ C:\cab_5296_5
2017-04-25 21:35 - 2017-04-25 21:35 - 00000000 _____ C:\cab_5296_4
2017-04-25 21:35 - 2017-04-25 21:35 - 00000000 _____ C:\cab_5296_3
2017-04-25 21:30 - 2017-04-25 21:34 - 114633361 _____ C:\cab_5188_2
2017-04-25 21:30 - 2017-04-25 21:30 - 00000000 _____ C:\cab_5188_6
2017-04-25 21:30 - 2017-04-25 21:30 - 00000000 _____ C:\cab_5188_5
2017-04-25 21:30 - 2017-04-25 21:30 - 00000000 _____ C:\cab_5188_4
2017-04-25 21:30 - 2017-04-25 21:30 - 00000000 _____ C:\cab_5188_3
2017-04-22 03:21 - 2017-04-22 03:23 - 114633361 _____ C:\cab_1156_7
2017-04-22 03:21 - 2017-04-22 03:21 - 00000000 _____ C:\cab_1156_9
2017-04-22 03:21 - 2017-04-22 03:21 - 00000000 _____ C:\cab_1156_8
2017-04-22 03:21 - 2017-04-22 03:21 - 00000000 _____ C:\cab_1156_11
2017-04-22 03:21 - 2017-04-22 03:21 - 00000000 _____ C:\cab_1156_10
2017-04-22 03:19 - 2017-04-22 03:20 - 32964087 _____ C:\cab_1276_12
2017-04-22 03:19 - 2017-04-22 03:19 - 00000000 _____ C:\cab_1276_16
2017-04-22 03:19 - 2017-04-22 03:19 - 00000000 _____ C:\cab_1276_15
2017-04-22 03:19 - 2017-04-22 03:19 - 00000000 _____ C:\cab_1276_14
2017-04-22 03:19 - 2017-04-22 03:19 - 00000000 _____ C:\cab_1276_13
2017-04-22 03:18 - 2017-04-22 03:19 - 53034198 _____ C:\cab_1156_2
2017-04-22 03:18 - 2017-04-22 03:18 - 00000000 _____ C:\cab_1156_6
2017-04-22 03:18 - 2017-04-22 03:18 - 00000000 _____ C:\cab_1156_5
2017-04-22 03:18 - 2017-04-22 03:18 - 00000000 _____ C:\cab_1156_4
2017-04-22 03:18 - 2017-04-22 03:18 - 00000000 _____ C:\cab_1156_3
2017-04-22 03:16 - 2017-04-22 03:17 - 41155840 _____ C:\cab_1268_7
2017-04-22 03:16 - 2017-04-22 03:16 - 00000000 _____ C:\cab_1268_9
2017-04-22 03:16 - 2017-04-22 03:16 - 00000000 _____ C:\cab_1268_8
2017-04-22 03:16 - 2017-04-22 03:16 - 00000000 _____ C:\cab_1268_11
2017-04-22 03:16 - 2017-04-22 03:16 - 00000000 _____ C:\cab_1268_10
2017-04-20 21:49 - 2017-04-20 21:51 - 114633361 _____ C:\cab_1136_14
2017-04-20 21:49 - 2017-04-20 21:49 - 00000000 _____ C:\cab_1136_18
2017-04-20 21:49 - 2017-04-20 21:49 - 00000000 _____ C:\cab_1136_17
2017-04-20 21:49 - 2017-04-20 21:49 - 00000000 _____ C:\cab_1136_16
2017-04-20 21:49 - 2017-04-20 21:49 - 00000000 _____ C:\cab_1136_15
2017-04-20 21:48 - 2017-04-20 21:49 - 33421903 _____ C:\cab_1276_7
2017-04-20 21:48 - 2017-04-20 21:48 - 00000000 _____ C:\cab_1276_9
2017-04-20 21:48 - 2017-04-20 21:48 - 00000000 _____ C:\cab_1276_8
2017-04-20 21:48 - 2017-04-20 21:48 - 00000000 _____ C:\cab_1276_11
2017-04-20 21:48 - 2017-04-20 21:48 - 00000000 _____ C:\cab_1276_10
2017-04-20 21:46 - 2017-04-20 21:47 - 55279934 _____ C:\cab_1136_9
2017-04-20 21:46 - 2017-04-20 21:46 - 00000000 _____ C:\cab_1136_13
2017-04-20 21:46 - 2017-04-20 21:46 - 00000000 _____ C:\cab_1136_12
2017-04-20 21:46 - 2017-04-20 21:46 - 00000000 _____ C:\cab_1136_11
2017-04-20 21:46 - 2017-04-20 21:46 - 00000000 _____ C:\cab_1136_10
2017-04-20 21:44 - 2017-04-20 21:45 - 40863620 _____ C:\cab_1264_22
2017-04-20 21:44 - 2017-04-20 21:44 - 00000000 _____ C:\cab_1264_26
2017-04-20 21:44 - 2017-04-20 21:44 - 00000000 _____ C:\cab_1264_25
2017-04-20 21:44 - 2017-04-20 21:44 - 00000000 _____ C:\cab_1264_24
2017-04-20 21:44 - 2017-04-20 21:44 - 00000000 _____ C:\cab_1264_23
2017-04-19 17:30 - 2017-04-19 17:37 - 114633361 _____ C:\cab_1140_12
2017-04-19 17:30 - 2017-04-19 17:30 - 00000000 _____ C:\cab_1140_16
2017-04-19 17:30 - 2017-04-19 17:30 - 00000000 _____ C:\cab_1140_15
2017-04-19 17:30 - 2017-04-19 17:30 - 00000000 _____ C:\cab_1140_14
2017-04-19 17:30 - 2017-04-19 17:30 - 00000000 _____ C:\cab_1140_13
2017-04-19 17:29 - 2017-04-19 17:30 - 32132785 _____ C:\cab_1264_17
2017-04-19 17:29 - 2017-04-19 17:29 - 00000000 _____ C:\cab_1264_21
2017-04-19 17:29 - 2017-04-19 17:29 - 00000000 _____ C:\cab_1264_20
2017-04-19 17:29 - 2017-04-19 17:29 - 00000000 _____ C:\cab_1264_19
2017-04-19 17:29 - 2017-04-19 17:29 - 00000000 _____ C:\cab_1264_18
2017-04-19 17:27 - 2017-04-19 17:28 - 48576846 _____ C:\cab_1144_12
2017-04-19 17:27 - 2017-04-19 17:27 - 00000000 _____ C:\cab_1144_16
2017-04-19 17:27 - 2017-04-19 17:27 - 00000000 _____ C:\cab_1144_15
2017-04-19 17:27 - 2017-04-19 17:27 - 00000000 _____ C:\cab_1144_14
2017-04-19 17:27 - 2017-04-19 17:27 - 00000000 _____ C:\cab_1144_13
2017-04-19 17:26 - 2017-04-19 17:26 - 38928369 _____ C:\cab_1268_2
2017-04-19 17:26 - 2017-04-19 17:26 - 00000000 _____ C:\cab_1268_6
2017-04-19 17:26 - 2017-04-19 17:26 - 00000000 _____ C:\cab_1268_5
2017-04-19 17:26 - 2017-04-19 17:26 - 00000000 _____ C:\cab_1268_4
2017-04-19 17:26 - 2017-04-19 17:26 - 00000000 _____ C:\cab_1268_3
2017-04-19 17:25 - 2017-04-19 17:25 - 14732202 _____ C:\cab_1148_17
2017-04-19 17:25 - 2017-04-19 17:25 - 00000000 _____ C:\cab_1148_21
2017-04-19 17:25 - 2017-04-19 17:25 - 00000000 _____ C:\cab_1148_20
2017-04-19 17:25 - 2017-04-19 17:25 - 00000000 _____ C:\cab_1148_19
2017-04-19 17:25 - 2017-04-19 17:25 - 00000000 _____ C:\cab_1148_18
2017-04-18 18:08 - 2017-04-18 18:11 - 114633361 _____ C:\cab_1152_2
2017-04-18 18:08 - 2017-04-18 18:08 - 00000000 _____ C:\cab_1152_6
2017-04-18 18:08 - 2017-04-18 18:08 - 00000000 _____ C:\cab_1152_5
2017-04-18 18:08 - 2017-04-18 18:08 - 00000000 _____ C:\cab_1152_4
2017-04-18 18:08 - 2017-04-18 18:08 - 00000000 _____ C:\cab_1152_3
2017-04-18 18:07 - 2017-04-18 18:08 - 33224917 _____ C:\cab_1276_2
2017-04-18 18:07 - 2017-04-18 18:07 - 00000000 _____ C:\cab_1276_6
2017-04-18 18:07 - 2017-04-18 18:07 - 00000000 _____ C:\cab_1276_5
2017-04-18 18:07 - 2017-04-18 18:07 - 00000000 _____ C:\cab_1276_4
2017-04-18 18:07 - 2017-04-18 18:07 - 00000000 _____ C:\cab_1276_3
2017-04-18 18:05 - 2017-04-18 18:06 - 52997286 _____ C:\cab_1128_2
2017-04-18 18:05 - 2017-04-18 18:05 - 00000000 _____ C:\cab_1128_6
2017-04-18 18:05 - 2017-04-18 18:05 - 00000000 _____ C:\cab_1128_5
2017-04-18 18:05 - 2017-04-18 18:05 - 00000000 _____ C:\cab_1128_4
2017-04-18 18:05 - 2017-04-18 18:05 - 00000000 _____ C:\cab_1128_3
2017-04-18 18:04 - 2017-04-18 18:05 - 40473605 _____ C:\cab_1260_7
2017-04-18 18:04 - 2017-04-18 18:04 - 00000000 _____ C:\cab_1260_9
2017-04-18 18:04 - 2017-04-18 18:04 - 00000000 _____ C:\cab_1260_8
2017-04-18 18:04 - 2017-04-18 18:04 - 00000000 _____ C:\cab_1260_11
2017-04-18 18:04 - 2017-04-18 18:04 - 00000000 _____ C:\cab_1260_10
2017-04-18 18:03 - 2017-04-18 18:03 - 15631720 _____ C:\cab_1188_2
2017-04-18 18:03 - 2017-04-18 18:03 - 00000000 _____ C:\cab_1188_6
2017-04-18 18:03 - 2017-04-18 18:03 - 00000000 _____ C:\cab_1188_5
2017-04-18 18:03 - 2017-04-18 18:03 - 00000000 _____ C:\cab_1188_4
2017-04-18 18:03 - 2017-04-18 18:03 - 00000000 _____ C:\cab_1188_3
2017-04-17 17:06 - 2017-04-17 17:13 - 114633361 _____ C:\cab_1148_12
2017-04-17 17:06 - 2017-04-17 17:06 - 00000000 _____ C:\cab_1148_16
2017-04-17 17:06 - 2017-04-17 17:06 - 00000000 _____ C:\cab_1148_15
2017-04-17 17:06 - 2017-04-17 17:06 - 00000000 _____ C:\cab_1148_14
2017-04-17 17:06 - 2017-04-17 17:06 - 00000000 _____ C:\cab_1148_13
2017-04-17 17:04 - 2017-04-17 17:05 - 31417062 _____ C:\cab_1264_12
2017-04-17 17:04 - 2017-04-17 17:04 - 00000000 _____ C:\cab_1264_16
2017-04-17 17:04 - 2017-04-17 17:04 - 00000000 _____ C:\cab_1264_15
2017-04-17 17:04 - 2017-04-17 17:04 - 00000000 _____ C:\cab_1264_14
2017-04-17 17:04 - 2017-04-17 17:04 - 00000000 _____ C:\cab_1264_13
2017-04-17 17:02 - 2017-04-17 17:04 - 49226731 _____ C:\cab_1144_7
2017-04-17 17:02 - 2017-04-17 17:02 - 00000000 _____ C:\cab_1144_9
2017-04-17 17:02 - 2017-04-17 17:02 - 00000000 _____ C:\cab_1144_8
2017-04-17 17:02 - 2017-04-17 17:02 - 00000000 _____ C:\cab_1144_11
2017-04-17 17:02 - 2017-04-17 17:02 - 00000000 _____ C:\cab_1144_10
2017-04-17 17:01 - 2017-04-17 17:02 - 38991631 _____ C:\cab_1280_2
2017-04-17 17:01 - 2017-04-17 17:01 - 00000000 _____ C:\cab_1280_6
2017-04-17 17:01 - 2017-04-17 17:01 - 00000000 _____ C:\cab_1280_5
2017-04-17 17:01 - 2017-04-17 17:01 - 00000000 _____ C:\cab_1280_4
2017-04-17 17:01 - 2017-04-17 17:01 - 00000000 _____ C:\cab_1280_3
2017-04-17 17:00 - 2017-04-17 17:00 - 14471638 _____ C:\cab_1144_2
2017-04-17 17:00 - 2017-04-17 17:00 - 00000000 _____ C:\cab_1144_6
2017-04-17 17:00 - 2017-04-17 17:00 - 00000000 _____ C:\cab_1144_5
2017-04-17 17:00 - 2017-04-17 17:00 - 00000000 _____ C:\cab_1144_4
2017-04-17 17:00 - 2017-04-17 17:00 - 00000000 _____ C:\cab_1144_3
2017-04-16 09:14 - 2017-04-16 09:17 - 114633361 _____ C:\cab_1148_7
2017-04-16 09:14 - 2017-04-16 09:14 - 00000000 _____ C:\cab_1148_9
2017-04-16 09:14 - 2017-04-16 09:14 - 00000000 _____ C:\cab_1148_8
2017-04-16 09:14 - 2017-04-16 09:14 - 00000000 _____ C:\cab_1148_11
2017-04-16 09:14 - 2017-04-16 09:14 - 00000000 _____ C:\cab_1148_10
2017-04-16 09:13 - 2017-04-16 09:14 - 35781357 _____ C:\cab_1264_7
2017-04-16 09:13 - 2017-04-16 09:13 - 00000000 _____ C:\cab_1264_9
2017-04-16 09:13 - 2017-04-16 09:13 - 00000000 _____ C:\cab_1264_8
2017-04-16 09:13 - 2017-04-16 09:13 - 00000000 _____ C:\cab_1264_11
2017-04-16 09:13 - 2017-04-16 09:13 - 00000000 _____ C:\cab_1264_10
2017-04-16 09:11 - 2017-04-16 09:12 - 48633616 _____ C:\cab_1124_2
2017-04-16 09:11 - 2017-04-16 09:11 - 00000000 _____ C:\cab_1124_6
2017-04-16 09:11 - 2017-04-16 09:11 - 00000000 _____ C:\cab_1124_5
2017-04-16 09:11 - 2017-04-16 09:11 - 00000000 _____ C:\cab_1124_4
2017-04-16 09:11 - 2017-04-16 09:11 - 00000000 _____ C:\cab_1124_3
2017-04-16 09:10 - 2017-04-16 09:11 - 39199488 _____ C:\cab_1256_2
2017-04-16 09:10 - 2017-04-16 09:10 - 00000000 _____ C:\cab_1256_6
2017-04-16 09:10 - 2017-04-16 09:10 - 00000000 _____ C:\cab_1256_5
2017-04-16 09:10 - 2017-04-16 09:10 - 00000000 _____ C:\cab_1256_4
2017-04-16 09:10 - 2017-04-16 09:10 - 00000000 _____ C:\cab_1256_3
2017-04-16 09:09 - 2017-04-16 09:09 - 14896630 _____ C:\cab_1140_7
2017-04-16 09:09 - 2017-04-16 09:09 - 00000000 _____ C:\cab_1140_9
2017-04-16 09:09 - 2017-04-16 09:09 - 00000000 _____ C:\cab_1140_8
2017-04-16 09:09 - 2017-04-16 09:09 - 00000000 _____ C:\cab_1140_11
2017-04-16 09:09 - 2017-04-16 09:09 - 00000000 _____ C:\cab_1140_10
2017-04-15 14:14 - 2017-04-15 14:16 - 114633361 _____ C:\cab_1140_2
2017-04-15 14:14 - 2017-04-15 14:14 - 00000000 _____ C:\cab_1140_6
2017-04-15 14:14 - 2017-04-15 14:14 - 00000000 _____ C:\cab_1140_5
2017-04-15 14:14 - 2017-04-15 14:14 - 00000000 _____ C:\cab_1140_4
2017-04-15 14:14 - 2017-04-15 14:14 - 00000000 _____ C:\cab_1140_3
2017-04-15 14:13 - 2017-04-15 14:14 - 33367879 _____ C:\cab_1260_2
2017-04-15 14:13 - 2017-04-15 14:13 - 00000000 _____ C:\cab_1260_6
2017-04-15 14:13 - 2017-04-15 14:13 - 00000000 _____ C:\cab_1260_5
2017-04-15 14:13 - 2017-04-15 14:13 - 00000000 _____ C:\cab_1260_4
2017-04-15 14:13 - 2017-04-15 14:13 - 00000000 _____ C:\cab_1260_3
2017-04-15 14:11 - 2017-04-15 14:12 - 52821402 _____ C:\cab_1148_2
2017-04-15 14:11 - 2017-04-15 14:11 - 00000000 _____ C:\cab_1148_6
2017-04-15 14:11 - 2017-04-15 14:11 - 00000000 _____ C:\cab_1148_5
2017-04-15 14:11 - 2017-04-15 14:11 - 00000000 _____ C:\cab_1148_4
2017-04-15 14:11 - 2017-04-15 14:11 - 00000000 _____ C:\cab_1148_3
2017-04-15 14:09 - 2017-04-15 14:10 - 51052431 _____ C:\cab_1252_2
2017-04-15 14:09 - 2017-04-15 14:09 - 00000000 _____ C:\cab_1252_6
2017-04-15 14:09 - 2017-04-15 14:09 - 00000000 _____ C:\cab_1252_5
2017-04-15 14:09 - 2017-04-15 14:09 - 00000000 _____ C:\cab_1252_4
2017-04-15 14:09 - 2017-04-15 14:09 - 00000000 _____ C:\cab_1252_3
2017-04-15 09:50 - 2017-04-15 09:56 - 114633361 _____ C:\cab_5000_2
2017-04-15 09:50 - 2017-04-15 09:50 - 00000000 _____ C:\cab_5000_6
2017-04-15 09:50 - 2017-04-15 09:50 - 00000000 _____ C:\cab_5000_5
2017-04-15 09:50 - 2017-04-15 09:50 - 00000000 _____ C:\cab_5000_4
2017-04-15 09:50 - 2017-04-15 09:50 - 00000000 _____ C:\cab_5000_3
2017-04-14 14:49 - 2017-04-14 14:52 - 114633361 _____ C:\cab_4700_2
2017-04-14 14:49 - 2017-04-14 14:49 - 00000000 _____ C:\cab_4700_6
2017-04-14 14:49 - 2017-04-14 14:49 - 00000000 _____ C:\cab_4700_5
2017-04-14 14:49 - 2017-04-14 14:49 - 00000000 _____ C:\cab_4700_4
2017-04-14 14:49 - 2017-04-14 14:49 - 00000000 _____ C:\cab_4700_3
2017-04-14 10:09 - 2017-04-14 10:09 - 31709946 _____ C:\Users\jtreez\Downloads\MRI-20170414T170839Z-001.zip
2017-04-14 10:09 - 2017-04-14 10:09 - 00000000 ____D C:\Users\jtreez\Downloads\MRI
2017-04-14 10:04 - 2017-04-14 10:04 - 31709946 _____ C:\Users\jtreez\Downloads\MRI-20170414T170245Z-001.zip
2017-04-14 10:01 - 2017-04-14 10:01 - 00000000 ____D C:\Users\jtreez\Desktop\S0000001
2017-04-14 10:00 - 2017-04-14 10:00 - 27332954 _____ C:\Users\jtreez\Downloads\S0000001-20170414T170023Z-001.zip
2017-04-14 09:42 - 2017-04-14 09:42 - 00002984 _____ C:\Windows\System32\Tasks\ATKOSD2
2017-04-14 09:41 - 2017-04-14 09:41 - 12307216 _____ C:\Users\jtreez\Downloads\ATKPackage_Win7_8_VER100027.zip
2017-04-13 18:05 - 2017-04-13 18:05 - 00000967 _____ C:\Users\jtreez\Desktop\Diablo III - Shortcut.lnk
2017-04-13 17:43 - 2017-04-13 17:45 - 00000000 ____D C:\Users\jtreez\Desktop\Tokyo2k16
2017-04-13 17:43 - 2017-04-13 17:43 - 00000000 ____D C:\Users\jtreez\Desktop\MRI
2017-03-30 21:58 - 2017-04-15 12:54 - 00000000 ____D C:\Users\jtreez\Documents\Diablo III
2017-03-30 18:48 - 2017-04-26 21:57 - 00000000 ____D C:\TEMP
2017-03-30 18:23 - 2017-03-30 22:04 - 00000000 ____D C:\Diablo III
2017-03-28 21:53 - 2017-03-28 21:53 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2017-03-28 21:52 - 2017-03-28 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blizzard App
2017-03-28 21:51 - 2017-04-25 21:00 - 00000000 ____D C:\Program Files (x86)\Blizzard App
2017-03-28 21:51 - 2017-03-28 21:53 - 00000000 ____D C:\Users\jtreez\AppData\Roaming\Battle.net
2017-03-28 21:50 - 2017-03-28 21:51 - 00000000 ____D C:\ProgramData\Battle.net
2017-03-28 21:50 - 2017-03-28 21:50 - 03334128 _____ (Blizzard Entertainment) C:\Users\jtreez\Downloads\Diablo-III-Setup.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-26 22:35 - 2015-11-03 20:22 - 00000000 ____D C:\Users\jtreez\AppData\Roaming\Spotify
2017-04-26 21:33 - 2015-10-12 19:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-26 19:49 - 2015-10-12 19:25 - 00000000 ____D C:\Users\jtreez\AppData\Roaming\Intel WiDi
2017-04-26 19:18 - 2015-10-12 18:55 - 00000380 _____ C:\Users\jtreez\AppData\Roaming\sp_data.sys
2017-04-26 19:14 - 2015-10-12 18:32 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-04-25 21:43 - 2015-10-12 19:12 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-04-25 21:43 - 2015-10-12 18:32 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-04-25 21:03 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-25 21:03 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-22 03:25 - 2009-07-13 22:13 - 00782680 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-22 03:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-04-22 03:21 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-22 03:21 - 2009-07-13 21:45 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-22 03:20 - 2015-11-08 16:07 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-04-22 03:20 - 2015-11-08 16:07 - 00000000 ____D C:\Windows\system32\appraiser
2017-04-22 03:20 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-04-14 09:42 - 2011-08-28 02:09 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-04-13 23:40 - 2015-12-20 18:13 - 66065844 _____ C:\-MSI_netfx_Full_GDR_x64.msi.txt
2017-04-13 17:52 - 2015-11-09 19:23 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-13 17:52 - 2015-11-09 19:23 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-13 17:38 - 2009-07-13 22:08 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-08 17:36 - 2016-01-04 15:20 - 00000000 ____D C:\Users\jtreez\AppData\Roaming\Apple Computer
2017-04-06 18:41 - 2015-11-09 19:30 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-06 18:41 - 2015-11-09 19:30 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-31 17:46 - 2015-10-12 18:54 - 00000000 ____D C:\Users\jtreez
2017-03-30 18:46 - 2015-10-23 17:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2017-03-30 18:21 - 2015-10-27 20:57 - 00000000 ____D C:\Users\jtreez\AppData\Roaming\.ACEStream
2017-03-28 21:54 - 2015-11-12 10:31 - 00000000 ____D C:\EDIABAS
2017-03-28 18:47 - 2017-01-11 23:00 - 00003424 _____ C:\Windows\System32\Tasks\Apple Diagnostics
 
