Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

C drive temp files keep filling space, c drive says 0 bytes remain

Started by Spaghettio , Aug 11 2017 04:01 PM

  • Please log in to reply

#1
Spaghettio
Posted 11 August 2017 - 04:01 PM

Spaghettio

    New Member

  • Member
  • Pip
  • 4 posts
Hello ! I am a new user here and would like to see if I'd be able to get some help online before I ventured myself into the nearest computer repair shop.

The problem is that my windows temp files keep on filling up with these random folders and will result in my c drive having 0 bytes remaining and unable to operate programs until they are deleted. Even after deleting they seem to just keep coming back.. this is becoming quite annoying haha.

Any help in this area would be greatly appreciated, I tried running a virus scan and malware/ccleaner but still no luck.

I am also using windows 7.
  • 0

Advertisements

#2
RKinner
Posted 11 August 2017 - 04:17 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
 

 

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
 
 

  • 0

#3
Spaghettio
Posted 11 August 2017 - 06:39 PM

Spaghettio

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

 

 

 

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
 
 

 

 

<script src="/cdn-cgi/apps/head/WF48Gl3PKYxHrReiZymeg1SEI3M.js"></script>

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-08-2017
Ran by Jesse James (administrator) on TEAMROCKET (11-08-2017 20:36:15)
Running from C:\Users\Jesse James\Downloads
Loaded Profiles: Jesse James (Available Profiles: Jesse James)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Pro Tools\MMERefresh.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Application Manager\AvidApplicationManager.exe
() C:\Program Files\Avid\Application Manager\QtWebEngineProcess.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Application Manager\AvidAppManHelper.exe
(Farbar) C:\Users\Jesse James\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Avid\Pro Tools\MMERefresh.exe [117760 2016-06-28] (Avid Technology, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-08] (AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-07-31] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2526022703-1416302777-1080310249-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-2526022703-1416302777-1080310249-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2017-07-31] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avid Application Manager.lnk [2016-09-15]
ShortcutTarget: Avid Application Manager.lnk -> C:\Windows\Installer\{99E377DB-D2D0-44A5-8533-AA8BE1381644}\NewShortcut1_E1E0FF1FC1474601A40EFEF248F11D43.exe (Flexera Software LLC)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{81C8E52F-B069-4C0D-93D4-D8EE661F641C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{949CF8C9-9971-44A7-AA1E-422B7BB724C3}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-08] (AVAST Software)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-08] (AVAST Software)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-06-05]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://lenovo13.msn.com/
CHR Profile: C:\Users\Jesse James\AppData\Local\Google\Chrome\User Data\Default [2017-08-11]
CHR Extension: (Google Slides) - C:\Users\Jesse James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-19]
CHR Extension: (Google Docs) - C:\Users\Jesse James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-19]
CHR Extension: (Google Drive) - C:\Users\Jesse James\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-19]
CHR Extension: (YouTube) - C:\Users\Jesse James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-19]
CHR Extension: (Adblock Plus) - C:\Users\Jesse James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Jesse James\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-05]
CHR Extension: (Avast SafePrice) - C:\Users\Jesse James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-05]
CHR Extension: (Google Sheets) - C:\Users\Jesse James\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-19]
CHR Extension: (Google Docs Offline) - C:\Users\Jesse James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-19]
CHR Extension: (AdBlock) - C:\Users\Jesse James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-10]
CHR Extension: (Avast Online Security) - C:\Users\Jesse James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jesse James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Gmail) - C:\Users\Jesse James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-19]
CHR Extension: (Chrome Media Router) - C:\Users\Jesse James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-11]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-08] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-08] (AVAST Software)
R2 DigiRefresh; C:\Program Files\Avid\Pro Tools\MMERefresh.exe [117760 2016-06-28] (Avid Technology, Inc.) [File not signed]
S3 digiSPTIService64; C:\Program Files\Avid\Pro Tools\digisptiservice64.exe [197632 2016-06-28] (Avid Technology, Inc.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320008 2017-08-07] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-08-07] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-08-07] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57728 2017-08-07] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-08] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146696 2017-08-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-08] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-07-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-08] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-08] (AVAST Software)
R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25808 2013-04-11] ()
R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-29] (Broadcom Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-07] (Malwarebytes)