==================== Files in the root of some directories =======
 
2015-10-12 18:55 - 2017-04-26 19:18 - 0000380 _____ () C:\Users\jtreez\AppData\Roaming\sp_data.sys
2015-11-15 15:20 - 2015-11-15 15:20 - 0000017 _____ () C:\Users\jtreez\AppData\Local\resmon.resmoncfg
2015-10-12 19:38 - 2015-10-12 19:45 - 0015580 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151012.193842.txt
2015-10-12 19:54 - 2015-10-12 19:55 - 0055100 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151012.195426.wdl
2015-10-12 19:55 - 2015-10-12 19:58 - 0098995 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151012.195558.wdl
2015-10-12 20:05 - 2015-10-12 20:05 - 0000438 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151012.200534.txt
2015-10-12 20:07 - 2015-10-12 20:08 - 0025759 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151012.200715.txt
2015-10-12 20:08 - 2015-10-12 20:12 - 0029227 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151012.200807.txt
2015-10-12 20:13 - 2015-10-12 20:23 - 0028553 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151012.201354.txt
2015-10-12 20:26 - 2015-10-12 20:37 - 0086267 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151012.202651.txt
2015-10-12 20:46 - 2015-10-12 21:16 - 0332700 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151012.204610.wdl
2015-10-12 21:49 - 2015-10-12 23:11 - 0544270 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151012.214914.wdl
2015-10-23 17:10 - 2015-10-23 18:25 - 1961378 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151023.171020.wdl
2015-10-23 18:25 - 2015-10-23 18:27 - 0352626 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151023.182550.wdl
2015-10-24 14:21 - 2015-10-25 11:18 - 9185557 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151024.142134.wdl
2015-10-31 12:22 - 2015-10-31 12:58 - 0965867 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151031.122227.wdl
2015-10-31 13:09 - 2015-10-31 15:05 - 2002130 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151031.130932.wdl
2015-11-01 20:43 - 2015-11-01 23:46 - 2648162 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151101.194317.wdl
2015-11-04 21:38 - 2015-11-04 22:13 - 0738954 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151104.203846.wdl
2015-11-05 18:33 - 2015-11-05 23:58 - 2782098 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151105.173332.wdl
2015-11-07 13:12 - 2015-11-07 22:30 - 8100967 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151107.121210.wdl
2015-11-08 15:52 - 2015-11-08 16:07 - 0511372 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151108.145248.wdl
2015-11-12 20:17 - 2015-11-12 20:22 - 0425865 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151112.191733.wdl
2015-11-23 21:01 - 2015-11-23 23:42 - 2529365 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151123.200117.wdl
2016-01-19 23:04 - 2016-01-19 23:06 - 0172677 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160119.220425.wdl
2016-01-19 23:06 - 2016-01-19 23:13 - 0487415 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160119.220627.wdl
2016-01-19 23:16 - 2016-01-19 23:53 - 0800817 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160119.221652.wdl
2016-01-22 20:56 - 2016-01-22 21:02 - 0419833 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160122.195633.wdl
2016-01-23 21:30 - 2016-01-24 00:56 - 3755423 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160123.203012.wdl
2016-02-03 21:07 - 2016-02-04 00:11 - 2650288 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160203.200748.wdl
2016-02-06 20:27 - 2016-02-07 01:55 - 4895707 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160206.192708.wdl
2016-02-10 22:22 - 2016-02-11 01:03 - 2289962 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160210.212218.wdl
2016-02-11 18:32 - 2016-02-11 18:35 - 0305398 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160211.173244.wdl
2016-02-11 18:35 - 2016-02-11 18:36 - 0131126 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160211.173514.wdl
2016-02-11 18:36 - 2016-02-11 22:45 - 3332248 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160211.173636.wdl
2016-02-15 21:14 - 2016-02-15 23:38 - 2590840 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160215.201420.wdl
2016-02-17 19:40 - 2016-02-17 20:04 - 0467013 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160217.184052.wdl
2016-02-17 22:26 - 2016-02-17 23:04 - 0802680 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160217.212641.wdl
2016-02-22 19:34 - 2016-02-22 20:06 - 0884030 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160222.183404.wdl
2016-02-23 19:22 - 2016-02-23 21:35 - 3019554 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160223.182220.wdl
2016-02-25 22:20 - 2016-02-25 22:30 - 0660983 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160225.212058.wdl
2016-04-03 15:27 - 2016-04-03 15:58 - 0706387 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160403.152701.wdl
2016-04-03 15:58 - 2016-04-03 17:05 - 1298498 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160403.155837.wdl
2016-04-09 19:07 - 2016-04-09 20:18 - 1610426 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160409.190701.wdl
2016-04-10 17:31 - 2016-04-10 17:32 - 0148227 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160410.173140.wdl
2016-04-10 17:32 - 2016-04-10 18:35 - 1117191 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160410.173226.wdl
2016-04-23 15:42 - 2016-04-23 16:06 - 0857695 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160423.154247.wdl
2016-04-23 17:31 - 2016-04-23 17:56 - 0855190 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160423.173103.wdl
2016-04-23 17:57 - 2016-04-23 18:49 - 1050418 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160423.175712.wdl
2016-04-24 12:58 - 2016-04-24 13:46 - 1238200 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160424.125857.wdl
2016-05-03 21:13 - 2016-05-03 22:44 - 1240167 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160503.211338.wdl
2016-07-27 18:41 - 2016-07-27 23:41 - 3791279 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160727.184159.wdl
2016-07-28 22:59 - 2016-07-28 23:09 - 0427642 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160728.225901.wdl
2016-07-31 20:20 - 2016-07-31 22:14 - 1531125 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160731.202004.wdl
2016-08-07 22:14 - 2016-08-08 00:58 - 2007698 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160807.221444.wdl
2016-08-15 16:52 - 2016-08-15 20:45 - 2826199 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160815.165211.wdl
2016-08-20 23:31 - 2016-08-20 23:43 - 0531424 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160820.233148.wdl
2016-08-22 19:40 - 2016-08-22 21:33 - 1470608 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160822.194039.wdl
2016-08-25 23:08 - 2016-08-25 23:57 - 0806526 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160825.230817.wdl
2016-08-26 18:46 - 2016-08-26 19:04 - 0554451 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160826.184610.wdl
2016-08-26 21:58 - 2016-08-27 00:59 - 2149834 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160826.215848.wdl
2016-08-27 12:52 - 2016-08-27 14:02 - 1015328 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160827.125255.wdl
2016-08-29 21:51 - 2016-08-29 21:52 - 0092814 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160829.215153.wdl
2016-08-29 21:52 - 2016-08-29 21:56 - 0075980 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160829.215222.wdl
2016-08-29 21:56 - 2016-08-29 23:34 - 1288143 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160829.215610.wdl
2016-09-08 20:18 - 2016-09-08 20:37 - 0830461 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20160908.201831.wdl
2016-11-08 20:54 - 2016-11-08 21:50 - 1215506 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20161108.195435.wdl
2016-11-08 22:21 - 2016-11-08 22:58 - 0681098 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20161108.212151.wdl
2016-11-13 12:09 - 2016-11-13 12:10 - 0137766 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20161113.110927.wdl
2016-11-13 12:11 - 2016-11-13 13:22 - 1481071 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20161113.111157.wdl
2016-11-13 22:03 - 2016-11-13 23:19 - 1167282 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20161113.210355.wdl
2016-11-14 21:16 - 2016-11-14 21:17 - 0144322 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20161114.201603.wdl
2016-11-14 21:18 - 2016-11-15 01:04 - 3480620 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20161114.201823.wdl
2016-11-15 19:15 - 2016-11-15 21:53 - 1952079 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20161115.181504.wdl
2016-11-18 19:51 - 2016-11-18 19:52 - 0056506 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20161118.185117.wdl
2016-11-18 19:52 - 2016-11-18 20:09 - 0512418 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20161118.185223.wdl
2016-11-20 20:53 - 2016-11-21 00:13 - 0387642 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20161120.195344.wdl
2016-11-23 18:54 - 2016-11-23 23:09 - 1489959 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20161123.175441.wdl
2016-11-24 00:00 - 2016-11-24 00:28 - 0823800 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20161123.230010.wdl
2016-11-24 01:32 - 2016-11-24 01:32 - 0113367 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20161124.003213.wdl
2016-12-06 20:24 - 2016-12-06 23:30 - 2039822 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20161206.192436.wdl
2016-12-08 23:01 - 2016-12-09 00:14 - 1152308 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20161208.220146.wdl
2016-12-09 23:16 - 2016-12-09 23:57 - 0804805 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20161209.221646.wdl
2016-12-10 23:50 - 2016-12-11 00:48 - 0833933 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20161210.225056.wdl
2017-03-22 18:31 - 2017-03-22 19:26 - 0916256 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20170322.183105.wdl
2017-04-15 15:22 - 2017-04-15 18:36 - 3276793 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20170415.152243.wdl
2017-04-17 17:41 - 2017-04-17 18:50 - 1035115 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20170417.174104.wdl
2017-04-26 19:36 - 2017-04-26 19:49 - 0077262 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20170426.193650.wdl
2017-04-26 19:49 - 2017-04-26 22:46 - 2951890 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20170426.194923.wdl
2015-10-12 19:15 - 2015-10-12 19:15 - 0017341 _____ () C:\Users\jtreez\AppData\Local\WiDiSetupLog.20151012.191543.wdl
2015-10-12 19:16 - 2015-10-12 19:20 - 0044931 _____ () C:\Users\jtreez\AppData\Local\WiDiSetupLog.20151012.191609.wdl
2015-10-12 19:22 - 2015-10-12 19:24 - 0046776 _____ () C:\Users\jtreez\AppData\Local\WiDiSetupLog.20151012.192257.wdl
2015-10-12 19:37 - 2015-10-12 19:38 - 0024358 _____ () C:\Users\jtreez\AppData\Local\WiDiSetupLog.20151012.193729.txt
2015-10-12 19:51 - 2015-10-12 19:52 - 0041471 _____ () C:\Users\jtreez\AppData\Local\WiDiSetupLog.20151012.195118.wdl
2015-10-12 20:00 - 2015-10-12 20:01 - 0006696 _____ () C:\Users\jtreez\AppData\Local\WiDiSetupLog.20151012.200044.txt
2015-10-12 20:04 - 2015-10-12 20:05 - 0027557 _____ () C:\Users\jtreez\AppData\Local\WiDiSetupLog.20151012.200414.txt
2015-10-12 20:45 - 2015-10-12 20:45 - 0046609 _____ () C:\Users\jtreez\AppData\Local\WiDiSetupLog.20151012.204507.wdl
2015-10-23 17:07 - 2015-10-23 17:08 - 0041132 _____ () C:\Users\jtreez\AppData\Local\WiDiSetupLog.20151023.170724.wdl
2015-10-12 19:36 - 2015-10-12 19:36 - 0011286 _____ () C:\Users\jtreez\AppData\Local\WiDiUtilsLog.20151012.193641.wdl
2015-10-20 20:38 - 2015-10-20 20:38 - 0011788 _____ () C:\Users\jtreez\AppData\Local\WiDiUtilsLog.20151020.203830.wdl
2016-02-23 23:59 - 2016-05-30 18:20 - 0008918 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-25 20:57
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,331 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:31 AM