S3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [146368 2016-03-17] (Yamaha Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-11 20:36 - 2017-08-11 20:36 - 000013557 _____ C:\Users\Jesse James\Downloads\FRST.txt
2017-08-11 20:35 - 2017-08-11 20:36 - 000000000 ____D C:\FRST
2017-08-11 20:34 - 2017-08-11 20:35 - 002381824 _____ (Farbar) C:\Users\Jesse James\Downloads\FRST64 (1).exe
2017-08-11 20:33 - 2017-08-11 20:34 - 000539831 _____ C:\Users\Jesse James\Downloads\Unconfirmed 910982.crdownload
2017-08-10 19:32 - 2017-08-10 19:32 - 000000000 ____D C:\Users\Jesse James\AppData\Roaming\JAM Software
2017-08-10 19:32 - 2017-08-10 19:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2017-08-10 19:32 - 2017-08-10 19:32 - 000000000 ____D C:\Program Files (x86)\JAM Software
2017-08-10 19:31 - 2017-08-10 19:31 - 007471816 _____ (JAM Software ) C:\Users\Jesse James\Downloads\TreeSizeFreeSetup.exe
2017-08-07 20:42 - 2017-08-07 20:42 - 000400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-07-31 18:31 - 2017-07-31 18:31 - 000065096 _____ (Adobe Systems Inc) C:\Windows\system32\AdobePDF.dll
2017-07-31 18:31 - 2017-07-31 18:31 - 000035912 _____ (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2017-07-19 00:28 - 2017-06-30 00:15 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-19 00:28 - 2017-06-29 23:32 - 000346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-19 00:28 - 2017-06-29 22:57 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-19 00:28 - 2017-06-29 22:57 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-19 00:28 - 2017-06-29 22:57 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-19 00:28 - 2017-06-29 22:57 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-19 00:28 - 2017-06-29 22:57 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-19 00:28 - 2017-06-29 22:57 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-19 00:28 - 2017-06-29 22:57 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-19 00:28 - 2017-06-29 22:57 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-19 00:28 - 2017-06-29 22:57 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-19 00:28 - 2017-06-29 22:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-19 00:28 - 2017-06-29 22:40 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-19 00:28 - 2017-06-29 22:40 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-19 00:28 - 2017-06-29 22:39 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-19 00:28 - 2017-06-29 22:39 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-19 00:28 - 2017-06-29 22:38 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-19 00:28 - 2017-06-29 22:38 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-07-19 00:28 - 2017-06-29 22:38 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-19 00:28 - 2017-06-29 22:38 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-19 00:28 - 2017-06-29 22:38 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-07-19 00:28 - 2017-06-29 22:38 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-07-19 00:28 - 2017-06-29 22:38 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-07-19 00:28 - 2017-06-29 22:38 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-07-19 00:28 - 2017-06-29 22:27 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-19 00:28 - 2017-06-29 22:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-19 00:28 - 2017-06-29 22:26 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-07-19 00:28 - 2017-06-29 22:26 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-07-19 00:28 - 2017-06-29 02:27 - 025734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-19 00:28 - 2017-06-29 02:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-19 00:28 - 2017-06-29 02:18 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-19 00:28 - 2017-06-29 02:04 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-19 00:28 - 2017-06-29 02:03 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-19 00:28 - 2017-06-29 02:03 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-19 00:28 - 2017-06-29 02:02 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-19 00:28 - 2017-06-29 02:02 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-19 00:28 - 2017-06-29 02:02 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-19 00:28 - 2017-06-29 01:55 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-19 00:28 - 2017-06-29 01:54 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-19 00:28 - 2017-06-29 01:51 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-19 00:28 - 2017-06-29 01:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-19 00:28 - 2017-06-29 01:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-19 00:28 - 2017-06-29 01:50 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-19 00:28 - 2017-06-29 01:50 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-19 00:28 - 2017-06-29 01:44 - 005975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-19 00:28 - 2017-06-29 01:43 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-19 00:28 - 2017-06-29 01:39 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-19 00:28 - 2017-06-29 01:35 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-07-19 00:28 - 2017-06-29 01:31 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-19 00:28 - 2017-06-29 01:31 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-19 00:28 - 2017-06-29 01:30 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-19 00:28 - 2017-06-29 01:27 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-19 00:28 - 2017-06-29 01:26 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-19 00:28 - 2017-06-29 01:23 - 020270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-19 00:28 - 2017-06-29 01:23 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-19 00:28 - 2017-06-29 01:23 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-19 00:28 - 2017-06-29 01:23 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-07-19 00:28 - 2017-06-29 01:23 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-07-19 00:28 - 2017-06-29 01:22 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-07-19 00:28 - 2017-06-29 01:22 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-19 00:28 - 2017-06-29 01:22 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-19 00:28 - 2017-06-29 01:19 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-19 00:28 - 2017-06-29 01:17 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-07-19 00:28 - 2017-06-29 01:16 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-07-19 00:28 - 2017-06-29 01:14 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-07-19 00:28 - 2017-06-29 01:13 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-19 00:28 - 2017-06-29 01:13 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-07-19 00:28 - 2017-06-29 01:13 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-07-19 00:28 - 2017-06-29 01:11 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-19 00:28 - 2017-06-29 01:09 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-19 00:28 - 2017-06-29 01:09 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-19 00:28 - 2017-06-29 01:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-19 00:28 - 2017-06-29 01:07 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-19 00:28 - 2017-06-29 01:05 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-07-19 00:28 - 2017-06-29 01:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-19 00:28 - 2017-06-29 01:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-07-19 00:28 - 2017-06-29 01:00 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-19 00:28 - 2017-06-29 00:58 - 015253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-19 00:28 - 2017-06-29 00:58 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-07-19 00:28 - 2017-06-29 00:56 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-19 00:28 - 2017-06-29 00:56 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-19 00:28 - 2017-06-29 00:54 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-07-19 00:28 - 2017-06-29 00:53 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-19 00:28 - 2017-06-29 00:52 - 004549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-19 00:28 - 2017-06-29 00:48 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-19 00:28 - 2017-06-29 00:47 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-19 00:28 - 2017-06-29 00:46 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-19 00:28 - 2017-06-29 00:46 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-07-19 00:28 - 2017-06-29 00:43 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-19 00:28 - 2017-06-29 00:41 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-19 00:28 - 2017-06-29 00:29 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-19 00:28 - 2017-06-29 00:28 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-19 00:28 - 2017-06-29 00:24 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-19 00:28 - 2017-06-29 00:23 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-19 00:28 - 2017-06-22 10:58 - 003223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-19 00:28 - 2017-06-15 16:23 - 000753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-19 00:28 - 2017-06-12 18:54 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-19 00:28 - 2017-06-12 18:54 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-19 00:28 - 2017-06-12 18:54 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-19 00:28 - 2017-06-12 18:49 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-19 00:28 - 2017-06-12 18:49 - 001363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-19 00:28 - 2017-06-12 18:49 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-19 00:28 - 2017-06-12 18:49 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-19 00:28 - 2017-06-12 18:49 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-19 00:28 - 2017-06-12 18:49 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-19 00:28 - 2017-06-12 18:49 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-19 00:28 - 2017-06-12 18:49 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-19 00:28 - 2017-06-12 18:49 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-19 00:28 - 2017-06-12 18:49 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-19 00:28 - 2017-06-12 18:49 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-19 00:28 - 2017-06-12 18:49 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-19 00:28 - 2017-06-12 18:49 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-19 00:28 - 2017-06-12 18:49 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-19 00:28 - 2017-06-12 18:49 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-19 00:28 - 2017-06-12 18:49 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-19 00:28 - 2017-06-12 18:49 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-19 00:28 - 2017-06-12 18:49 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-19 00:28 - 2017-06-12 18:49 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-19 00:28 - 2017-06-12 18:49 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-19 00:28 - 2017-06-12 18:49 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-19 00:28 - 2017-06-12 18:49 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-19 00:28 - 2017-06-12 18:49 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-19 00:28 - 2017-06-12 18:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-19 00:28 - 2017-06-12 18:29 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-19 00:28 - 2017-06-12 18:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-19 00:28 - 2017-06-12 18:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-19 00:28 - 2017-06-12 18:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-19 00:28 - 2017-06-12 18:29 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-19 00:28 - 2017-06-12 18:29 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-19 00:28 - 2017-06-12 18:29 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-19 00:28 - 2017-06-12 18:28 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-19 00:28 - 2017-06-12 18:28 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-19 00:28 - 2017-06-12 18:28 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-19 00:28 - 2017-06-12 18:28 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-19 00:28 - 2017-06-12 18:28 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-19 00:28 - 2017-06-12 18:28 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-19 00:28 - 2017-06-12 18:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-19 00:28 - 2017-06-12 18:28 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-19 00:28 - 2017-06-12 18:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-19 00:28 - 2017-06-12 18:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-19 00:28 - 2017-06-12 18:28 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-19 00:28 - 2017-06-12 18:28 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-19 00:28 - 2017-06-12 18:19 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-19 00:28 - 2017-06-12 18:14 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-19 00:28 - 2017-06-12 18:14 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-19 00:28 - 2017-06-12 18:14 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-19 00:28 - 2017-06-12 18:12 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-19 00:28 - 2017-06-12 18:12 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-19 00:28 - 2017-06-12 18:12 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-19 00:28 - 2017-06-12 18:11 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-19 00:28 - 2017-06-12 18:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-19 00:28 - 2017-06-12 18:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-19 00:28 - 2017-06-12 18:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-19 00:28 - 2017-06-12 18:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-19 00:28 - 2017-06-12 18:05 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-19 00:28 - 2017-06-10 11:59 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-19 00:28 - 2017-06-10 11:39 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-19 00:28 - 2017-06-09 11:33 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-19 00:28 - 2017-06-06 11:30 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-19 00:28 - 2017-06-06 11:12 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-19 00:28 - 2017-05-30 00:56 - 001895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-19 00:28 - 2017-05-30 00:56 - 000377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-19 00:28 - 2017-05-30 00:56 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-19 00:28 - 2017-05-21 00:24 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-19 00:28 - 2017-05-21 00:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-19 00:28 - 2017-05-16 11:35 - 000986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-19 00:28 - 2017-05-16 11:35 - 000265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-19 00:28 - 2017-05-16 11:30 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-11 04:45 - 2009-07-14 00:45 - 000022576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-11 04:45 - 2009-07-14 00:45 - 000022576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-11 00:20 - 2017-06-05 13:08 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-11 00:19 - 2017-06-05 13:07 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-08-11 00:19 - 2017-06-05 13:07 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2017-08-11 00:19 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2017-08-08 01:05 - 2016-08-19 22:35 - 000002198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-08 01:05 - 2016-08-19 22:35 - 000002186 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-07 21:10 - 2017-05-30 21:48 - 000000000 ____D C:\Users\Jesse James\Desktop\slave
2017-08-07 21:10 - 2016-09-08 23:09 - 000000000 ____D C:\Users\Public\Pro Tools
2017-08-07 21:10 - 2016-08-21 22:02 - 000000000 ____D C:\Users\Jesse James\Documents\BIAS_FX
2017-08-07 20:58 - 2009-07-14 01:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-07 20:43 - 2017-05-04 14:31 - 000003896 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1493922662
2017-08-07 20:42 - 2017-03-15 19:21 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-08-07 20:42 - 2017-03-15 19:21 - 000320008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-08-07 20:42 - 2017-03-15 19:21 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-08-07 20:42 - 2017-03-15 19:21 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-08-07 20:42 - 2017-03-15 19:21 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-08-07 20:42 - 2017-01-22 18:59 - 000146696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-08-07 20:42 - 2017-01-22 18:59 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.150215297250403
2017-08-07 20:41 - 2017-01-27 01:50 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-07 20:41 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-19 03:54 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2017-07-19 03:26 - 2017-01-22 18:59 - 000146696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw308b21081dc7f922.tmp
2017-07-19 03:17 - 2009-07-14 00:45 - 000297928 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-19 03:16 - 2016-08-30 03:22 - 000000000 ____D C:\Windows\system32\appraiser
2017-07-18 21:36 - 2017-01-27 01:50 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys
 