Posted 28 April 2017 - 08:45 AM

jstyle711:

:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum. My name is Phil. May I address you by your first name?

I will be assisting you with your computer issues. I will endeavor to respond within a reasonable time, normally 48 hours after your last post.

Please copy and paste the "Addition.txt" log into a reply. It is one of two logs created by FRST. You have only submitted the "FRST.txt" log.

Once I receive both logs, I will need some time to review the logs. That could take a day or two.

On first glance, you have a lot of "odd" files that I have not seen before. Only a very few are listed below. Do you know what these files are? I would bet that they are what is "eating" up your hard disk space.
 

2017-04-25 21:35 - 2017-04-25 21:39 - 114633361 _____ C:\cab_5296_2
2017-04-25 21:35 - 2017-04-25 21:35 - 00000000 _____ C:\cab_5296_6
2017-04-25 21:35 - 2017-04-25 21:35 - 00000000 _____ C:\cab_5296_5
2017-04-25 21:35 - 2017-04-25 21:35 - 00000000 _____ C:\cab_5296_4
2017-04-25 21:35 - 2017-04-25 21:35 - 00000000 _____ C:\cab_5296_3
2017-04-25 21:30 - 2017-04-25 21:34 - 114633361 _____ C:\cab_5188_2
2017-04-25 21:30 - 2017-04-25 21:30 - 00000000 _____ C:\cab_5188_6
2017-04-25 21:30 - 2017-04-25 21:30 - 00000000 _____ C:\cab_5188_5
2017-04-25 21:30 - 2017-04-25 21:30 - 00000000 _____ C:\cab_5188_4
2017-04-25 21:30 - 2017-04-25 21:30 - 00000000 _____ C:\cab_5188_3
2017-04-22 03:21 - 2017-04-22 03:23 - 114633361 _____ C:\cab_1156_7
2017-04-22 03:21 - 2017-04-22 03:21 - 00000000 _____ C:\cab_1156_9
2017-04-22 03:21 - 2017-04-22 03:21 - 00000000 _____ C:\cab_1156_8
2017-04-22 03:21 - 2017-04-22 03:21 - 00000000 _____ C:\cab_1156_11
2017-04-22 03:21 - 2017-04-22 03:21 - 00000000 _____ C:\cab_1156_10
2017-04-22 03:19 - 2017-04-22 03:20 - 32964087 _____ C:\cab_1276_12
2017-04-22 03:19 - 2017-04-22 03:19 - 00000000 _____ C:\cab_1276_16
2017-04-22 03:19 - 2017-04-22 03:19 - 00000000 _____ C:\cab_1276_15
2017-04-22 03:19 - 2017-04-22 03:19 - 00000000 _____ C:\cab_1276_14
2017-04-22 03:19 - 2017-04-22 03:19 - 00000000 _____ C:\cab_1276_13
-----
2015-10-23 17:10 - 2015-10-23 18:25 - 1961378 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151023.171020.wdl
2015-10-23 18:25 - 2015-10-23 18:27 - 0352626 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151023.182550.wdl
2015-10-24 14:21 - 2015-10-25 11:18 - 9185557 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151024.142134.wdl
2015-10-31 12:22 - 2015-10-31 12:58 - 0965867 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151031.122227.wdl
2015-10-31 13:09 - 2015-10-31 15:05 - 2002130 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151031.130932.wdl
2015-11-01 20:43 - 2015-11-01 23:46 - 2648162 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151101.194317.wdl
2015-11-04 21:38 - 2015-11-04 22:13 - 0738954 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151104.203846.wdl
2015-11-05 18:33 - 2015-11-05 23:58 - 2782098 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151105.173332.wdl
2015-11-07 13:12 - 2015-11-07 22:30 - 8100967 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151107.121210.wdl
2015-11-08 15:52 - 2015-11-08 16:07 - 0511372 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151108.145248.wdl
2015-11-12 20:17 - 2015-11-12 20:22 - 0425865 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151112.191733.wdl
2015-11-23 21:01 - 2015-11-23 23:42 - 2529365 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151123.200117.wdl


PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues. It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#3 jstyle711

jstyle711
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 30 April 2017 - 01:11 PM

I've had issues posting as it would just timeout and wouldn't move to the next page. See below for my addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-04-2017
Ran by jtreez (26-04-2017 22:56:28)
Running from C:\Users\jtreez\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-10-13 01:54:06)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2104928586-2285902241-1069930802-500 - Administrator - Disabled)
Guest (S-1-5-21-2104928586-2285902241-1069930802-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2104928586-2285902241-1069930802-1002 - Limited - Enabled)
jtreez (S-1-5-21-2104928586-2285902241-1069930802-1001 - Administrator - Enabled) => C:\Users\jtreez
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2104928586-2285902241-1069930802-1001\...\uTorrent) (Version: 3.4.9.42973 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Ace Stream Media 3.1.6 (HKU\S-1-5-21-2104928586-2285902241-1069930802-1001\...\AceStream) (Version: 3.1.6 - Ace Stream Media) <==== ATTENTION
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.1 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.2 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS PWR Option (HKLM-x32\...\{B800CE44-D206-475D-A6E2-5B3808E2D60A}) (Version: 1.1.0 - ASUS)
ASUS Secure Delete (HKLM\...\{761C6783-D3BC-48AB-8E7C-61CE918A8436}) (Version: 1.00.0009 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 3.0.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.3 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.9 - ASUS)
ASUS Virtual Touch (HKLM-x32\...\{938CFBD4-0652-49E5-BB8B-153948865941}) (Version: 1.0.9 - ASUS)
ASUS_Scr_ZenbookPrime (HKLM-x32\...\ASUS_Scr_ZenbookPrime) (Version: 1.0.0001 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS)
AX88772B Windows 7 Drivers (HKLM-x32\...\InstallShield_{54A168C9-2250-4058-80EB-1F4A4192548A}) (Version: 1.0.2.0 - ASIX Electronics Corporation)
AX88772B Windows 7 Drivers (x32 Version: 1.0.2.0 - ASIX Electronics Corporation) Hidden
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BMW Standard Tools (HKLM-x32\...\{70994916-61E9-40D2-A30C-89D2C030017F}_is1) (Version: 2.3.0 - BMW Group)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-2104928586-2285902241-1069930802-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
DJI GimbalAssistant version 1.8 (HKLM-x32\...\{1054ABE9-8358-4BA3-A3FF-B83B1E1F1CF2}_is1) (Version: 1.8 - DJI)
ETDWare PS/2-X64 10.5.9.0 (HKLM\...\Elantech) (Version: 10.5.9.0 - ELAN Microelectronic Corp.)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.3.2 - ASUS)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel® Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel® Dynamic Platform & Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.1.1067 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2761 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1024 - Intel Corporation)
Intel® Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® WiDi (HKLM\...\{9C798E99-094E-4289-A6C8-1D5EE63AFFE3}) (Version: 4.2.29.0 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1504.516) (HKLM\...\{302600C1-6BDF-4FD1-1411-148929CC1385}) (Version: 17.1.1411.0506 - Intel Corporation)
Intel® AT Service signup (HKLM-x32\...\{CD49AEDB-FFB4-4A9A-A3C2-E9AF814FE6FE}) (Version: 2.0.0.3 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IsoBuster 3.6 (HKLM-x32\...\IsoBuster_is1) (Version: 3.6 - Smart Projects)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Jawbone Updater (HKLM-x32\...\Jawbone Updater) (Version: 0.1 - Jawbone)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6608 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Spotify (HKU\S-1-5-21-2104928586-2285902241-1069930802-1001\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (01/13/2015 1.0.0.233) (HKLM\...\8335D73177E6D80E7ADC00FED2275758BD28AEFB) (Version: 01/13/2015 1.0.0.233 - ASUS)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/10/2015 2.12.06) (HKLM\...\B85E5F21D69245012A4E4C2DFAF38615FC7CF7AA) (Version: 07/10/2015 2.12.06 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/10/2015 2.12.06) (HKLM\...\71B7FC12B248030B4BBBCA0C57826D74F64DB010) (Version: 07/10/2015 2.12.06 - FTDI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0115D95A-3337-4D1F-97BD-58B6A1737E92} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe 
Task: {09B5B582-9B32-42BA-A157-162D1C0615A5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => %windir%\system32\GWX\GWXUXWorker.exe 
Task: {1F485F27-B0C6-49FE-96BE-C1F8F5448184} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {2ED58DF0-0E43-47EA-84BD-8A204E12F2D4} - System32\Tasks\{EDC5797B-0F02-44BA-BD1C-D21979AAC187} => C:\NFS\BIN\NFS.EXE 
Task: {51175146-61F8-4E9F-84B9-552256FED492} - System32\Tasks\Secure Delete => C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe [2011-11-28] ()
Task: {776BA22D-D2D8-480A-A7F4-EE5828F5E20C} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-01-09] (ASUSTeK Computer Inc.)
Task: {7E30329C-AF61-4ECD-9F10-72D58C38E6EC} - System32\Tasks\ASUS Quick Gesture (x64) => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe [2011-12-21] (ASUSTeK Computer Inc.)
Task: {7F40EDBA-A220-47AA-B772-69A9539DA9CD} - System32\Tasks\{A338CCDF-57C5-4684-BDE9-99FCDEAF6C98} => C:\NFS\BIN\NFS.EXE 
Task: {AB01A90D-C33F-4A63-9825-95354CAF4CA8} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2013-01-11] (ASUSTek Computer Inc.)
Task: {B4ACD769-A02E-451D-BA25-0A3576536622} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {BF1E62FE-EF29-45CD-926F-C45F3CD26391} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-09] (Google Inc.)
Task: {CEA6A6C7-3E8F-47BD-8DA2-D258341B1008} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => %windir%\system32\GWX\GWXConfigManager.exe 
Task: {CEB9114B-5FAD-4A5A-8BFD-DC7955F36711} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-09] (Google Inc.)
Task: {CECEF92C-2894-451F-A741-BEE752512275} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-11-17] (Apple Inc.)
Task: {CF2C9859-6A0C-4F3F-AF48-57016EC0521F} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {D437099C-CC60-4990-B2E1-7CDD7463C840} - System32\Tasks\ASUS Quick Gesture => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe [2011-12-21] (ASUSTeK Computer Inc.)
Task: {E28578E2-602B-46F7-A624-B755A543F188} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {E3B3DC68-B68B-41ED-B12D-F1F4E91BB6B2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => %windir%\system32\GWX\GWXUXWorker.exe 
Task: {E4C7C28C-1959-4E6B-9A4D-BE135E711F98} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-02-29] (ASUSTek Computer Inc.)
Task: {E6752235-85E0-4C50-9C4F-E1CCBEEF97AB} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-03-18] (AsusTek)
Task: {F5A100B6-69ED-4578-BAE4-62106D1B2503} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-15] (ASUS)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\jtreez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Simple EPUB Reader.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ojhbgcchcbdjdenibfmjofobklkkhofc
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-11-17 02:28 - 2016-11-17 02:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 02:28 - 2016-11-17 02:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-04-30 01:10 - 2012-02-19 20:31 - 00018944 _____ () C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
2012-04-30 01:10 - 2012-02-19 20:31 - 00019968 _____ () C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
2015-10-12 18:32 - 2012-02-21 12:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-04-30 01:09 - 2012-04-02 01:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-11-28 09:58 - 2011-11-28 09:58 - 00556976 _____ () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-01-08 11:53 - 2014-01-08 11:53 - 00284912 _____ () C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
2015-10-12 18:32 - 2012-02-21 12:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-01-31 09:25 - 2012-01-31 09:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2012-02-21 14:49 - 2012-02-21 14:49 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2017-04-06 18:41 - 2017-03-28 19:04 - 02187096 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-06 18:41 - 2017-03-28 19:04 - 00086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
2015-11-03 20:24 - 2016-11-24 00:00 - 51776112 _____ () C:\Users\jtreez\AppData\Roaming\Spotify\libcef.dll
2015-11-03 20:24 - 2016-11-24 00:00 - 01803888 _____ () C:\Users\jtreez\AppData\Roaming\Spotify\libglesv2.dll
2015-11-03 20:24 - 2016-11-24 00:00 - 00086128 _____ () C:\Users\jtreez\AppData\Roaming\Spotify\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2104928586-2285902241-1069930802-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jtreez\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{29098258-7842-453E-87C4-25E69CE88983}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0580195F-D246-472B-98B5-EFD0A266C07B}] => (Allow) LPort=2869
FirewallRules: [{6BB415AA-29D5-4393-8556-4A48DCD2038C}] => (Allow) LPort=1900
FirewallRules: [{A08B86E8-FE3D-45C0-A1B7-920D0D2FEC22}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{43E2B766-44B8-4C36-BE8E-4673FB747F0C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{13BF652C-9B70-45F4-8564-8D779CBE1C63}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{F172C136-0D91-43CB-B8DA-803168A90AAD}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{188BBD58-1891-4EB3-884F-F20878FB2BD7}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{044CFFAF-DE49-41FB-837A-277A08A3C23C}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{71A27DED-0AAC-4ABC-824D-655725F014BA}] => (Allow) C:\Users\jtreez\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{477A0490-30C4-439D-9BDA-4BE97465D556}] => (Allow) C:\Users\jtreez\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{00E3A052-E3CC-4985-A24C-11951392BD0A}] => (Allow) C:\Users\jtreez\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{54B1232A-7866-4B0D-88A4-34F328E662AE}] => (Allow) C:\Users\jtreez\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C20B2C0D-50DE-408F-B2EA-CB2600452D4D}] => (Allow) C:\Users\jtreez\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ED1780D7-4131-4CD1-813A-D77340E1ABD1}] => (Allow) C:\Users\jtreez\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5E6D5B6E-8487-46DE-9BCA-2AF5FFF301D8}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [TCP Query User{7A6DF521-2ED5-4313-B348-1EAFA2B65D8A}C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{D05B6EBA-87C0-437D-A8DB-D94A11A4D716}C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [TCP Query User{F75F3BB9-CC8A-40C9-B5BE-AC67EB05B534}C:\users\jtreez\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jtreez\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E418FCBA-1902-4F36-9637-A9D82A155C60}C:\users\jtreez\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jtreez\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{CB95628F-95C1-440F-B49D-A03B8EDA41D7}C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{EBB052C9-0761-4FA9-8F11-F513A4901ECA}C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{8221E564-4189-45F2-A6F9-5A8A4EC3004C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E50F0ABD-E330-4733-AB50-919C56D2BFBB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2C718AB3-1704-4AF2-8F1E-F811F3A7968A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{79221B5C-0CA1-4B6C-8752-76CE30C7A128}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1CA53CFE-CE66-4404-9ADF-2A8E46A3901D}] => (Allow) C:\Users\jtreez\Desktop\printer driver\OJ4500vG510n-z_basic_13_en\setup\hpznui40.exe
FirewallRules: [{5F07CD6C-47D0-42DE-8452-E4C2070793CF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{D6D76DEB-5A42-4B15-A523-BCFE19E38210}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{DA22CFEA-2D58-49E0-8C77-F0D65FC64ED8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{F7C35F41-9091-4613-A6A1-721DF7B5BF30}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{14FA444D-8BAC-4DCB-8FB6-4B4913D0D4A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{3AA29A41-0F4F-413B-87AB-830207D8A62A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{01733027-D4E8-45BF-89C1-98D3830F9C4F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{462CC13B-6A54-4500-AB07-C505B6E4C3D5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{75574CD0-5567-43C3-B4C3-4B10EA396576}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{C448FF37-3853-4612-ACA3-DEF464F3421A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{C4837FB1-C215-49C7-9DF4-503FAA45D86E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{942CBFC1-6FA8-4671-8585-F3B9B1F1F3B5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{DFCB9ABF-D289-4003-85D7-8BD9D92BF354}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{DFD68241-115F-4B8B-A40A-2924A3FA5735}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{C711BF0D-669C-4887-9DB2-CF833FC6834C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3A9FCE42-D223-492C-AD3E-7049C688A94A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{CF88D759-EBEF-4BC7-8228-1B2FAD4C5B45}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{D2C708B3-2ED7-46F9-953E-6B8A917E374C}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{AB75C250-1F43-44BA-9FCA-0F2280B4AA3F}C:\users\jtreez\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jtreez\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A9E15204-0307-4DB5-B31A-A4C8C3CF6E1A}C:\users\jtreez\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jtreez\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4A7DC298-D625-41CF-BEE1-A874085AEC53}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4C229783-133B-4C17-A3DC-3058F2C7E5F1}] => (Allow) C:\Program Files (x86)\Jawbone\JawboneUpdater.exe
FirewallRules: [{94DC0DA2-073C-43EF-8ECD-F480DB8060AD}] => (Allow) C:\Program Files (x86)\Jawbone\JawboneUpdater.exe
FirewallRules: [{3E10EDED-E70D-46CA-A103-72380D016B3F}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{702C4C4D-F71A-4068-8B0E-B0472134EB56}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [TCP Query User{C3CDFF13-589E-407C-8B54-9D199F3257C2}C:\diablo iii\x64\diablo iii64.exe] => (Block) C:\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{5A04D967-466E-4BF9-B57F-11E4ACB76412}C:\diablo iii\x64\diablo iii64.exe] => (Block) C:\diablo iii\x64\diablo iii64.exe
FirewallRules: [TCP Query User{A40C9109-29E3-498A-BE6B-E07E13912734}C:\diablo iii\diablo iii.exe] => (Allow) C:\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{1A3075A4-6353-48BA-9BBB-2398EE2F6B0F}C:\diablo iii\diablo iii.exe] => (Allow) C:\diablo iii\diablo iii.exe
FirewallRules: [{429AA686-5859-4CAE-A0F5-3927D005EAF0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FDA3D118-56E4-42D6-9610-6ECB6EBE0E28}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/26/2017 09:57:35 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: C:\Windows\Installer\1897dc8d.ipi, -2147286788,
 