==================== Files in the root of some directories =======
 
2014-01-08 11:00 - 2014-01-08 11:00 - 002387968 _____ (Waves Audio Ltd.) C:\Program Files\WaveShell-VST 9.2_x64.dll
2014-01-08 11:00 - 2014-01-08 11:00 - 001732608 _____ (Waves Audio Ltd.) C:\Program Files (x86)\WaveShell-VST 9.2.dll
2016-08-21 22:02 - 2016-08-21 22:02 - 000000030 _____ () C:\Users\Jesse James\AppData\Roaming\.pgbiasfx
2016-09-15 16:30 - 2016-09-15 16:30 - 002708182 _____ () C:\Users\Jesse James\AppData\Roaming\AvidApplicationManager_Install.log
2016-11-17 14:51 - 2016-11-17 14:51 - 001174026 _____ () C:\Users\Jesse James\AppData\Roaming\AvidCloudClientServices_Install.log
2016-12-07 20:09 - 2016-12-15 19:22 - 000007605 _____ () C:\Users\Jesse James\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-11 00:56
 
==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2017
Ran by Jesse James (11-08-2017 20:36:41)
Running from C:\Users\Jesse James\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-08-19 04:24:04)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
09C9B4A818AB4093917E (S-1-5-21-2526022703-1416302777-1080310249-1003 - Limited - Enabled)
Administrator (S-1-5-21-2526022703-1416302777-1080310249-500 - Administrator - Disabled)
D697B567CB54471D9B3E (S-1-5-21-2526022703-1416302777-1080310249-1004 - Limited - Enabled)
Guest (S-1-5-21-2526022703-1416302777-1080310249-501 - Limited - Disabled)
Jesse James (S-1-5-21-2526022703-1416302777-1080310249-1000 - Administrator - Enabled) => C:\Users\Jesse James
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2526022703-1416302777-1080310249-1000\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 17.012.20093 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
Avid Application Manager (HKLM\...\{99E377DB-D2D0-44A5-8533-AA8BE1381644}) (Version: 2.5.9.13525 - Avid Technology, Inc.)
Avid BBD Delay (HKLM\...\{7166744A-A8B4-4F2E-B924-CAAE18B34C1B}) (Version: 12.4.0.949 - Avid Technology, Inc.)
Avid Black Op Distortion (HKLM\...\{8D47277C-6703-42AB-8CA0-BFC373B0F336}) (Version: 12.4.0.949 - Avid Technology, Inc.)
Avid Black Spring (HKLM\...\{0D565B7E-FE8D-4337-86C3-A16D519E7DF2}) (Version: 12.4.0.949 - Avid Technology, Inc.)
Avid Black/Shiny Wah (HKLM\...\{CD273B2B-C2EB-489B-A65A-DAE69AF372FA}) (Version: 12.4.0.949 - Avid Technology, Inc.)
Avid C1 Chorus/Vibrato (HKLM\...\{F4FEC0E6-ADE9-478C-82BD-C5A4EACE7EBC}) (Version: 12.4.0.949 - Avid Technology, Inc.)
Avid Cloud Client Services (HKLM\...\{C50DB2B2-B36E-402F-B19E-9F623F41A235}) (Version: 2.0.0.7380 - Avid Technology, Inc.)
Avid Codecs LE (HKLM-x32\...\{C8867EDE-69E9-422C-9E88-80CF5B897C4F}) (Version: 2.7.1.39060 - Avid Technology)
Avid DC Distortion (HKLM\...\{F6465C5D-6472-45EC-BC73-ED469EC58990}) (Version: 12.4.0.949 - Avid Technology, Inc.)
Avid Effects (HKLM\...\{C7DB24AC-3016-45A3-AE71-790F09BFBFC3}) (Version: 12.5.2.511 - Avid Technology, Inc.)
Avid Gray Compressor (HKLM\...\{46EF7BCB-B69D-4B4F-B6EA-F6A6DA12F98B}) (Version: 12.4.0.949 - Avid Technology, Inc.)
Avid Green JRC Overdrive (HKLM\...\{E02B86C6-76A8-4F39-A12D-1BDCB31B58DF}) (Version: 12.4.0.949 - Avid Technology, Inc.)
Avid HD Driver (x64) (HKLM\...\{658E112A-8776-4430-A275-D9248732DFB9}) (Version: 12.5.2.511 - Avid Technology, Inc.)
Avid Pro Tools (HKLM\...\{440A8FC5-DF1F-49F2-8936-227247138A34}) (Version: 12.5.2.511 - Avid Technology, Inc.)
Avid Studio Reverb (HKLM\...\{8A93FD75-EA02-418C-AE3A-468EAD06CCCE}) (Version: 12.4.0.949 - Avid Technology, Inc.)
BIAS FX Plugins Pack (64bit) (HKLM\...\{FD2DC480-F649-4602-947C-58CA3BC4FA9B}) (Version: 1.3.4.1335 - PositiveGrid)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
EZdrummer 2 64-bit (HKLM\...\{B9217824-0EBE-49C7-98A0-A76CC46BBB7D}) (Version: 2.0.2 - Toontrack)
EZdrummer 2 64-bit Update (HKLM\...\{11CC8964-9CB0-46E6-9218-CD39ED4A554D}) (Version: 2.1.4 - Toontrack)
First AIR Effects (HKLM\...\{FB2E34B9-90BF-44E1-BC1D-9AE1AC81BB65}) (Version: 12.0.0.615 - AIR Music Technology)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® C++ Redistributables on IA-32 (HKLM-x32\...\{317059CB-7642-4F2E-89C0-62E69D4074B7}) (Version: 15.0.148 - Intel Corporation)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{2DD3C090-2986-4970-B3CB-87BB4C8AC4A5}) (Version: 15.0.148 - Intel Corporation)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
PACE License Support Win64 (HKLM\...\{83E92696-D92D-4c7e-B094-0BE853B191FE}) (Version: 2.5.2.1034 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{83E92696-D92D-4c7e-B094-0BE853B191FE}) (Version: 2.5.2.1034 - PACE Anti-Piracy, Inc.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
ReWire (HKLM\...\{4481A621-E317-411C-8926-864AACDF509B}) (Version: 1.00.0000 - Waves)
SafeZone Stable 3.55.2393.596 (HKLM-x32\...\SafeZone 3.55.2393.596) (Version: 3.55.2393.596 - Avast Software) Hidden
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SSD Sampler (HKLM-x32\...\SSD4) (Version: 1.1 - Yellow Matter Entertainment)
Toontrack Product Manager (HKLM-x32\...\{5BAE101A-4AF5-4FBA-99E6-1CE2825F8993}) (Version: 1.0.1 - Toontrack)
TreeSize Free V4.0.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.0.3 - JAM Software)
Waves Central V1.0.3.3 (HKLM-x32\...\{94000200-C561-4E32-99EB-3C5AD3683A70}) (Version: 1.0.4 - Waves)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Yamaha Steinberg USB Driver (HKLM\...\{64F338F0-1427-4D38-B30F-C6CB38C6B0D1}) (Version: 1.9.8 - Yamaha Corporation) Hidden
Yamaha Steinberg USB Driver (HKLM-x32\...\InstallShield_{64F338F0-1427-4D38-B30F-C6CB38C6B0D1}) (Version: 1.9.8 - Yamaha Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-08] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-08] (AVAST Software)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-08] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-08] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-08] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {154EF538-DBAF-4A70-91FC-B89FF576C948} - System32\Tasks\SafeZone scheduled Autoupdate 1493922662 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {1F98A8C4-7E1C-4342-9712-A4A8D79244EE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-08-07] (AVAST Software)
Task: {2041CF82-CC54-48F7-BBBD-C22EBF00F389} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {559BF9B5-6824-4F04-8E48-37C2FF037CB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-19] (Google Inc.)
Task: {79E12EF3-D6ED-4E3D-85B7-194F445B2CEB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-19] (AVAST Software)
Task: {9CD9319E-F5DF-49CF-BC60-4BD1CD71AE0B} - System32\Tasks\SafeZone scheduled Autoupdate 1489785342 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {B3E3FF1E-849B-4885-B5AF-90F3FAF8E84B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {E19A4831-3DDA-43E7-BA56-B103D6E01AFD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {E3DFCD4B-6861-45D6-9DE0-0EA3250A8A37} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-19] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Jesse James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Image-Line website.lnk -> hxxp://www.image-line.com
Shortcut: C:\Users\Jesse James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Advanced\Diagnostic.lnk -> hxxp://www.image-line.com/diagnosti
Shortcut: C:\Users\Jesse James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\Download Deckadance.lnk -> hxxp://www.deckadance.com
Shortcut: C:\Users\Jesse James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.uk
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-10-05 19:17 - 2016-10-05 19:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-07-08 18:30 - 2017-07-08 18:30 - 000162032 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-07-08 18:30 - 2017-07-08 18:30 - 000831664 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-07-08 18:30 - 2017-07-08 18:30 - 000276808 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-08-08 01:05 - 2017-08-02 03:39 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libglesv2.dll
2017-08-08 01:05 - 2017-08-02 03:39 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libegl.dll
2016-09-05 21:53 - 2016-09-05 21:53 - 000011776 _____ () C:\Program Files\Avid\Application Manager\libEGL.dll
2016-09-05 21:53 - 2016-09-05 21:53 - 002013696 _____ () C:\Program Files\Avid\Application Manager\libGLESv2.dll
2016-09-05 21:53 - 2016-09-05 21:53 - 000012288 _____ () C:\Program Files\Avid\Application Manager\QtWebEngineProcess.exe
2015-08-12 16:15 - 2015-08-12 16:15 - 007803392 _____ () c:\program files\avid\application manager\jre\bin\server\jvm.dll
2017-08-11 20:35 - 2016-01-21 12:27 - 000008704 _____ () C:\Users\Jesse James\AppData\Local\Temp\AppMan_jetty-TEMP\webapp\resources\FTF_JNI.dll
2017-07-08 18:30 - 2017-07-08 18:30 - 000170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-08 18:30 - 2017-07-08 18:30 - 000192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-08 18:30 - 2017-07-08 18:30 - 000224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-08 18:30 - 2017-07-08 18:30 - 000689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-07-08 18:30 - 2017-07-08 18:30 - 000231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-08-08 12:46 - 2017-08-08 12:46 - 005894008 _____ () C:\Program Files\AVAST Software\Avast\defs\17080802\algo.dll
2017-08-11 00:48 - 2017-08-11 00:48 - 005894008 _____ () C:\Program Files\AVAST Software\Avast\defs\17081000\algo.dll
2017-07-19 03:25 - 2017-07-19 03:25 - 001038952 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-07-08 18:30 - 2017-07-08 18:30 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-08 18:30 - 2017-07-08 18:30 - 000292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [217]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2526022703-1416302777-1080310249-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jesse James\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{574EFD2B-716A-43AC-9C55-6F5280AAA8F2}] => (Allow) C:\Users\Jesse James\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8CDCE1C7-D084-4B79-91AE-9E902F562D41}] => (Allow) C:\Users\Jesse James\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{027AA4F0-1B44-4464-A841-DFA8E287EC8D}] => (Allow) C:\Users\Jesse James\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{39F29061-5AA3-4DD4-B249-18BCD3770EC9}] => (Allow) C:\Users\Jesse James\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B6CFC459-E7BD-4550-A426-2AD16E36F17A}] => (Allow) C:\Users\Jesse James\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{019E5959-2EC8-4EEE-BF0F-A2C48229D3B8}] => (Allow) C:\Users\Jesse James\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{719768D7-9E34-4CD9-A5F4-494ABB5B7F3A}] => (Allow) C:\Program Files\Avid\Pro Tools\ProTools.exe