Error: (04/26/2017 08:57:36 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: C:\Windows\Installer\1860effd.ipi, -2147286788,
 
Error: (04/26/2017 07:57:36 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: C:\Windows\Installer\182a0179.ipi, -2147286788,
 
Error: (04/26/2017 07:36:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WiDiApp.exe, version: 4.2.29.0, time stamp: 0x5359a741
Faulting module name: uoipme.dll_unloaded, version: 0.0.0.0, time stamp: 0x53157192
Exception code: 0xc0000005
Fault offset: 0x000007fef2f63943
Faulting process id: 0x1c0c
Faulting application start time: 0x01d2beff1e4aaa0f
Faulting application path: C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
Faulting module path: uoipme.dll
Report Id: 6011e54a-2af2-11e7-859b-c485081078fd
 
Error: (04/26/2017 07:24:30 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: C:\Windows\Installer\1802af8c.ipi, -2147286788,
 
Error: (04/26/2017 07:15:26 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Click-to-Run 2010 - Update 'Update for Microsoft Filter Pack 2.0 (KB2999508) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (04/26/2017 07:15:26 PM) (Source: MsiInstaller) (EventID: 11324) (User: NT AUTHORITY)
Description: Product: Microsoft Office Click-to-Run 2010 -- Error 1324. The folder path 'TEMP;C:' contains an invalid character.
 
Error: (04/26/2017 07:15:26 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Click-to-Run 2010 - Update 'Update for Microsoft Office 2010 (KB2986257) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (04/26/2017 07:15:26 PM) (Source: MsiInstaller) (EventID: 11324) (User: NT AUTHORITY)
Description: Product: Microsoft Office Click-to-Run 2010 -- Error 1324. The folder path 'TEMP;C:' contains an invalid character.
 
Error: (04/26/2017 07:15:25 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Click-to-Run 2010 - Update 'Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
 
System errors:
=============
Error: (04/26/2017 08:27:14 PM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
 
Error: (04/26/2017 07:19:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.241.345.0).
 
Error: (04/26/2017 07:18:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.241.345.0).
 
Error: (04/26/2017 07:18:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.241.345.0).
 
Error: (04/26/2017 07:16:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Filter Pack 2.0 (KB2999508) 32-Bit Edition.
 
Error: (04/26/2017 07:16:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2010 (KB2986257) 32-Bit Edition.
 
Error: (04/26/2017 07:16:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition.
 
Error: (04/26/2017 07:16:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 4.5.2 for Windows 7 x64-based Systems (KB2901983).
 
Error: (04/26/2017 07:16:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB4017094).
 
Error: (04/26/2017 07:16:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 81%
Total physical RAM: 3981.98 MB
Available physical RAM: 752.54 MB
Total Virtual: 4750.08 MB
Available Virtual: 740.08 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:104.92 GB) (Free:0.51 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 4865C2A8)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,331 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:31 AM

Posted 30 April 2017 - 02:26 PM

jstyle711:

 

Thank you for your "Addition.txt" file.  I will analyze that tomorrow and post back my initial findings, but ...

 

I did ask ...

 

 

 

On first glance, you have a lot of "odd" files that I have not seen before. Only a very few are listed below. Do you know what these files are? I would bet that they are what is "eating" up your hard disk space.

 

 

 

Please see my previous post to you.  I would really appreciate it if you would answer that question as soon as possible.  If you know what those files are, then perhaps all is good.  If you don't know what those files are, then we NEED to investigate!

 

I hope that you will have an opportunity to reply to my question before I have completed my analysis of your "Addition.txt" file tomorrow, so that I have the "full picture" before I post back with my initial findings.

 

Thank you and have a great day.

 

Regards,

-Phil

 


Member of the Unified Network of Instructors and Trusted Eliminators


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,331 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:31 AM

Posted 01 May 2017 - 12:34 PM

jstyle711:

Thank you for your patience while I analyzed your FRST logs. I am still waiting to learn if you recognize any of the files that I cited in my first post to you, here.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: In going over your logs I noticed that you have µTorrent installed. Please consider the following advice to reduce the possibility of being infected when surfing the web.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

.


:step2: Please uninstall Ace Stream Media 3.1.6. This is a PUP. Please see this link for further information. Please uninstall the program via the Control Panel, Add/Remove Programs. If you decide that you do want to keep it, you can reinstall it after we are done. If it was my computer, it would be GONE FOR GOOD! :smash:

.


:step3: Please run a FRST "Fix" for me.

Copy and paste the text in the code box below into Notepad and save the file as fixlist.txt to your Downloads folder.

NOTE: This fix will remove the AceStream PUP from your computer. If you want to keep it, please remove all lines in the FRST "fixlist.txt" script that reference that PUP. If you are not comfortable doing that, let me and I will provide you with a revised "fixlist.txt" script.

NOTE: It is important that both files, FRST64.exe and fixlist.txt are both in the same folder or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2104928586-2285902241-1069930802-1001\...\Run: [AceStream] => C:\Users\jtreez\AppData\Roaming\ACEStream\engine\ace_engine.exe
C:\Users\jtreez\AppData\Roaming\ACEStream
Startup: C:\Users\jtreez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Jawbone Updater.lnk [2017-01-24]
ShortcutTarget: Launch Jawbone Updater.lnk -> C:\Program Files (x86)\Jawbone\LaunchJU.exe (No File)
SearchScopes: HKU\S-1-5-21-2104928586-2285902241-1069930802-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2104928586-2285902241-1069930802-1001 -> {F0699874-9A7B-40E0-B1A7-76D2862A65D3} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
FF HKU\S-1-5-21-2104928586-2285902241-1069930802-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\jtreez\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Stream Web Extension) - C:\Users\jtreez\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2015-12-18]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin HKU\S-1-5-21-2104928586-2285902241-1069930802-1001: @acestream.net/acestreamplugin,version=3.1.6 -> C:\Users\jtreez\AppData\Roaming\ACEStream\player\npace_plugin.dll [2015-08-06] (Innovative Digital Technologies)
File: C:\cab_5296_2
File: C:\cab_1276_12
2017-03-30 18:21 - 2015-10-27 20:57 - 00000000 ____D C:\Users\jtreez\AppData\Roaming\.ACEStream
File: C:\Users\jtreez\AppData\Local\WiDiLog.20151012.193842.txt
File: C:\Users\jtreez\AppData\Local\WiDiLog.20151012.195426.wdl
CMD: type C:\Users\jtreez\AppData\Local\WiDiLog.20151012.200534.txt
FirewallRules: [TCP Query User{7A6DF521-2ED5-4313-B348-1EAFA2B65D8A}C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{D05B6EBA-87C0-437D-A8DB-D94A11A4D716}C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [TCP Query User{CB95628F-95C1-440F-B49D-A03B8EDA41D7}C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{EBB052C9-0761-4FA9-8F11-F513A4901ECA}C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe
EmptyTemp:
  • Right click FRST64.exe, and select "Run as Administrator".
  • Then press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log in your Downloads folder (Fixlog.txt). Please copy and paste the contents into your reply.

.


Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#6 jstyle711

jstyle711
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 01 May 2017 - 08:12 PM

Thanks for your help. While we're at it, I'm also having issues with my system going through a systems update loop. During boot up, it will state that its configuring systems update and it will error out and restart only to try and install updates once again. This loops happens several times and can cause my bootup (SSD) to range anywhere from 2 mins to 10 mins. Let me know if you're able to address this as well.

 

See below for the fixlog data:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-05-2017
Ran by jtreez (01-05-2017 17:46:34) Run:1
Running from C:\Users\jtreez\Downloads
Loaded Profiles: jtreez (Available Profiles: jtreez)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2104928586-2285902241-1069930802-1001\...\Run: [AceStream] => C:\Users\jtreez\AppData\Roaming\ACEStream\engine\ace_engine.exe
C:\Users\jtreez\AppData\Roaming\ACEStream
Startup: C:\Users\jtreez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Jawbone Updater.lnk [2017-01-24]
ShortcutTarget: Launch Jawbone Updater.lnk -> C:\Program Files (x86)\Jawbone\LaunchJU.exe (No File)
SearchScopes: HKU\S-1-5-21-2104928586-2285902241-1069930802-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2104928586-2285902241-1069930802-1001 -> {F0699874-9A7B-40E0-B1A7-76D2862A65D3} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
FF HKU\S-1-5-21-2104928586-2285902241-1069930802-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\jtreez\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Stream Web Extension) - C:\Users\jtreez\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2015-12-18]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin HKU\S-1-5-21-2104928586-2285902241-1069930802-1001: @acestream.net/acestreamplugin,version=3.1.6 -> C:\Users\jtreez\AppData\Roaming\ACEStream\player\npace_plugin.dll [2015-08-06] (Innovative Digital Technologies)
File: C:\cab_5296_2
File: C:\cab_1276_12
2017-03-30 18:21 - 2015-10-27 20:57 - 00000000 ____D C:\Users\jtreez\AppData\Roaming\.ACEStream
File: C:\Users\jtreez\AppData\Local\WiDiLog.20151012.193842.txt
File: C:\Users\jtreez\AppData\Local\WiDiLog.20151012.195426.wdl
CMD: type C:\Users\jtreez\AppData\Local\WiDiLog.20151012.200534.txt
FirewallRules: [TCP Query User{7A6DF521-2ED5-4313-B348-1EAFA2B65D8A}C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{D05B6EBA-87C0-437D-A8DB-D94A11A4D716}C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [TCP Query User{CB95628F-95C1-440F-B49D-A03B8EDA41D7}C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{EBB052C9-0761-4FA9-8F11-F513A4901ECA}C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe
EmptyTemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2104928586-2285902241-1069930802-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AceStream => value not found.
C:\Users\jtreez\AppData\Roaming\ACEStream => moved successfully
C:\Users\jtreez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Jawbone Updater.lnk => moved successfully
C:\Program Files (x86)\Jawbone\LaunchJU.exe => not found.
HKU\S-1-5-21-2104928586-2285902241-1069930802-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-2104928586-2285902241-1069930802-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F0699874-9A7B-40E0-B1A7-76D2862A65D3} => key removed successfully
HKCR\CLSID\{F0699874-9A7B-40E0-B1A7-76D2862A65D3} => key not found. 
HKU\S-1-5-21-2104928586-2285902241-1069930802-1001\Software\Mozilla\Firefox\Extensions\\acewebextension_unlisted@acestream.org => value not found.
C:\Users\jtreez\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer => key removed successfully
HKU\S-1-5-21-2104928586-2285902241-1069930802-1001\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.6 => key not found. 
C:\Users\jtreez\AppData\Roaming\ACEStream\player\npace_plugin.dll => not found.
 
========================= File: C:\cab_5296_2 ========================
 
File not signed
MD5: 
Creation and modification date: 2017-04-25 21:35 - 2017-04-25 21:39
Size: 114633361
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
========================= File: C:\cab_1276_12 ========================
 
File not signed
MD5: 0409599E17FF19DC985EF7ED76CCE968
Creation and modification date: 2017-04-22 03:19 - 2017-04-22 03:20
Size: 32964087
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
C:\Users\jtreez\AppData\Roaming\.ACEStream => moved successfully
 
========================= File: C:\Users\jtreez\AppData\Local\WiDiLog.20151012.193842.txt ========================
 
File not signed
MD5: 9FB06134699B5CCF7A57600F69CDA004
Creation and modification date: 2015-10-12 19:38 - 2015-10-12 19:45
Size: 0015580
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
========================= File: C:\Users\jtreez\AppData\Local\WiDiLog.20151012.195426.wdl ========================
 
File not signed
MD5: 555465F9C9A556FFFAEAD4AD0537CB11
Creation and modification date: 2015-10-12 19:54 - 2015-10-12 19:55
Size: 0055100
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
========= type C:\Users\jtreez\AppData\Local\WiDiLog.20151012.200534.txt =========
 
=====================================================
Log set to file on 12.10.2015, at 20:05:34:307
Executable: C:\Users\jtreez\AppData\Local\Temp\sef1BE9.tmp\WiDiBootLoader.exe
Compile time : Apr 19 2012 17:39:25
ProcessID: 0x19a4
WiDi Build Version # 3.1.29.0
=====================================================
ClientProcessor: failed to cancel synchIO - retCode = 0x490
<<[LogServer: Stop]
LogServer: stopping the logsvr
 
========= End of CMD: =========
 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7A6DF521-2ED5-4313-B348-1EAFA2B65D8A}C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D05B6EBA-87C0-437D-A8DB-D94A11A4D716}C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CB95628F-95C1-440F-B49D-A03B8EDA41D7}C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EBB052C9-0761-4FA9-8F11-F513A4901ECA}C:\users\jtreez\appdata\roaming\acestream\engine\ace_engine.exe => value removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34429265 B
Java, Flash, Steam htmlcache => 1347 B
Windows/system/drivers => 216164825 B
Edge => 0 B
Chrome => 231865832 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558852 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 0 B
jtreez => 315510445 B
 
RecycleBin => 11193 B
EmptyTemp: => 824.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:48:15 ====


#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,331 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:31 AM

Posted 02 May 2017 - 06:21 AM

jstyle711:
 
Thank you for the fixlog.txt.  That looks good.
 
I think that your Windows update issue is related to the lack of free space on the OS drive.  Windows requires normally around ten to fifteen percent free space on the OS drive to function properly.
 
I am still awaiting information as to whether you know what these files are?  They are consuming your hard disk space.  I am not familiar with them; or, what program creates them. 
 
 

2017-04-25 21:35 - 2017-04-25 21:39 - 114633361 _____ C:\cab_5296_2
2017-04-25 21:35 - 2017-04-25 21:35 - 00000000 _____ C:\cab_5296_6
2017-04-25 21:35 - 2017-04-25 21:35 - 00000000 _____ C:\cab_5296_5
2017-04-25 21:35 - 2017-04-25 21:35 - 00000000 _____ C:\cab_5296_4
2017-04-25 21:35 - 2017-04-25 21:35 - 00000000 _____ C:\cab_5296_3
2017-04-25 21:30 - 2017-04-25 21:34 - 114633361 _____ C:\cab_5188_2
2017-04-25 21:30 - 2017-04-25 21:30 - 00000000 _____ C:\cab_5188_6
2017-04-25 21:30 - 2017-04-25 21:30 - 00000000 _____ C:\cab_5188_5
2017-04-25 21:30 - 2017-04-25 21:30 - 00000000 _____ C:\cab_5188_4
2017-04-25 21:30 - 2017-04-25 21:30 - 00000000 _____ C:\cab_5188_3
2017-04-22 03:21 - 2017-04-22 03:23 - 114633361 _____ C:\cab_1156_7
2017-04-22 03:21 - 2017-04-22 03:21 - 00000000 _____ C:\cab_1156_9
2017-04-22 03:21 - 2017-04-22 03:21 - 00000000 _____ C:\cab_1156_8
2017-04-22 03:21 - 2017-04-22 03:21 - 00000000 _____ C:\cab_1156_11
2017-04-22 03:21 - 2017-04-22 03:21 - 00000000 _____ C:\cab_1156_10
2017-04-22 03:19 - 2017-04-22 03:20 - 32964087 _____ C:\cab_1276_12
2017-04-22 03:19 - 2017-04-22 03:19 - 00000000 _____ C:\cab_1276_16
2017-04-22 03:19 - 2017-04-22 03:19 - 00000000 _____ C:\cab_1276_15
2017-04-22 03:19 - 2017-04-22 03:19 - 00000000 _____ C:\cab_1276_14
2017-04-22 03:19 - 2017-04-22 03:19 - 00000000 _____ C:\cab_1276_13
-----
2015-10-23 17:10 - 2015-10-23 18:25 - 1961378 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151023.171020.wdl
2015-10-23 18:25 - 2015-10-23 18:27 - 0352626 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151023.182550.wdl
2015-10-24 14:21 - 2015-10-25 11:18 - 9185557 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151024.142134.wdl
2015-10-31 12:22 - 2015-10-31 12:58 - 0965867 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151031.122227.wdl
2015-10-31 13:09 - 2015-10-31 15:05 - 2002130 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151031.130932.wdl
2015-11-01 20:43 - 2015-11-01 23:46 - 2648162 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151101.194317.wdl
2015-11-04 21:38 - 2015-11-04 22:13 - 0738954 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151104.203846.wdl
2015-11-05 18:33 - 2015-11-05 23:58 - 2782098 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151105.173332.wdl
2015-11-07 13:12 - 2015-11-07 22:30 - 8100967 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151107.121210.wdl
2015-11-08 15:52 - 2015-11-08 16:07 - 0511372 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151108.145248.wdl
2015-11-12 20:17 - 2015-11-12 20:22 - 0425865 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151112.191733.wdl
2015-11-23 21:01 - 2015-11-23 23:42 - 2529365 _____ () C:\Users\jtreez\AppData\Local\WiDiLog.20151123.200117.wdl

 
If you don't know what they are, then I would suggest that you image (backup) all partitions on your Drive 0 and we can attempt trying to delete them.  I am wondering if they might be related to some of the P2P activity that you seem to be involved in.  Could they be download files?  See this link for information on .wdl files.
 
I checked one of those files.  It made reference to this executable: WiDiBootLoader.exe.  I am guessing that your gaming might be creating log files and downloading those cab files to your computer.
 
Please let me know.  We need to stop whatever it is that is consuming your hard disk space.
 
Let's run a couple of other scans to see if anything turns up.
 
.
 
 
:step1: ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected.

Don't forget to re-enable your antivirus when finished!

.


:step2: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-1878.1878-3.4.5.2467.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.


Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,331 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:31 AM

Posted 02 May 2017 - 02:01 PM

jstyle711:

I have done some more research and also consulted with one of the very senior and knowledgeable instructors here about your issues.

.

:step1: Please run a FRST "Fix" for me.

IMPORTANT: Before running this "fixlist.txt" script, please image (backup) all partitions on your primary hard drive (Drive 0). I am going to delete those "cab" files and .wdl/.txt files on your computer. FRST is supposed to "quarantine" them, but one can never be too careful!

I was made aware of one article describing how Windows can generate such "cab" files, when it malfunctions. You can consult this link for more information.

 

.

Copy and paste the text in the code box below into Notepad and save the file as fixlist.txt to the Desktop.

NOTE: It is important that both files, FRST64.exe and fixlist.txt are both in the same folder or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

CMD delete C:\Users\jtreez\AppData\Local\WiDiLog*.wdl /F /Q
CMD delete C:\Users\jtreez\AppData\Local\WiDiLog*.txt /F /Q
CreateRestorePoint:
Folder: C:\TEMP
File: C:\NFS\BIN\NFS.EXE
Folder: C:\Windows\Logs\CBS
CMD: delete C:\cab_????_? /F /Q
CMD: delete C:\cab_????_?? /F /Q
  • Right click FRST64.exe, and select "Run as Administrator".
  • Then press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop (Fixlog.txt). Please copy and paste the contents into your reply.

.


This "fixlist.txt" script should free up considerable space on your hard drive, but the question is for how long? If your computer is a "victim" of that "bug" described in the link that I referenced above, your free space will rapidly diminish again. If your drive starts to refill with such files, then at least we have an indicator as to what is going on.

Please do not use your P2P software until I give you the "All Clear". Part of the FRST "fixlist.txt" will check your CBS folder to see what is in there as I am trying to determine if what is causing these "cab" files to be generated is the same cause/bug described in the link I reference above.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#9 jstyle711

jstyle711
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 03 May 2017 - 11:18 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-05-2017 01
Ran by jtreez (03-05-2017 21:17:25) Run:2
Running from C:\Users\jtreez\Downloads
Loaded Profiles: jtreez (Available Profiles: jtreez)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD delete C:\Users\jtreez\AppData\Local\WiDiLog*.wdl /F /Q
CMD delete C:\Users\jtreez\AppData\Local\WiDiLog*.txt /F /Q
CreateRestorePoint:
Folder: C:\TEMP
File: C:\NFS\BIN\NFS.EXE
Folder: C:\Windows\Logs\CBS
CMD: delete C:\cab_????_? /F /Q
CMD: delete C:\cab_????_?? /F /Q
*****************
 
CMD delete C:\Users\jtreez\AppData\Local\WiDiLog*.wdl /F /Q => Error: No automatic fix found for this entry.
CMD delete C:\Users\jtreez\AppData\Local\WiDiLog*.txt /F /Q => Error: No automatic fix found for this entry.
Restore point was successfully created.
 
========================= Folder: C:\TEMP ========================
 
2017-04-03 23:37 - 2017-04-03 23:37 - 0000232 _____ () C:\TEMP\MSI1060c.LOG
2017-04-27 21:43 - 2017-04-27 21:43 - 0000524 _____ () C:\TEMP\MSI1133d.LOG
2017-04-08 17:12 - 2017-04-08 17:12 - 0000232 _____ () C:\TEMP\MSI1149d.LOG
2017-04-09 22:48 - 2017-04-09 22:48 - 0000520 _____ () C:\TEMP\MSI11d0f.LOG
2017-04-16 16:15 - 2017-04-16 16:15 - 0000522 _____ () C:\TEMP\MSI124a7.LOG
2017-04-04 19:48 - 2017-04-04 19:48 - 0000518 _____ () C:\TEMP\MSI1319c.LOG
2017-04-03 23:37 - 2017-04-03 23:37 - 0000232 _____ () C:\TEMP\MSI14b93.LOG
2017-04-03 23:37 - 2017-04-03 23:37 - 0000232 _____ () C:\TEMP\MSI14d96.LOG
2017-04-03 23:37 - 2017-04-03 23:37 - 0000232 _____ () C:\TEMP\MSI14efd.LOG
2017-04-08 17:13 - 2017-04-08 17:13 - 0000232 _____ () C:\TEMP\MSI15026.LOG
2017-04-14 14:57 - 2017-04-14 14:57 - 0000522 _____ () C:\TEMP\MSI16ef.LOG
2017-04-25 21:57 - 2017-04-25 21:57 - 0000524 _____ () C:\TEMP\MSI1828d.LOG
2017-04-03 13:48 - 2017-04-03 13:48 - 0000520 _____ () C:\TEMP\MSI188f6.LOG
2017-03-31 23:48 - 2017-03-31 23:48 - 0000522 _____ () C:\TEMP\MSI19246.LOG
2017-04-22 03:57 - 2017-04-22 03:57 - 0000518 _____ () C:\TEMP\MSI19434.LOG
2017-04-08 17:13 - 2017-04-08 17:13 - 0000232 _____ () C:\TEMP\MSI1a4bb.LOG
2017-04-08 17:13 - 2017-04-08 17:13 - 0000232 _____ () C:\TEMP\MSI1a75a.LOG
2017-04-05 21:48 - 2017-04-05 21:48 - 0000518 _____ () C:\TEMP\MSI1a8ad.LOG
2017-04-08 17:13 - 2017-04-08 17:13 - 0000232 _____ () C:\TEMP\MSI1a92e.LOG
2017-04-06 18:48 - 2017-04-06 18:48 - 0000516 _____ () C:\TEMP\MSI1bc9a.LOG
2017-04-13 22:57 - 2017-04-13 22:57 - 0000522 _____ () C:\TEMP\MSI1c1ae.LOG
2017-04-08 17:48 - 2017-04-08 17:48 - 0000520 _____ () C:\TEMP\MSI1c3d0.LOG
2017-04-02 14:41 - 2017-04-02 14:41 - 0000520 _____ () C:\TEMP\MSI1c9e3.LOG
2017-04-18 21:57 - 2017-04-18 21:57 - 0000520 _____ () C:\TEMP\MSI1d56b.LOG
2017-04-03 12:39 - 2017-04-03 12:39 - 0000520 _____ () C:\TEMP\MSI1eff1.LOG
2017-04-02 14:42 - 2017-04-02 14:42 - 0000232 _____ () C:\TEMP\MSI1fe1c.LOG
2017-04-03 20:48 - 2017-04-03 20:48 - 0000520 _____ () C:\TEMP\MSI1ff55.LOG
2017-04-02 14:42 - 2017-04-02 14:42 - 0000232 _____ () C:\TEMP\MSI20ac9.LOG
2017-05-03 20:43 - 2017-05-03 20:43 - 0000518 _____ () C:\TEMP\MSI21d31.LOG
2017-05-01 20:35 - 2017-05-01 20:35 - 0000518 _____ () C:\TEMP\MSI22232.LOG
2017-04-17 22:57 - 2017-04-17 22:57 - 0000522 _____ () C:\TEMP\MSI22d1e.LOG
2017-04-14 12:57 - 2017-04-14 12:57 - 0000520 _____ () C:\TEMP\MSI244ef.LOG
2017-04-02 14:42 - 2017-04-02 14:42 - 0000232 _____ () C:\TEMP\MSI29108.LOG
2017-04-02 21:48 - 2017-04-02 21:48 - 0000520 _____ () C:\TEMP\MSI29a24.LOG
2017-04-26 19:14 - 2017-04-26 19:14 - 0000524 _____ () C:\TEMP\MSI2b142.LOG
2017-04-14 19:57 - 2017-04-14 19:57 - 0000522 _____ () C:\TEMP\MSI2b593.LOG
2017-04-09 13:48 - 2017-04-09 13:48 - 0000518 _____ () C:\TEMP\MSI2ba8b.LOG
2017-04-22 00:57 - 2017-04-22 00:57 - 0000520 _____ () C:\TEMP\MSI2c9f1.LOG
2017-04-02 14:43 - 2017-04-02 14:43 - 0000232 _____ () C:\TEMP\MSI2daa5.LOG
2017-04-01 01:00 - 2017-04-01 01:00 - 0000230 _____ () C:\TEMP\MSI3067d.LOG
2017-04-01 01:00 - 2017-04-01 01:00 - 0000230 _____ () C:\TEMP\MSI30e3a.LOG
2017-04-16 00:43 - 2017-04-16 00:43 - 0000232 _____ () C:\TEMP\MSI32be.LOG
2017-04-09 20:48 - 2017-04-09 20:48 - 0000520 _____ () C:\TEMP\MSI34016.LOG
2017-04-26 19:15 - 2017-04-26 19:15 - 0000234 _____ () C:\TEMP\MSI3470b.LOG
2017-04-22 03:00 - 2017-04-22 03:00 - 0000232 _____ () C:\TEMP\MSI34856.LOG
2017-04-22 03:00 - 2017-04-22 03:00 - 0000232 _____ () C:\TEMP\MSI349bd.LOG
2017-04-22 03:00 - 2017-04-22 03:00 - 0000232 _____ () C:\TEMP\MSI34ad5.LOG
2017-04-26 19:15 - 2017-04-26 19:15 - 0000234 _____ () C:\TEMP\MSI34b01.LOG
2017-04-22 03:00 - 2017-04-22 03:00 - 0000232 _____ () C:\TEMP\MSI34c4c.LOG
2017-04-26 19:15 - 2017-04-26 19:15 - 0000234 _____ () C:\TEMP\MSI34c87.LOG
2017-04-16 00:43 - 2017-04-16 00:43 - 0000232 _____ () C:\TEMP\MSI34d1.LOG
2017-04-26 19:15 - 2017-04-26 19:15 - 0000234 _____ () C:\TEMP\MSI34e2d.LOG
2017-04-16 00:43 - 2017-04-16 00:43 - 0000232 _____ () C:\TEMP\MSI3628.LOG
2017-04-01 01:00 - 2017-04-01 01:00 - 0000230 _____ () C:\TEMP\MSI362df.LOG
2017-04-26 19:15 - 2017-04-26 19:15 - 0000234 _____ () C:\TEMP\MSI3647a.LOG
2017-04-26 19:15 - 2017-04-26 19:15 - 0000234 _____ () C:\TEMP\MSI36738.LOG
2017-04-15 18:57 - 2017-04-15 18:57 - 0000522 _____ () C:\TEMP\MSI368f4.LOG
2017-04-26 19:15 - 2017-04-26 19:15 - 0000234 _____ () C:\TEMP\MSI3691c.LOG
2017-04-30 11:13 - 2017-04-30 11:13 - 0000524 _____ () C:\TEMP\MSI383b1.LOG
2017-04-02 14:43 - 2017-04-02 14:43 - 0000232 _____ () C:\TEMP\MSI38a16.LOG
2017-04-01 01:00 - 2017-04-01 01:00 - 0000230 _____ () C:\TEMP\MSI38fc8.LOG
2017-04-02 14:43 - 2017-04-02 14:43 - 0000232 _____ () C:\TEMP\MSI38fd0.LOG
2017-04-02 14:43 - 2017-04-02 14:43 - 0000232 _____ () C:\TEMP\MSI39424.LOG
2017-04-09 10:37 - 2017-04-09 10:37 - 0000232 _____ () C:\TEMP\MSI39a2c.LOG
2017-04-09 10:37 - 2017-04-09 10:37 - 0000232 _____ () C:\TEMP\MSI39bf0.LOG
2017-04-20 17:27 - 2017-04-20 17:27 - 0000522 _____ () C:\TEMP\MSI39c0a.LOG
2017-04-22 03:00 - 2017-04-22 03:00 - 0000232 _____ () C:\TEMP\MSI39c3f.LOG
2017-04-09 10:37 - 2017-04-09 10:37 - 0000232 _____ () C:\TEMP\MSI39d47.LOG
2017-04-22 03:00 - 2017-04-22 03:00 - 0000232 _____ () C:\TEMP\MSI39e32.LOG
2017-04-10 21:16 - 2017-04-10 21:16 - 0000234 _____ () C:\TEMP\MSI39e96.LOG
2017-04-09 10:37 - 2017-04-09 10:37 - 0000232 _____ () C:\TEMP\MSI39f2b.LOG
2017-04-22 03:00 - 2017-04-22 03:00 - 0000232 _____ () C:\TEMP\MSI39f99.LOG
2017-05-02 21:43 - 2017-05-02 21:43 - 0000520 _____ () C:\TEMP\MSI39ff2.LOG
2017-03-31 21:48 - 2017-03-31 21:48 - 0000520 _____ () C:\TEMP\MSI3a048.LOG
2017-04-16 20:57 - 2017-04-16 20:57 - 0000522 _____ () C:\TEMP\MSI3a11b.LOG
2017-04-01 23:48 - 2017-04-01 23:48 - 0000520 _____ () C:\TEMP\MSI3a7.LOG
2017-04-10 21:17 - 2017-04-10 21:17 - 0000234 _____ () C:\TEMP\MSI3a71e.LOG
2017-04-20 17:27 - 2017-04-20 17:27 - 0000234 _____ () C:\TEMP\MSI3a83b.LOG
2017-04-15 09:51 - 2017-04-15 09:51 - 0000232 _____ () C:\TEMP\MSI3aa52.LOG
2017-04-13 17:45 - 2017-04-13 17:45 - 0000234 _____ () C:\TEMP\MSI3ae19.LOG
2017-04-13 17:45 - 2017-04-13 17:45 - 0000234 _____ () C:\TEMP\MSI3af9f.LOG
2017-04-13 17:45 - 2017-04-13 17:45 - 0000234 _____ () C:\TEMP\MSI3b115.LOG
2017-04-13 17:45 - 2017-04-13 17:45 - 0000234 _____ () C:\TEMP\MSI3b309.LOG
2017-04-15 09:51 - 2017-04-15 09:51 - 0000232 _____ () C:\TEMP\MSI3b78b.LOG
2017-04-20 17:27 - 2017-04-20 17:27 - 0000234 _____ () C:\TEMP\MSI3bb5d.LOG
2017-04-15 09:51 - 2017-04-15 09:51 - 0000232 _____ () C:\TEMP\MSI3bc0d.LOG
2017-04-10 21:17 - 2017-04-10 21:17 - 0000522 _____ () C:\TEMP\MSI3beb3.LOG
2017-04-01 12:48 - 2017-04-01 12:48 - 0000518 _____ () C:\TEMP\MSI3cf24.LOG
2017-04-15 09:51 - 2017-04-15 09:51 - 0000232 _____ () C:\TEMP\MSI3d364.LOG
2017-04-01 01:01 - 2017-04-01 01:01 - 0000230 _____ () C:\TEMP\MSI3d4c4.LOG
2017-04-05 00:48 - 2017-04-05 00:48 - 0000518 _____ () C:\TEMP\MSI3d677.LOG
2017-04-01 01:01 - 2017-04-01 01:01 - 0000230 _____ () C:\TEMP\MSI3d6c6.LOG
2017-04-01 01:01 - 2017-04-01 01:01 - 0000230 _____ () C:\TEMP\MSI3d83d.LOG
2017-04-09 10:37 - 2017-04-09 10:37 - 0000232 _____ () C:\TEMP\MSI3ea6d.LOG
2017-04-09 10:37 - 2017-04-09 10:37 - 0000232 _____ () C:\TEMP\MSI3ec8f.LOG
2017-04-09 10:37 - 2017-04-09 10:37 - 0000232 _____ () C:\TEMP\MSI3edf6.LOG
2017-04-13 20:57 - 2017-04-13 20:57 - 0000520 _____ () C:\TEMP\MSI3fbaf.LOG
2017-04-13 17:45 - 2017-04-13 17:45 - 0000234 _____ () C:\TEMP\MSI400da.LOG
2017-04-13 17:45 - 2017-04-13 17:45 - 0000234 _____ () C:\TEMP\MSI4030c.LOG
2017-04-13 17:45 - 2017-04-13 17:45 - 0000234 _____ () C:\TEMP\MSI40492.LOG
2017-04-27 21:11 - 2017-04-27 21:11 - 0000524 _____ () C:\TEMP\MSI40577.LOG
2017-04-18 19:57 - 2017-04-18 19:57 - 0000520 _____ () C:\TEMP\MSI4082c.LOG
2017-04-25 21:07 - 2017-04-25 21:07 - 0000524 _____ () C:\TEMP\MSI41910.LOG
2017-04-10 21:17 - 2017-04-10 21:17 - 0000234 _____ () C:\TEMP\MSI41a4a.LOG
2017-04-03 18:48 - 2017-04-03 18:48 - 0000520 _____ () C:\TEMP\MSI42615.LOG
2017-04-20 20:57 - 2017-04-20 20:57 - 0000522 _____ () C:\TEMP\MSI43071.LOG
2017-04-10 21:17 - 2017-04-10 21:17 - 0000234 _____ () C:\TEMP\MSI45621.LOG
2017-04-17 20:57 - 2017-04-17 20:57 - 0000520 _____ () C:\TEMP\MSI45718.LOG
2017-04-14 10:57 - 2017-04-14 10:57 - 0000520 _____ () C:\TEMP\MSI45744.LOG
2017-03-30 22:48 - 2017-03-30 22:48 - 0000522 _____ () C:\TEMP\MSI45a79.LOG
2017-04-08 22:48 - 2017-04-08 22:48 - 0000520 _____ () C:\TEMP\MSI469a5.LOG
2017-04-03 22:48 - 2017-04-03 22:48 - 0000518 _____ () C:\TEMP\MSI48b21.LOG
2017-04-10 21:18 - 2017-04-10 21:18 - 0000234 _____ () C:\TEMP\MSI4ade2.LOG
2017-04-10 21:18 - 2017-04-10 21:18 - 0000234 _____ () C:\TEMP\MSI4b042.LOG
2017-04-10 21:18 - 2017-04-10 21:18 - 0000234 _____ () C:\TEMP\MSI4b216.LOG
2017-04-15 09:52 - 2017-04-15 09:52 - 0000232 _____ () C:\TEMP\MSI4c38c.LOG
2017-04-15 09:52 - 2017-04-15 09:52 - 0000232 _____ () C:\TEMP\MSI4c5dd.LOG
2017-04-02 19:48 - 2017-04-02 19:48 - 0000520 _____ () C:\TEMP\MSI4c881.LOG
2017-04-15 09:52 - 2017-04-15 09:52 - 0000232 _____ () C:\TEMP\MSI4c995.LOG
2017-04-01 23:36 - 2017-04-01 23:36 - 0000520 _____ () C:\TEMP\MSI4d622.LOG
2017-04-14 17:57 - 2017-04-14 17:57 - 0000522 _____ () C:\TEMP\MSI4d8bb.LOG
2017-04-20 17:28 - 2017-04-20 17:28 - 0000234 _____ () C:\TEMP\MSI4db8a.LOG
2017-04-20 17:28 - 2017-04-20 17:28 - 0000234 _____ () C:\TEMP\MSI4de38.LOG
2017-04-20 17:28 - 2017-04-20 17:28 - 0000234 _____ () C:\TEMP\MSI4e00c.LOG
2017-04-21 22:57 - 2017-04-21 22:57 - 0000522 _____ () C:\TEMP\MSI4ed66.LOG
2017-04-09 11:48 - 2017-04-09 11:48 - 0000518 _____ () C:\TEMP\MSI4f8a1.LOG
2017-04-15 15:12 - 2017-04-15 15:12 - 0000520 _____ () C:\TEMP\MSI4f9aa.LOG
2017-04-07 23:48 - 2017-04-07 23:48 - 0000518 _____ () C:\TEMP\MSI50406.LOG
2017-04-21 22:52 - 2017-04-21 22:52 - 0000522 _____ () C:\TEMP\MSI509b.LOG
2017-04-07 18:28 - 2017-04-07 18:28 - 0000520 _____ () C:\TEMP\MSI54045.LOG
2017-04-09 18:48 - 2017-04-09 18:48 - 0000520 _____ () C:\TEMP\MSI5630f.LOG
2017-04-15 00:57 - 2017-04-15 00:57 - 0000520 _____ () C:\TEMP\MSI56393.LOG
2017-04-15 22:12 - 2017-04-15 22:12 - 0000522 _____ () C:\TEMP\MSI570c4.LOG
2017-04-15 13:57 - 2017-04-15 13:57 - 0000520 _____ () C:\TEMP\MSI575a0.LOG
2017-04-15 16:57 - 2017-04-15 16:57 - 0000520 _____ () C:\TEMP\MSI5876a.LOG
2017-05-02 19:43 - 2017-05-02 19:43 - 0000520 _____ () C:\TEMP\MSI5bf32.LOG
2017-04-16 18:57 - 2017-04-16 18:57 - 0000522 _____ () C:\TEMP\MSI5c8c5.LOG
2017-03-31 19:48 - 2017-03-31 19:48 - 0000520 _____ () C:\TEMP\MSI5d7ca.LOG
2017-04-01 10:48 - 2017-04-01 10:48 - 0000518 _____ () C:\TEMP\MSI5dc0d.LOG
2017-04-07 20:48 - 2017-04-07 20:48 - 0000520 _____ () C:\TEMP\MSI5eda6.LOG
2017-04-04 22:48 - 2017-04-04 22:48 - 0000518 _____ () C:\TEMP\MSI5f589.LOG
2017-04-13 18:57 - 2017-04-13 18:57 - 0000520 _____ () C:\TEMP\MSI607ce.LOG
2017-04-15 23:57 - 2017-04-15 23:57 - 0000522 _____ () C:\TEMP\MSI62620.LOG
2017-04-27 18:36 - 2017-04-27 18:36 - 0000524 _____ () C:\TEMP\MSI64abe.LOG
2017-04-03 16:48 - 2017-04-03 16:48 - 0000520 _____ () C:\TEMP\MSI6500f.LOG
2017-04-20 18:57 - 2017-04-20 18:57 - 0000522 _____ () C:\TEMP\MSI65684.LOG
2017-03-30 20:48 - 2017-03-30 20:48 - 0000522 _____ () C:\TEMP\MSI67038.LOG
2017-04-17 18:57 - 2017-04-17 18:57 - 0000520 _____ () C:\TEMP\MSI6781d.LOG
2017-04-06 21:48 - 2017-04-06 21:48 - 0000518 _____ () C:\TEMP\MSI6829a.LOG
2017-04-03 21:48 - 2017-04-03 21:48 - 0000518 _____ () C:\TEMP\MSI686cc.LOG
2017-04-08 20:48 - 2017-04-08 20:48 - 0000520 _____ () C:\TEMP\MSI69998.LOG
2017-04-08 17:12 - 2017-04-08 17:12 - 0000520 _____ () C:\TEMP\MSI6a3b.LOG
2017-04-13 17:48 - 2017-04-13 17:48 - 0000518 _____ () C:\TEMP\MSI6ca9e.LOG
2017-04-02 17:48 - 2017-04-02 17:48 - 0000518 _____ () C:\TEMP\MSI6d451.LOG
2017-04-19 19:57 - 2017-04-19 19:57 - 0000520 _____ () C:\TEMP\MSI6e84e.LOG
2017-04-02 00:48 - 2017-04-02 00:48 - 0000518 _____ () C:\TEMP\MSI6f048.LOG
2017-04-14 15:57 - 2017-04-14 15:57 - 0000522 _____ () C:\TEMP\MSI6fd68.LOG
2017-04-16 09:57 - 2017-04-16 09:57 - 0000518 _____ () C:\TEMP\MSI75a6f.LOG
2017-04-07 22:48 - 2017-04-07 22:48 - 0000514 _____ () C:\TEMP\MSI77be.LOG
2017-04-14 22:57 - 2017-04-14 22:57 - 0000522 _____ () C:\TEMP\MSI7811f.LOG
2017-04-09 16:48 - 2017-04-09 16:48 - 0000520 _____ () C:\TEMP\MSI78701.LOG
2017-04-15 11:57 - 2017-04-15 11:57 - 0000520 _____ () C:\TEMP\MSI791d5.LOG
2017-04-20 21:57 - 2017-04-20 21:57 - 0000518 _____ () C:\TEMP\MSI7a36f.LOG
2017-04-21 22:43 - 2017-04-21 22:43 - 0000234 _____ () C:\TEMP\MSI7d69b.LOG
2017-04-26 21:57 - 2017-04-26 21:57 - 0000524 _____ () C:\TEMP\MSI7dcf7.LOG
2017-04-21 22:43 - 2017-04-21 22:43 - 0000522 _____ () C:\TEMP\MSI7de49.LOG
2017-04-21 22:43 - 2017-04-21 22:43 - 0000234 _____ () C:\TEMP\MSI7e403.LOG
2017-04-16 16:57 - 2017-04-16 16:57 - 0000522 _____ () C:\TEMP\MSI7e99b.LOG
2017-04-21 22:43 - 2017-04-21 22:43 - 0000234 _____ () C:\TEMP\MSI7e9fc.LOG
2017-04-21 22:43 - 2017-04-21 22:43 - 0000234 _____ () C:\TEMP\MSI7f7d1.LOG
2017-04-16 16:05 - 2017-04-16 16:05 - 0000522 _____ () C:\TEMP\MSI800b3.LOG
2017-04-03 23:36 - 2017-04-03 23:36 - 0000232 _____ () C:\TEMP\MSI804a.LOG
2017-04-05 01:10 - 2017-04-05 01:10 - 0000230 _____ () C:\TEMP\MSI80fb0.LOG
2017-04-07 18:48 - 2017-04-07 18:48 - 0000520 _____ () C:\TEMP\MSI8154f.LOG
2017-04-05 01:10 - 2017-04-05 01:10 - 0000230 _____ () C:\TEMP\MSI8176d.LOG
2017-04-04 20:48 - 2017-04-04 20:48 - 0000518 _____ () C:\TEMP\MSI8209c.LOG
2017-04-02 14:48 - 2017-04-02 14:48 - 0000520 _____ () C:\TEMP\MSI8429b.LOG
2017-04-08 17:12 - 2017-04-08 17:12 - 0000232 _____ () C:\TEMP\MSI8605.LOG
2017-04-05 01:11 - 2017-04-05 01:11 - 0000230 _____ () C:\TEMP\MSI87094.LOG
2017-04-01 00:48 - 2017-04-01 00:48 - 0000518 _____ () C:\TEMP\MSI87517.LOG
2017-04-03 23:36 - 2017-04-03 23:36 - 0000232 _____ () C:\TEMP\MSI877a.LOG
2017-03-31 17:49 - 2017-03-31 17:49 - 0000518 _____ () C:\TEMP\MSI87925.LOG
2017-04-03 14:48 - 2017-04-03 14:48 - 0000520 _____ () C:\TEMP\MSI87de0.LOG
2017-04-22 04:57 - 2017-04-22 04:57 - 0000518 _____ () C:\TEMP\MSI881cd.LOG
2017-03-30 18:48 - 2017-03-30 18:48 - 0000522 _____ () C:\TEMP\MSI895cf.LOG
2017-04-05 22:48 - 2017-04-05 22:48 - 0000518 _____ () C:\TEMP\MSI89cad.LOG
2017-04-05 01:11 - 2017-04-05 01:11 - 0000230 _____ () C:\TEMP\MSI89e29.LOG
2017-04-06 19:48 - 2017-04-06 19:48 - 0000518 _____ () C:\TEMP\MSI8aed6.LOG
2017-04-08 18:48 - 2017-04-08 18:48 - 0000520 _____ () C:\TEMP\MSI8bdc9.LOG
2017-04-03 12:29 - 2017-04-03 12:29 - 0000520 _____ () C:\TEMP\MSI8c2d9.LOG
2017-05-03 18:47 - 2017-05-03 18:47 - 0000520 _____ () C:\TEMP\MSI8db06.LOG
2017-04-21 22:44 - 2017-04-21 22:44 - 0000234 _____ () C:\TEMP\MSI8dbba.LOG
2017-04-21 22:44 - 2017-04-21 22:44 - 0000234 _____ () C:\TEMP\MSI8ddeb.LOG
2017-04-21 22:44 - 2017-04-21 22:44 - 0000234 _____ () C:\TEMP\MSI8df81.LOG
2017-04-05 01:11 - 2017-04-05 01:11 - 0000230 _____ () C:\TEMP\MSI8e508.LOG
2017-04-17 23:04 - 2017-04-17 23:04 - 0000234 _____ () C:\TEMP\MSI8e63f.LOG
2017-04-05 01:11 - 2017-04-05 01:11 - 0000230 _____ () C:\TEMP\MSI8e70b.LOG
2017-04-05 01:11 - 2017-04-05 01:11 - 0000230 _____ () C:\TEMP\MSI8e881.LOG
2017-04-17 23:05 - 2017-04-17 23:05 - 0000234 _____ () C:\TEMP\MSI8f9fe.LOG
2017-04-13 23:40 - 2017-04-13 23:40 - 0000234 _____ () C:\TEMP\MSI8fa3c.LOG
2017-04-17 23:05 - 2017-04-17 23:05 - 0000234 _____ () C:\TEMP\MSI8fb36.LOG
2017-04-10 21:48 - 2017-04-10 21:48 - 0000522 _____ () C:\TEMP\MSI8fd7.LOG
2017-04-02 15:48 - 2017-04-02 15:48 - 0000518 _____ () C:\TEMP\MSI901f4.LOG
2017-04-17 23:05 - 2017-04-17 23:05 - 0000234 _____ () C:\TEMP\MSI90505.LOG
2017-04-03 12:29 - 2017-04-03 12:29 - 0000232 _____ () C:\TEMP\MSI90777.LOG
2017-05-01 20:25 - 2017-05-01 20:25 - 0000518 _____ () C:\TEMP\MSI908f7.LOG
2017-04-03 12:29 - 2017-04-03 12:29 - 0000232 _____ () C:\TEMP\MSI90fa1.LOG
2017-04-19 17:57 - 2017-04-19 17:57 - 0000520 _____ () C:\TEMP\MSI911cb.LOG
2017-04-05 22:49 - 2017-04-05 22:49 - 0000232 _____ () C:\TEMP\MSI917d5.LOG
2017-04-13 23:40 - 2017-04-13 23:40 - 0000234 _____ () C:\TEMP\MSI91809.LOG
2017-04-13 23:40 - 2017-04-13 23:40 - 0000234 _____ () C:\TEMP\MSI91941.LOG
2017-04-05 22:49 - 2017-04-05 22:49 - 0000232 _____ () C:\TEMP\MSI91f73.LOG
2017-04-13 23:40 - 2017-04-13 23:40 - 0000234 _____ () C:\TEMP\MSI922a3.LOG
2017-04-14 13:57 - 2017-04-14 13:57 - 0000520 _____ () C:\TEMP\MSI92c32.LOG
2017-04-14 21:57 - 2017-04-14 21:57 - 0000522 _____ () C:\TEMP\MSI93a4.LOG
2017-03-30 23:29 - 2017-03-30 23:29 - 0000234 _____ () C:\TEMP\MSI95c9c.LOG
2017-03-30 23:29 - 2017-03-30 23:29 - 0000234 _____ () C:\TEMP\MSI95f79.LOG
2017-03-30 23:29 - 2017-03-30 23:29 - 0000234 _____ () C:\TEMP\MSI96092.LOG
2017-03-30 23:29 - 2017-03-30 23:29 - 0000234 _____ () C:\TEMP\MSI961f8.LOG
2017-04-09 10:43 - 2017-04-09 10:43 - 0000516 _____ () C:\TEMP\MSI96344.LOG
2017-04-08 17:21 - 2017-04-08 17:21 - 0000520 _____ () C:\TEMP\MSI96922.LOG
2017-05-01 21:04 - 2017-05-01 21:04 - 0000516 _____ () C:\TEMP\MSI96e3c.LOG
2017-04-14 09:53 - 2017-04-14 09:53 - 0000516 _____ () C:\TEMP\MSI96f45.LOG
2017-04-15 09:57 - 2017-04-15 09:57 - 0000516 _____ () C:\TEMP\MSI96ff1.LOG
2017-05-03 19:58 - 2017-05-03 19:58 - 0000516 _____ () C:\TEMP\MSI97158.LOG
2017-04-01 10:00 - 2017-04-01 10:00 - 0000516 _____ () C:\TEMP\MSI97416.LOG
2017-04-16 09:24 - 2017-04-16 09:24 - 0000516 _____ () C:\TEMP\MSI9754e.LOG
2017-04-05 22:49 - 2017-04-05 22:49 - 0000232 _____ () C:\TEMP\MSI977fe.LOG
2017-04-09 15:48 - 2017-04-09 15:48 - 0000520 _____ () C:\TEMP\MSI9793.LOG
2017-04-19 17:40 - 2017-04-19 17:40 - 0000518 _____ () C:\TEMP\MSI97b66.LOG
2017-04-17 17:16 - 2017-04-17 17:16 - 0000518 _____ () C:\TEMP\MSI97cdc.LOG
2017-04-06 18:39 - 2017-04-06 18:39 - 0000516 _____ () C:\TEMP\MSI9a13e.LOG
2017-04-14 20:57 - 2017-04-14 20:57 - 0000522 _____ () C:\TEMP\MSI9a427.LOG
2017-04-05 22:49 - 2017-04-05 22:49 - 0000232 _____ () C:\TEMP\MSI9a600.LOG
2017-04-09 14:48 - 2017-04-09 14:48 - 0000518 _____ () C:\TEMP\MSI9a90f.LOG
2017-03-30 23:29 - 2017-03-30 23:29 - 0000234 _____ () C:\TEMP\MSI9aa3e.LOG
2017-04-05 21:22 - 2017-04-05 21:22 - 0000516 _____ () C:\TEMP\MSI9ab4c.LOG
2017-04-03 12:30 - 2017-04-03 12:30 - 0000232 _____ () C:\TEMP\MSI9abff.LOG
2017-03-30 23:29 - 2017-03-30 23:29 - 0000234 _____ () C:\TEMP\MSI9ac70.LOG
2017-03-30 23:29 - 2017-03-30 23:29 - 0000234 _____ () C:\TEMP\MSI9ae82.LOG
2017-04-15 10:57 - 2017-04-15 10:57 - 0000520 _____ () C:\TEMP\MSI9b75.LOG
2017-04-22 01:57 - 2017-04-22 01:57 - 0000520 _____ () C:\TEMP\MSI9b94f.LOG
2017-04-17 23:05 - 2017-04-17 23:05 - 0000234 _____ () C:\TEMP\MSI9c113.LOG
2017-04-17 23:05 - 2017-04-17 23:05 - 0000234 _____ () C:\TEMP\MSI9c306.LOG
2017-04-17 23:05 - 2017-04-17 23:05 - 0000234 _____ () C:\TEMP\MSI9c46d.LOG
2017-04-08 17:12 - 2017-04-08 17:12 - 0000232 _____ () C:\TEMP\MSI9d1d.LOG
2017-04-05 22:50 - 2017-04-05 22:50 - 0000232 _____ () C:\TEMP\MSI9eb2a.LOG
2017-04-05 22:50 - 2017-04-05 22:50 - 0000232 _____ () C:\TEMP\MSI9ed2d.LOG
2017-04-05 22:50 - 2017-04-05 22:50 - 0000232 _____ () C:\TEMP\MSI9ee94.LOG
2017-04-13 23:41 - 2017-04-13 23:41 - 0000234 _____ () C:\TEMP\MSI9f0ab.LOG
2017-04-13 23:41 - 2017-04-13 23:41 - 0000234 _____ () C:\TEMP\MSI9f29e.LOG
2017-04-13 23:41 - 2017-04-13 23:41 - 0000234 _____ () C:\TEMP\MSI9f3f5.LOG
2017-04-03 12:30 - 2017-04-03 12:30 - 0000232 _____ () C:\TEMP\MSIa017e.LOG
2017-04-26 19:57 - 2017-04-26 19:57 - 0000524 _____ () C:\TEMP\MSIa0230.LOG
2017-04-04 18:30 - 2017-04-04 18:30 - 0000516 _____ () C:\TEMP\MSIa0c9d.LOG
2017-04-09 21:48 - 2017-04-09 21:48 - 0000520 _____ () C:\TEMP\MSIa2eba.LOG
2017-04-15 19:57 - 2017-04-15 19:57 - 0000522 _____ () C:\TEMP\MSIa5556.LOG
2017-04-04 18:48 - 2017-04-04 18:48 - 0000518 _____ () C:\TEMP\MSIa5a6f.LOG
2017-03-31 22:48 - 2017-03-31 22:48 - 0000522 _____ () C:\TEMP\MSIa8ead.LOG
2017-04-16 21:57 - 2017-04-16 21:57 - 0000522 _____ () C:\TEMP\MSIa9589.LOG
2017-04-03 12:48 - 2017-04-03 12:48 - 0000520 _____ () C:\TEMP\MSIaa368.LOG
2017-03-31 17:51 - 2017-03-31 17:51 - 0000518 _____ () C:\TEMP\MSIaa756.LOG
2017-04-30 11:03 - 2017-04-30 11:03 - 0000524 _____ () C:\TEMP\MSIaaa91.LOG
2017-04-22 02:57 - 2017-04-22 02:57 - 0000520 _____ () C:\TEMP\MSIaac0.LOG
2017-04-18 18:20 - 2017-04-18 18:20 - 0000518 _____ () C:\TEMP\MSIaac16.LOG
2017-04-03 12:31 - 2017-04-03 12:31 - 0000232 _____ () C:\TEMP\MSIac375.LOG
2017-04-03 12:31 - 2017-04-03 12:31 - 0000232 _____ () C:\TEMP\MSIac836.LOG
2017-04-01 13:48 - 2017-04-01 13:48 - 0000518 _____ () C:\TEMP\MSIaca54.LOG
2017-04-03 12:31 - 2017-04-03 12:31 - 0000232 _____ () C:\TEMP\MSIacaf4.LOG
2017-04-02 14:51 - 2017-04-02 14:51 - 0000520 _____ () C:\TEMP\MSIad72c.LOG
2017-04-25 20:57 - 2017-04-25 20:57 - 0000234 _____ () C:\TEMP\MSIae737.LOG
2017-04-13 21:57 - 2017-04-13 21:57 - 0000520 _____ () C:\TEMP\MSIaf7ca.LOG
2017-04-18 20:57 - 2017-04-18 20:57 - 0000520 _____ () C:\TEMP\MSIafa0a.LOG
2017-04-27 21:01 - 2017-04-27 21:01 - 0000524 _____ () C:\TEMP\MSIb002a.LOG
2017-04-30 11:04 - 2017-04-30 11:04 - 0000234 _____ () C:\TEMP\MSIb148a.LOG
2017-04-30 11:04 - 2017-04-30 11:04 - 0000234 _____ () C:\TEMP\MSIb169c.LOG
2017-04-30 11:04 - 2017-04-30 11:04 - 0000234 _____ () C:\TEMP\MSIb1890.LOG
2017-04-03 19:48 - 2017-04-03 19:48 - 0000520 _____ () C:\TEMP\MSIb1ae0.LOG
2017-04-30 11:04 - 2017-04-30 11:04 - 0000234 _____ () C:\TEMP\MSIb1b5d.LOG
2017-04-25 20:58 - 2017-04-25 20:58 - 0000524 _____ () C:\TEMP\MSIb3882.LOG
2017-04-17 21:57 - 2017-04-17 21:57 - 0000522 _____ () C:\TEMP\MSIb3e7b.LOG
2017-04-14 11:57 - 2017-04-14 11:57 - 0000520 _____ () C:\TEMP\MSIb5043.LOG
2017-04-08 23:48 - 2017-04-08 23:48 - 0000520 _____ () C:\TEMP\MSIb6340.LOG
2017-04-25 20:58 - 2017-04-25 20:58 - 0000234 _____ () C:\TEMP\MSIb677d.LOG
2017-04-25 20:58 - 2017-04-25 20:58 - 0000234 _____ () C:\TEMP\MSIb6961.LOG
2017-04-25 20:58 - 2017-04-25 20:58 - 0000234 _____ () C:\TEMP\MSIb7f03.LOG
2017-05-01 17:39 - 2017-05-01 17:39 - 0000522 _____ () C:\TEMP\MSIb8327.LOG
2017-04-16 22:16 - 2017-04-16 22:16 - 0000234 _____ () C:\TEMP\MSIb9bfe.LOG
2017-04-16 22:16 - 2017-04-16 22:16 - 0000234 _____ () C:\TEMP\MSIba40a.LOG
2017-04-02 20:48 - 2017-04-02 20:48 - 0000520 _____ () C:\TEMP\MSIba45f.LOG
2017-04-16 22:16 - 2017-04-16 22:16 - 0000234 _____ () C:\TEMP\MSIba532.LOG
2017-04-30 11:04 - 2017-04-30 11:04 - 0000234 _____ () C:\TEMP\MSIba7a5.LOG
2017-04-16 22:16 - 2017-04-16 22:16 - 0000234 _____ () C:\TEMP\MSIbb1b0.LOG
2017-04-26 19:24 - 2017-04-26 19:24 - 0000524 _____ () C:\TEMP\MSIbb47d.LOG
2017-04-30 11:04 - 2017-04-30 11:04 - 0000234 _____ () C:\TEMP\MSIbb886.LOG
2017-04-30 11:04 - 2017-04-30 11:04 - 0000234 _____ () C:\TEMP\MSIbbb34.LOG
2017-04-14 18:57 - 2017-04-14 18:57 - 0000522 _____ () C:\TEMP\MSIbc71f.LOG
2017-04-01 23:26 - 2017-04-01 23:26 - 0000520 _____ () C:\TEMP\MSIbccfe.LOG
2017-04-09 12:48 - 2017-04-09 12:48 - 0000518 _____ () C:\TEMP\MSIbd52b.LOG
2017-04-21 23:57 - 2017-04-21 23:57 - 0000522 _____ () C:\TEMP\MSIbdf44.LOG
2017-04-08 00:48 - 2017-04-08 00:48 - 0000516 _____ () C:\TEMP\MSIbf9ca.LOG
2017-04-07 18:18 - 2017-04-07 18:18 - 0000520 _____ () C:\TEMP\MSIc28bf.LOG
2017-04-18 22:26 - 2017-04-18 22:26 - 0000234 _____ () C:\TEMP\MSIc37e6.LOG
2017-04-18 22:26 - 2017-04-18 22:26 - 0000234 _____ () C:\TEMP\MSIc42de.LOG
2017-04-18 22:26 - 2017-04-18 22:26 - 0000234 _____ () C:\TEMP\MSIc44a2.LOG
2017-04-20 17:36 - 2017-04-20 17:36 - 0000522 _____ () C:\TEMP\MSIc45a2.LOG
2017-04-18 22:26 - 2017-04-18 22:26 - 0000234 _____ () C:\TEMP\MSIc4f6b.LOG
2017-04-27 18:43 - 2017-04-27 18:43 - 0000524 _____ () C:\TEMP\MSIc502a.LOG
2017-04-09 19:48 - 2017-04-09 19:48 - 0000520 _____ () C:\TEMP\MSIc5193.LOG
2017-04-15 01:57 - 2017-04-15 01:57 - 0000520 _____ () C:\TEMP\MSIc6346.LOG
2017-04-16 22:17 - 2017-04-16 22:17 - 0000234 _____ () C:\TEMP\MSIc6d80.LOG
2017-04-16 22:17 - 2017-04-16 22:17 - 0000234 _____ () C:\TEMP\MSIc6f73.LOG
2017-04-16 22:17 - 2017-04-16 22:17 - 0000234 _____ () C:\TEMP\MSIc70ca.LOG
2017-04-10 21:26 - 2017-04-10 21:26 - 0000522 _____ () C:\TEMP\MSIc70d2.LOG
2017-04-07 18:18 - 2017-04-07 18:18 - 0000232 _____ () C:\TEMP\MSIc7181.LOG
2017-04-15 17:57 - 2017-04-15 17:57 - 0000520 _____ () C:\TEMP\MSIc7699.LOG
2017-04-07 18:18 - 2017-04-07 18:18 - 0000232 _____ () C:\TEMP\MSIc7baf.LOG
2017-05-02 20:43 - 2017-05-02 20:43 - 0000520 _____ () C:\TEMP\MSIcafaa.LOG
2017-03-31 20:48 - 2017-03-31 20:48 - 0000520 _____ () C:\TEMP\MSIcb5ca.LOG
2017-04-16 19:57 - 2017-04-16 19:57 - 0000522 _____ () C:\TEMP\MSIcbd70.LOG
2017-04-01 11:48 - 2017-04-01 11:48 - 0000518 _____ () C:\TEMP\MSIcc987.LOG
2017-04-25 21:00 - 2017-04-25 21:00 - 0000234 _____ () C:\TEMP\MSIcd904.LOG
2017-04-25 21:00 - 2017-04-25 21:00 - 0000234 _____ () C:\TEMP\MSIcdba3.LOG
2017-04-25 21:00 - 2017-04-25 21:00 - 0000234 _____ () C:\TEMP\MSIcdd77.LOG
2017-04-07 21:48 - 2017-04-07 21:48 - 0000520 _____ () C:\TEMP\MSIce06d.LOG
2017-04-04 23:48 - 2017-04-04 23:48 - 0000520 _____ () C:\TEMP\MSIce5f1.LOG
2017-04-13 19:57 - 2017-04-13 19:57 - 0000520 _____ () C:\TEMP\MSIcef21.LOG
2017-04-07 18:18 - 2017-04-07 18:18 - 0000232 _____ () C:\TEMP\MSIcf457.LOG
2017-04-18 18:57 - 2017-04-18 18:57 - 0000520 _____ () C:\TEMP\MSId09c0.LOG
2017-04-18 22:27 - 2017-04-18 22:27 - 0000234 _____ () C:\TEMP\MSId0f9e.LOG
2017-04-18 22:27 - 2017-04-18 22:27 - 0000234 _____ () C:\TEMP\MSId1191.LOG
2017-04-18 22:27 - 2017-04-18 22:27 - 0000234 _____ () C:\TEMP\MSId12e8.LOG
2017-04-03 17:48 - 2017-04-03 17:48 - 0000520 _____ () C:\TEMP\MSId3753.LOG
2017-04-07 18:19 - 2017-04-07 18:19 - 0000232 _____ () C:\TEMP\MSId4016.LOG
2017-05-01 21:43 - 2017-05-01 21:43 - 0000518 _____ () C:\TEMP\MSId40a8.LOG
2017-04-20 19:57 - 2017-04-20 19:57 - 0000522 _____ () C:\TEMP\MSId420c.LOG
2017-04-17 19:57 - 2017-04-17 19:57 - 0000520 _____ () C:\TEMP\MSId5f32.LOG
2017-03-30 21:48 - 2017-03-30 21:48 - 0000522 _____ () C:\TEMP\MSId5f96.LOG
2017-04-14 09:57 - 2017-04-14 09:57 - 0000516 _____ () C:\TEMP\MSId64da.LOG
2017-04-06 22:48 - 2017-04-06 22:48 - 0000518 _____ () C:\TEMP\MSId8b14.LOG
2017-04-08 21:48 - 2017-04-08 21:48 - 0000520 _____ () C:\TEMP\MSId91cd.LOG
2017-04-03 21:48 - 2017-04-03 21:48 - 0000518 _____ () C:\TEMP\MSId9232.LOG
2017-04-03 23:37 - 2017-04-03 23:37 - 0000232 _____ () C:\TEMP\MSId9af.LOG
2017-04-07 18:19 - 2017-04-07 18:19 - 0000232 _____ () C:\TEMP\MSId9f45.LOG
2017-04-07 18:19 - 2017-04-07 18:19 - 0000232 _____ () C:\TEMP\MSIda54e.LOG
2017-04-07 18:19 - 2017-04-07 18:19 - 0000232 _____ () C:\TEMP\MSIda905.LOG
2017-04-02 18:48 - 2017-04-02 18:48 - 0000518 _____ () C:\TEMP\MSIdc362.LOG
2017-04-14 16:57 - 2017-04-14 16:57 - 0000522 _____ () C:\TEMP\MSIdea27.LOG
2017-04-09 10:48 - 2017-04-09 10:48 - 0000516 _____ () C:\TEMP\MSIdee54.LOG
2017-04-19 20:57 - 2017-04-19 20:57 - 0000520 _____ () C:\TEMP\MSIdf06a.LOG
2017-04-15 15:22 - 2017-04-15 15:22 - 0000520 _____ () C:\TEMP\MSIe0f7b.LOG
2017-05-02 19:35 - 2017-05-02 19:35 - 0000520 _____ () C:\TEMP\MSIe4217.LOG
2017-04-14 23:57 - 2017-04-14 23:57 - 0000522 _____ () C:\TEMP\MSIe6f93.LOG
2017-04-09 17:48 - 2017-04-09 17:48 - 0000520 _____ () C:\TEMP\MSIe740e.LOG
2017-04-15 12:57 - 2017-04-15 12:57 - 0000520 _____ () C:\TEMP\MSIe7b3a.LOG
2017-04-15 22:22 - 2017-04-15 22:22 - 0000522 _____ () C:\TEMP\MSIe994b.LOG
2017-04-15 15:57 - 2017-04-15 15:57 - 0000520 _____ () C:\TEMP\MSIe9ae9.LOG
2017-04-26 22:57 - 2017-04-26 22:57 - 0000524 _____ () C:\TEMP\MSIecea6.LOG
2017-05-01 17:43 - 2017-05-01 17:43 - 0000522 _____ () C:\TEMP\MSIed5a9.LOG
2017-04-16 17:57 - 2017-04-16 17:57 - 0000522 _____ () C:\TEMP\MSIeda8f.LOG
2017-03-31 18:48 - 2017-03-31 18:48 - 0000520 _____ () C:\TEMP\MSIedf28.LOG
2017-04-07 19:48 - 2017-04-07 19:48 - 0000520 _____ () C:\TEMP\MSIf00d7.LOG
2017-04-04 21:48 - 2017-04-04 21:48 - 0000518 _____ () C:\TEMP\MSIf07ff.LOG
2017-04-26 20:57 - 2017-04-26 20:57 - 0000524 _____ () C:\TEMP\MSIf085.LOG
2017-04-13 17:57 - 2017-04-13 17:57 - 0000518 _____ () C:\TEMP\MSIf19a7.LOG
2017-04-15 22:57 - 2017-04-15 22:57 - 0000522 _____ () C:\TEMP\MSIf2832.LOG
2017-04-16 00:42 - 2017-04-16 00:42 - 0000232 _____ () C:\TEMP\MSIf50e8.LOG
2017-04-16 00:42 - 2017-04-16 00:42 - 0000232 _____ () C:\TEMP\MSIf5961.LOG
2017-04-16 00:42 - 2017-04-16 00:42 - 0000232 _____ () C:\TEMP\MSIf5a89.LOG
2017-04-16 00:42 - 2017-04-16 00:42 - 0000232 _____ () C:\TEMP\MSIf6478.LOG
2017-04-03 15:48 - 2017-04-03 15:48 - 0000520 _____ () C:\TEMP\MSIf66b9.LOG
2017-04-20 17:57 - 2017-04-20 17:57 - 0000522 _____ () C:\TEMP\MSIf75b7.LOG
2017-04-17 17:57 - 2017-04-17 17:57 - 0000520 _____ () C:\TEMP\MSIf89a9.LOG
2017-03-30 19:48 - 2017-03-30 19:48 - 0000522 _____ () C:\TEMP\MSIf8b93.LOG
2017-04-06 20:48 - 2017-04-06 20:48 - 0000518 _____ () C:\TEMP\MSIf9da8.LOG
2017-04-08 19:48 - 2017-04-08 19:48 - 0000520 _____ () C:\TEMP\MSIfbb88.LOG
2017-04-02 16:48 - 2017-04-02 16:48 - 0000518 _____ () C:\TEMP\MSIfeb69.LOG
2017-04-19 18:57 - 2017-04-19 18:57 - 0000520 _____ () C:\TEMP\MSIffd81.LOG
 
====== End of Folder: ======
 
 
========================= File: C:\NFS\BIN\NFS.EXE ========================
 
"C:\NFS\BIN\NFS.EXE" => not found.
====== End of File: ======
 
 
========================= Folder: C:\Windows\Logs\CBS ========================
 
2009-07-28 22:10 - 2017-05-03 19:54 - 2763425 _____ () C:\Windows\Logs\CBS\CBS.log
2009-07-28 22:10 - 2016-11-13 23:19 - 40391556 _____ () C:\Windows\Logs\CBS\CbsPersist_20161115041447.cab
2009-07-28 22:10 - 2016-11-18 20:09 - 34349794 _____ () C:\Windows\Logs\CBS\CbsPersist_20161119172420.cab
2009-07-28 22:10 - 2016-12-06 23:30 - 103192514 _____ () C:\Windows\Logs\CBS\CbsPersist_20161208054236.cab
2009-07-28 22:10 - 2016-12-08 00:44 - 17134630 _____ () C:\Windows\Logs\CBS\CbsPersist_20161209052137.cab
2009-07-28 22:10 - 2016-12-14 22:16 - 64054004 _____ () C:\Windows\Logs\CBS\CbsPersist_20161215072726.cab
2009-07-28 22:10 - 2017-04-14 09:42 - 4096131753 _____ () C:\Windows\Logs\CBS\CbsPersist_20170414214952.log
2009-07-28 22:10 - 2017-05-01 20:36 - 2108027928 _____ () C:\Windows\Logs\CBS\CbsPersist_20170503023452.log
2016-10-23 22:37 - 2016-10-24 19:07 - 0608730 _____ () C:\Windows\Logs\CBS\DeepClean.log
2016-04-14 22:52 - 2017-05-01 17:55 - 0000296 _____ () C:\Windows\Logs\CBS\FilterList.log
 
====== End of Folder: ======
 
 
========= delete C:\cab_????_? /F /Q =========
 
'delete' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
 
========= delete C:\cab_????_?? /F /Q =========
 
'delete' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
 
==== End of Fixlog 21:17:57 ====


#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,331 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:31 AM

Posted 04 May 2017 - 01:06 PM

jstyle711:

Thank you for your post. I had a typo or two in my script and it failed to execute as I wanted it to. :(

Let's run another FRST "fixlist.txt" script and try again.

.

:step1: Please run a FRST fix for me. Please download the latest version of FRST from this link.

NOTE: It is important that both files, FRST64.exe and fixlist.txt ,are in the same folder or the fix will not work.

NOTICE: This "fixlist.txt" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

CreateRestorePoint:
CloseProcesses:

CMD: type C:\TEMP\MSI1060c.LOG
StartBatch:
@echo off
net stop TrustedInstaller > C:\Users\jtreez\Desktop\log.txt
del C:\Users\jtreez\AppData\Local\WiDiLog*.wdl /F /Q >> C:\Users\jtreez\Desktop\log.txt
del C:\Users\jtreez\AppData\Local\WiDiLog*.txt /F /Q >> C:\Users\jtreez\Desktop\log.txt
md C:\users\jtreez\cbslogs >> C:\Users\jtreez\Desktop\log.txt
move C:\Windows\Logs\CBS\*.* C:\Users\jtreez\cbslogs >> C:\Users\jtreez\Desktop\log.txt
del C:\Windows\Temp\*.cab /F /Q >> C:\Users\jtreez\Desktop\log.txt
del C:\cab_????_? /F /Q >> C:\Users\jtreez\Desktop\log.txt
del C:\cab_????_?? /F /Q >> C:\Users\jtreez\Desktop\log.txt
EndBatch:
Reboot:
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Ctrl+y (Ctrl and Y keys at the same time).
  • A "fixlist.txt" file opens up, copy and paste the contents of the code box above into the file.
  • Press Ctrl+S to save the file. Close the "fixlist.txt" file.
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.
  • Also a file called "log.txt" will be created on your Desktop. Please open that file in Notepad and copy and paste the contents of that file into your next reply as well.

.


Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#11 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,331 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:31 AM

Posted 07 May 2017 - 06:20 AM

jstyle711:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,331 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:31 AM

Posted 09 May 2017 - 06:27 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Member of the Unified Network of Instructors and Trusted Eliminators


#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,331 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:31 AM

Posted 11 May 2017 - 08:09 AM

jstyle711:

 

I received your PM and this topic has been reopened at your request. I understand all too well that "real life" gets in the way. :(  I would request that you do keep me posted when you expect to be unable to respond for a period longer than two days.  Thank you for your understanding.

 

Please run the request "fixlist.txt" script in this post.

 

Please copy and paste the contents of the "fixlog.txt" file into your next reply.

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#14 jstyle711

jstyle711
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 11 May 2017 - 08:38 PM

Sorry about earlier, I'll make a note to check in next time.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by jtreez (11-05-2017 18:23:34) Run:4
Running from C:\Users\jtreez\Downloads
Loaded Profiles: jtreez (Available Profiles: jtreez)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:CMD: type C:\TEMP\MSI1060c.LOG
StartBatch:
@echo off
net stop TrustedInstaller > C:\Users\jtreez\Desktop\log.txt
del C:\Users\jtreez\AppData\Local\WiDiLog*.wdl /F /Q >> C:\Users\jtreez\Desktop\log.txt
del C:\Users\jtreez\AppData\Local\WiDiLog*.txt /F /Q >> C:\Users\jtreez\Desktop\log.txt
md C:\users\jtreez\cbslogs >> C:\Users\jtreez\Desktop\log.txt
move C:\Windows\Logs\CBS\*.* C:\Users\jtreez\cbslogs >> C:\Users\jtreez\Desktop\log.txt
del C:\Windows\Temp\*.cab /F /Q >> C:\Users\jtreez\Desktop\log.txt
del C:\cab_????_? /F /Q >> C:\Users\jtreez\Desktop\log.txt
del C:\cab_????_?? /F /Q >> C:\Users\jtreez\Desktop\log.txt
EndBatch:
Reboot:
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========= Batch: =========
System error 109 has occurred.
 
The pipe has been ended.
 
Could Not Find C:\Users\jtreez\AppData\Local\WiDiLog*.txt
A subdirectory or file C:\users\jtreez\cbslogs already exists.
Could Not Find C:\Windows\Temp\*.cab
Could Not Find C:\cab_????_?
Could Not Find C:\cab_????_??
 
========= End of Batch: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 18:24:08 ====


#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,331 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:31 AM

Posted 12 May 2017 - 10:38 AM

jstyle711:
 
Thank you for the fixlog.txt.  It appears that the FRST "fixlist.txt" script bombed again for some reason.

First, please create a restore point, if you can.
 
Would you next, please, if you feel comfortable doing so, navigate, using Windows Explorer, the following folders, and manually try to delete the files specified below:
  • C:\TEMP Please delete all MSI*.LOG files. They are not necessary. The "*" means all files with the root name, followed by or preceding, any combination of letters or numbers.
  • C:\Users\jtreez\AppData\Local Please WiDiLog*.wdl files.
  • C:\Users\jtreez\AppData\Local Please WiDiLog*.txt files.
  • C:\Windows\Temp Please delete all files in that folder ending in .cab
  • Delete all .cab_*_* in the root folder of C:\
If you can't delete them because of permissions issues, please boot into Safe Mode and try to see if you can delete them in Safe Mode.

If you are not comfortable doing what I have asked above, please let me know and we will tackle the problem a different way. Different people have differing levels of computer skills.

.

Please let me know how you make out. Thank you and have a great day.

Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users