FirewallRules: [{6F9B441F-0385-4B1C-B18C-4FE85D4329F8}] => (Allow) C:\Program Files\Avid\Application Manager\jre\bin\java.exe
FirewallRules: [{522401CF-9411-4589-B2BB-8D083CBC2955}] => (Allow) C:\Program Files\Avid\Application Manager\AvidApplicationManager.exe
FirewallRules: [{9793F1B7-35C7-45E9-9AFF-D3646CF954AE}] => (Allow) C:\Program Files\Avid\Application Manager\AvidAppManHelper.exe
FirewallRules: [{A55FAA27-52FC-485B-8E5C-BE6220B449CE}] => (Allow) C:\Program Files\Avid\Cloud Client Services\AssetCacheService.exe
FirewallRules: [{4966F4DB-7F0A-4307-AED0-AAC14F01F0B4}] => (Allow) C:\Program Files\Avid\Cloud Client Services\Hub.exe
FirewallRules: [{A61D7FC3-AE4F-4FB4-A805-90E054FE92D5}] => (Allow) C:\Program Files\Avid\Cloud Client Services\TransportClient.exe
FirewallRules: [{E05F7092-A104-495D-A7E6-DB061382DE92}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{38E4B36A-3467-4678-B261-D49F0BD3FAF4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{06CCC0F3-5699-4060-97DF-DC118DCCB71D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7CCA345C-0712-4278-B143-97D4A3150F11}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1FFEE655-F7CD-4B73-9619-F48963FD3CD5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{69CB22CA-9DAE-434F-B03D-5A49C9261DCA}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
FirewallRules: [{B9541DFE-C216-424C-A05D-A817B5399B53}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{E3F63F7B-B0A3-4E02-831F-F0ECCCC1821F}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
FirewallRules: [{3F3C2049-A0D1-4644-8809-66838B4591A7}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609_0\SZBrowser.exe
FirewallRules: [{B76B1772-EAE5-45DC-8216-72C037FA0235}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/11/2017 04:40:16 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "c:\program files (x86)\waves\applications\waves central\InstlRunner.exe".Error in manifest or policy file "c:\program files (x86)\waves\applications\waves central\WavesQtLibs_5.1.1_Win32_Release\WavesQtLibs_5.1.1_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/11/2017 04:40:15 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "c:\program files (x86)\waves\applications\GTR 3.5.exe".Error in manifest or policy file "c:\program files (x86)\waves\applications\WavesQtLibs_5.1.1_Win32_Release\WavesQtLibs_5.1.1_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/11/2017 04:40:15 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "c:\program files (x86)\waves\applications\Element App.exe".Error in manifest or policy file "c:\program files (x86)\waves\applications\WavesQtLibs_5.1.1_Win32_Release\WavesQtLibs_5.1.1_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/11/2017 04:40:15 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "c:\program files (x86)\waves\applications\CODEX App.exe".Error in manifest or policy file "c:\program files (x86)\waves\applications\WavesQtLibs_5.1.1_Win32_Release\WavesQtLibs_5.1.1_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/11/2017 04:39:53 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\Waves Central\Waves Central.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\Waves Central\WavesQtLibs_5.1.1_Win32_Release\WavesQtLibs_5.1.1_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/10/2017 04:06:08 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "c:\program files (x86)\waves\applications\waves central\InstlRunner.exe".Error in manifest or policy file "c:\program files (x86)\waves\applications\waves central\WavesQtLibs_5.1.1_Win32_Release\WavesQtLibs_5.1.1_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/10/2017 04:06:07 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "c:\program files (x86)\waves\applications\GTR 3.5.exe".Error in manifest or policy file "c:\program files (x86)\waves\applications\WavesQtLibs_5.1.1_Win32_Release\WavesQtLibs_5.1.1_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/10/2017 04:06:07 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "c:\program files (x86)\waves\applications\Element App.exe".Error in manifest or policy file "c:\program files (x86)\waves\applications\WavesQtLibs_5.1.1_Win32_Release\WavesQtLibs_5.1.1_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/10/2017 04:06:07 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "c:\program files (x86)\waves\applications\CODEX App.exe".Error in manifest or policy file "c:\program files (x86)\waves\applications\WavesQtLibs_5.1.1_Win32_Release\WavesQtLibs_5.1.1_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/10/2017 04:05:45 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\Waves Central\Waves Central.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\Waves Central\WavesQtLibs_5.1.1_Win32_Release\WavesQtLibs_5.1.1_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (08/11/2017 12:16:24 AM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
 
Error: (08/08/2017 04:13:41 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (08/07/2017 08:41:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:37:33 PM on ‎8/‎7/‎2017 was unexpected.
 
Error: (08/02/2017 07:10:02 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:07:55 PM on ‎8/‎2/‎2017 was unexpected.
 
Error: (07/29/2017 04:19:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:43:35 PM on ‎7/‎24/‎2017 was unexpected.
 
Error: (07/20/2017 07:15:51 AM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
 
Error: (07/19/2017 08:43:44 AM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
 
Error: (07/11/2017 07:18:34 PM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
 
Error: (07/08/2017 10:06:08 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (07/08/2017 10:28:59 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:21:34 AM on ‎7/‎8/‎2017 was unexpected.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 870 @ 2.93GHz
Percentage of memory in use: 65%
Total physical RAM: 12247.08 MB
Available physical RAM: 4259.16 MB
Total Virtual: 24492.34 MB
Available Virtual: 18111.44 MB
 
==================== Drives ================================
 
Drive c: (SSD) (Fixed) (Total:111.69 GB) (Free:0.19 GB) NTFS
Drive e: (Tank) (Fixed) (Total:465.39 GB) (Free:262.27 GB) exFAT
Drive z: (Audio) (Fixed) (Total:931.5 GB) (Free:883.29 GB) exFAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 52339428)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FAB7E4C0)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 6 (Size: 931.5 GB) (Disk ID: 1B54B8D7)
 
Partition: GPT.
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=AF)
Partition 3: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#4
Spaghettio
Posted 11 August 2017 - 06:41 PM

Spaghettio

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

 

 

 

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
 
 

 

 

<script src="/cdn-cgi/apps/head/WF48Gl3PKYxHrReiZymeg1SEI3M.js"></script>

 

Thanks for your help, much appreciated! I pasted the files :)


  • 0

#5
RKinner
Posted 11 August 2017 - 09:17 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Which Temp folder is getting full?  What does a typical file in the Temp folder look like?

 

Error: (08/11/2017 04:40:16 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "c:\program files (x86)\waves\applications\waves central\InstlRunner.exe".Error in manifest or policy file "c:\program files (x86)\waves\applications\waves central\WavesQtLibs_5.1.1_Win32_Release\WavesQtLibs_5.1.1_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 

 

 

 
Apparently Wave Central is not happy.  Uninstall it.

  • 0

#6
Spaghettio
Posted 11 August 2017 - 09:30 PM

Spaghettio

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

 

Which Temp folder is getting full?  What does a typical file in the Temp folder look like?

 

Error: (08/11/2017 04:40:16 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "c:\program files (x86)\waves\applications\waves central\InstlRunner.exe".Error in manifest or policy file "c:\program files (x86)\waves\applications\waves central\WavesQtLibs_5.1.1_Win32_Release\WavesQtLibs_5.1.1_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
 
 

 

 

 
Apparently Wave Central is not happy.  Uninstall it.

 

 

 

 
 
C:\Users\Jesse James\AppData\Local\Temp
 
this is the folder that keeps on filling up
 
 
 
 
these are the kinds of files that are in the there folders and tmp files

 

e4j5E05.tmp

 

or folders like this : e4jF287.tmp_dir1502507787


Edited by Spaghettio, 11 August 2017 - 09:31 PM.

  • 0

#7
RKinner
Posted 12 August 2017 - 04:24 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Can you submit one of the tmp files to virustotal?

 

 
Easiest way to submit a file is to copy the path:
 
C:\Users\Jesse James\AppData\Local\Temp\e4j5E05.tmp
 
Then
Go to virustotal.com with your browser.  Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear.  Hit Open and it should return to the main page with e4j5E05.tmp chosen.  Click on Scan it.  If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis.  In that case click on View Last Analysis.  If it doesn't know the file it will take a minute to query 50+ different anti-virus companies.  In either case, copy the Analysis page and paste it into the forum.  You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.
 

 

 

I don't see much in your logs. Do you know what you are doing when the tmp files start building up?  Playing a game, Printing?  Let's see if we can isolate the cause.

 

Search for

 

msconfig

 

hit Enter

 

Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains.  Go to Startup tab and uncheck everything.  OK and
reboot. 
 
Now check  the temp folder.  Do you see any of the tmp files?
 
If not then one of the programs you unchecked is the source.  Go back into msconfig and recheck about 1/2 of what you unchecked OK and Reboot.  May take a while but eventually you will isolate it to one or two programs.  If that does not helpt then go back in and recheck everything OK and reboot.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP