Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware limiting internet access.


  • This topic is locked This topic is locked
84 replies to this topic

#1 JONES113

JONES113

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 16 August 2017 - 05:17 PM

My windows 7 laptop is infected with something. It will not locate any wireless networks and when I connect it to a wired connection it stays connected for maybe a minute before kicking me off and reconnecting (continuous cycle). I'm not sure what happened, but my phone connects to my wireless network fine. I got a popup in internet explorer saying my computer is blocked and to call this number to get it fixed. Any help would be appreciated. Thanks!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-08-2017
Ran by JONES13 LLC (administrator) on WORK (16-08-2017 18:00:30)
Running from C:\Users\JONES13 LLC\Desktop
Loaded Profiles: JONES13 LLC (Available Profiles: JONES13 LLC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Gladinet, INC) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
() C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Power PDF\NPDFLM.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoHook.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_26_0_0_137_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1604168 2013-11-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [711040 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2886824 2015-03-11] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [1957888 2014-03-18] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Nuance Power PDF Standard-reminder] => "C:\Program Files (x86)\Nuance\Power PDF\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\Power PDF Standard\Ereg\Ereg.ini"
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM-x32\...\Run: [PowerPDF Registry Controller] => C:\Program Files (x86)\Nuance\Power PDF\RegistryController.exe [206288 2015-02-06] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [NuanPowerPdf1NPDFLM] => C:\Program Files (x86)\Nuance\Power PDF\NPDFLM.exe [3452456 2015-02-06] (Nuance Communications, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-4021497823-3032418622-2152258761-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-4021497823-3032418622-2152258761-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-05-18] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-4021497823-3032418622-2152258761-1000\...\Run: [EPLTarget\P0000000000000001] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-12-15]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{5F2E024E-E2A1-4BFF-BF03-746F4056CAB0}: [DhcpNameServer] 208.180.42.68 208.180.42.100

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-4021497823-3032418622-2152258761-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-03-14] (Microsoft Corporation)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2015-06-09] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Nuance PDF Toolbar Helper -> {940361F8-7F16-4498-AB43-2EFFE0235AFA} -> C:\Program Files (x86)\Nuance\Power PDF\Bin\SZeonIEFavClient.dll [2014-11-18] (Zeon Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKLM-x32 - Nuance PDF - {BED78D9C-A025-4FE9-B3BA-27E6D376A3D5} - C:\Program Files (x86)\Nuance\Power PDF\Bin\SZeonIEFavClient.dll [2014-11-18] (Zeon Corporation)
Toolbar: HKU\S-1-5-21-4021497823-3032418622-2152258761-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()

FireFox:
========
FF DefaultProfile: yxrdswjc.default
FF ProfilePath: C:\Users\JONES13 LLC\AppData\Roaming\Mozilla\Firefox\Profiles\yxrdswjc.default [2017-08-16]
FF Homepage: Mozilla\Firefox\Profiles\yxrdswjc.default -> hxxp://www.yahoo.com/
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-03-07] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-17] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-10-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\Power PDF\bin\nppdf.dll [2015-01-08] (Zeon Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1093136 2017-05-18] (Garmin Ltd. or its subsidiaries)
R2 GladFileMonSvc; C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [30032 2014-02-09] (Gladinet, INC)
R2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [329200 2016-07-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [220840 2015-03-11] (Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKsla6797a0d; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{484E5942-F4C3-474C-B504-156E666199AD}\MpKsla6797a0d.sys [44928 2017-08-16] (Microsoft Corporation)
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 PSI; C:\windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R3 RSP2STOR; C:\windows\System32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
S3 TXEIx64; C:\windows\System32\DRIVERS\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-16 18:00 - 2017-08-16 18:01 - 000016444 _____ C:\Users\JONES13 LLC\Desktop\FRST.txt
2017-08-16 18:00 - 2017-08-16 18:00 - 000000000 ____D C:\FRST
2017-08-16 17:55 - 2017-08-16 17:58 - 002395648 _____ (Farbar) C:\Users\JONES13 LLC\Desktop\FRST64.exe
2017-08-16 13:59 - 2017-08-16 14:48 - 003240733 _____ C:\Users\JONES13 LLC\Desktop\Robe Unit Leasehold.xlsx
2017-08-14 09:46 - 2017-07-29 10:56 - 000117248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2017-08-14 09:46 - 2017-07-21 10:26 - 000518144 _____ C:\windows\SysWOW64\msjetoledb40.dll
2017-08-14 09:46 - 2017-07-21 10:26 - 000290816 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjtes40.dll
2017-08-14 09:46 - 2017-07-15 14:35 - 000394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-08-14 09:46 - 2017-07-15 13:52 - 000346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2017-08-14 09:46 - 2017-07-14 11:29 - 002319872 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2017-08-14 09:46 - 2017-07-14 11:29 - 002222080 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2017-08-14 09:46 - 2017-07-14 11:29 - 002058240 _____ (Microsoft Corporation) C:\windows\system32\Query.dll
2017-08-14 09:46 - 2017-07-14 11:29 - 000778240 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2017-08-14 09:46 - 2017-07-14 11:29 - 000491520 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2017-08-14 09:46 - 2017-07-14 11:29 - 000486400 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2017-08-14 09:46 - 2017-07-14 11:29 - 000288256 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2017-08-14 09:46 - 2017-07-14 11:29 - 000115200 _____ (Microsoft Corporation) C:\windows\system32\mssitlb.dll
2017-08-14 09:46 - 2017-07-14 11:29 - 000099840 _____ (Microsoft Corporation) C:\windows\system32\mssprxy.dll
2017-08-14 09:46 - 2017-07-14 11:29 - 000075264 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
2017-08-14 09:46 - 2017-07-14 11:29 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2017-08-14 09:46 - 2017-07-14 11:29 - 000014336 _____ (Microsoft Corporation) C:\windows\system32\msshooks.dll
2017-08-14 09:46 - 2017-07-14 11:12 - 000591872 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2017-08-14 09:46 - 2017-07-14 11:12 - 000249856 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2017-08-14 09:46 - 2017-07-14 11:11 - 000113664 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2017-08-14 09:46 - 2017-07-14 11:10 - 001549824 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2017-08-14 09:46 - 2017-07-14 11:10 - 001400320 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2017-08-14 09:46 - 2017-07-14 11:10 - 001363968 _____ (Microsoft Corporation) C:\windows\SysWOW64\Query.dll
2017-08-14 09:46 - 2017-07-14 11:10 - 000666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2017-08-14 09:46 - 2017-07-14 11:10 - 000382976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2017-08-14 09:46 - 2017-07-14 11:10 - 000337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2017-08-14 09:46 - 2017-07-14 11:10 - 000197120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
2017-08-14 09:46 - 2017-07-14 11:10 - 000104448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssitlb.dll
2017-08-14 09:46 - 2017-07-14 11:10 - 000059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscntrs.dll
2017-08-14 09:46 - 2017-07-14 11:10 - 000034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssprxy.dll
2017-08-14 09:46 - 2017-07-14 11:00 - 000427520 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2017-08-14 09:46 - 2017-07-14 11:00 - 000164352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2017-08-14 09:46 - 2017-07-14 10:57 - 000050688 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2017-08-14 09:46 - 2017-07-14 10:50 - 000054272 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2017-08-14 09:46 - 2017-07-14 10:50 - 000028672 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
2017-08-14 09:46 - 2017-07-14 02:49 - 025733632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-08-14 09:46 - 2017-07-14 02:47 - 000066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2017-08-14 09:46 - 2017-07-14 02:45 - 000417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2017-08-14 09:46 - 2017-07-14 02:45 - 000048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2017-08-14 09:46 - 2017-07-14 02:44 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-08-14 09:46 - 2017-07-14 02:44 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2017-08-14 09:46 - 2017-07-14 02:38 - 002899456 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-08-14 09:46 - 2017-07-14 02:29 - 000054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2017-08-14 09:46 - 2017-07-14 02:28 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2017-08-14 09:46 - 2017-07-14 02:22 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2017-08-14 09:46 - 2017-07-14 02:20 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2017-08-14 09:46 - 2017-07-14 02:20 - 000116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2017-08-14 09:46 - 2017-07-14 02:19 - 000817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-08-14 09:46 - 2017-07-14 02:19 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2017-08-14 09:46 - 2017-07-14 02:08 - 000968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2017-08-14 09:46 - 2017-07-14 02:02 - 000489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2017-08-14 09:46 - 2017-07-14 01:49 - 000077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2017-08-14 09:46 - 2017-07-14 01:48 - 000087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2017-08-14 09:46 - 2017-07-14 01:47 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2017-08-14 09:46 - 2017-07-14 01:42 - 000199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2017-08-14 09:46 - 2017-07-14 01:40 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2017-08-14 09:46 - 2017-07-14 01:35 - 005981184 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-08-14 09:46 - 2017-07-14 01:35 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-08-14 09:46 - 2017-07-14 01:33 - 000152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2017-08-14 09:46 - 2017-07-14 01:16 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-08-14 09:46 - 2017-07-14 01:11 - 000725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2017-08-14 09:46 - 2017-07-14 01:10 - 000806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-08-14 09:46 - 2017-07-14 01:09 - 002132992 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-08-14 09:46 - 2017-07-14 01:09 - 001359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2017-08-14 09:46 - 2017-07-14 00:40 - 015254016 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-08-14 09:46 - 2017-07-14 00:23 - 003240960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-08-14 09:46 - 2017-07-14 00:07 - 001545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-08-14 09:46 - 2017-07-13 23:58 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-08-14 09:46 - 2017-07-13 22:54 - 020270080 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-08-14 09:46 - 2017-07-13 22:48 - 000499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-08-14 09:46 - 2017-07-13 22:48 - 000341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2017-08-14 09:46 - 2017-07-13 22:48 - 000062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2017-08-14 09:46 - 2017-07-13 22:48 - 000047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2017-08-14 09:46 - 2017-07-13 22:47 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2017-08-14 09:46 - 2017-07-13 22:44 - 002290176 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-08-14 09:46 - 2017-07-13 22:42 - 000047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2017-08-14 09:46 - 2017-07-13 22:41 - 000030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2017-08-14 09:46 - 2017-07-13 22:39 - 000476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2017-08-14 09:46 - 2017-07-13 22:38 - 000663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-08-14 09:46 - 2017-07-13 22:38 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2017-08-14 09:46 - 2017-07-13 22:38 - 000115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2017-08-14 09:46 - 2017-07-13 22:30 - 000416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2017-08-14 09:46 - 2017-07-13 22:26 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-08-14 09:46 - 2017-07-13 22:25 - 000091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2017-08-14 09:46 - 2017-07-13 22:25 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2017-08-14 09:46 - 2017-07-13 22:23 - 000168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2017-08-14 09:46 - 2017-07-13 22:22 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2017-08-14 09:46 - 2017-07-13 22:21 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2017-08-14 09:46 - 2017-07-13 22:20 - 000130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2017-08-14 09:46 - 2017-07-13 22:17 - 004546048 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-08-14 09:46 - 2017-07-13 22:13 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2017-08-14 09:46 - 2017-07-13 22:12 - 000693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-08-14 09:46 - 2017-07-13 22:11 - 002057216 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2017-08-14 09:46 - 2017-07-13 22:11 - 001155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2017-08-14 09:46 - 2017-07-13 22:09 - 013663744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-08-14 09:46 - 2017-07-13 21:53 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-08-14 09:46 - 2017-07-13 21:50 - 001314816 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-08-14 09:46 - 2017-07-13 21:48 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-08-14 09:46 - 2017-07-08 11:34 - 000370920 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2017-08-14 09:46 - 2017-07-08 11:00 - 003224064 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-08-14 09:46 - 2017-07-07 11:37 - 000631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2017-08-14 09:46 - 2017-07-07 11:33 - 005547752 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-08-14 09:46 - 2017-07-07 11:33 - 000706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2017-08-14 09:46 - 2017-07-07 11:33 - 000363752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volmgrx.sys
2017-08-14 09:46 - 2017-07-07 11:33 - 000154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-08-14 09:46 - 2017-07-07 11:33 - 000095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-08-14 09:46 - 2017-07-07 11:31 - 001732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 001460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 001212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 001163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 000880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 000731648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 000503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 000463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 000419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 000362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 000345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 000312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 000243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 000215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 000210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 000190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 000149504 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 000135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 000123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 000086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 000044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 000043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-08-14 09:46 - 2017-07-07 11:29 - 000028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-08-14 09:46 - 2017-07-07 11:15 - 004001000 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2017-08-14 09:46 - 2017-07-07 11:15 - 003945192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2017-08-14 09:46 - 2017-07-07 11:13 - 001314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2017-08-14 09:46 - 2017-07-07 11:11 - 000666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-08-14 09:46 - 2017-07-07 11:11 - 000275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2017-08-14 09:46 - 2017-07-07 11:11 - 000261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-08-14 09:46 - 2017-07-07 11:11 - 000254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2017-08-14 09:46 - 2017-07-07 11:11 - 000223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2017-08-14 09:46 - 2017-07-07 11:11 - 000172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2017-08-14 09:46 - 2017-07-07 11:11 - 000141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-08-14 09:46 - 2017-07-07 11:11 - 000109568 _____ (Microsoft Corporation) C:\windows\SysWOW64\t2embed.dll
2017-08-14 09:46 - 2017-07-07 11:11 - 000096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-08-14 09:46 - 2017-07-07 11:11 - 000082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2017-08-14 09:46 - 2017-07-07 11:11 - 000065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2017-08-14 09:46 - 2017-07-07 11:10 - 000644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2017-08-14 09:46 - 2017-07-07 11:10 - 000554496 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-08-14 09:46 - 2017-07-07 11:10 - 000342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-08-14 09:46 - 2017-07-07 11:01 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2017-08-14 09:46 - 2017-07-07 10:58 - 000338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2017-08-14 09:46 - 2017-07-07 10:54 - 000291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-08-14 09:46 - 2017-07-07 10:54 - 000159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-08-14 09:46 - 2017-07-07 10:54 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-08-14 09:46 - 2017-07-07 10:53 - 000112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2017-08-14 09:46 - 2017-07-07 10:53 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-08-14 09:46 - 2017-07-01 09:05 - 001311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjet40.dll
2017-08-14 09:46 - 2017-07-01 09:05 - 000866816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswdat10.dll
2017-08-14 09:46 - 2017-07-01 09:05 - 000641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswstr10.dll
2017-08-14 09:46 - 2017-07-01 09:05 - 000616448 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrepl40.dll
2017-08-14 09:46 - 2017-07-01 09:05 - 000475648 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxbde40.dll
2017-08-14 09:46 - 2017-07-01 09:05 - 000375808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mspbde40.dll
2017-08-14 09:46 - 2017-07-01 09:05 - 000343552 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd3x40.dll
2017-08-14 09:46 - 2017-07-01 09:05 - 000339968 _____ (Microsoft Corporation) C:\windows\SysWOW64\msexcl40.dll
2017-08-14 09:46 - 2017-07-01 09:05 - 000310272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd2x40.dll
2017-08-14 09:46 - 2017-07-01 09:05 - 000240640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msltus40.dll
2017-08-14 09:46 - 2017-07-01 09:05 - 000144896 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjint40.dll
2017-08-14 09:46 - 2017-07-01 09:05 - 000083968 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjter40.dll
2017-08-14 09:45 - 2017-07-21 10:26 - 000409600 _____ (Microsoft Corporation) C:\windows\SysWOW64\msexch40.dll
2017-08-14 09:45 - 2017-07-21 10:26 - 000282624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstext40.dll
2017-08-14 09:45 - 2017-07-14 10:59 - 000086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
2017-08-14 09:45 - 2017-07-14 10:59 - 000009728 _____ (Microsoft Corporation) C:\windows\SysWOW64\msshooks.dll
2017-08-14 09:45 - 2017-07-14 03:16 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2017-08-14 09:45 - 2017-07-14 03:15 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2017-08-14 09:45 - 2017-07-13 23:01 - 002724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2017-08-14 09:45 - 2017-07-07 11:29 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:11 - 001114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2017-08-14 09:45 - 2017-07-07 11:11 - 000043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2017-08-14 09:45 - 2017-07-07 11:11 - 000022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2017-08-14 09:45 - 2017-07-07 11:11 - 000005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 11:02 - 000148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2017-08-14 09:45 - 2017-07-07 11:01 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-08-14 09:45 - 2017-07-07 11:01 - 000017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2017-08-14 09:45 - 2017-07-07 10:57 - 000296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2017-08-14 09:45 - 2017-07-07 10:51 - 000050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2017-08-14 09:45 - 2017-07-07 10:48 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2017-08-14 09:45 - 2017-07-07 10:48 - 000014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2017-08-14 09:45 - 2017-07-07 10:48 - 000007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2017-08-14 09:45 - 2017-07-07 10:48 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2017-08-14 09:45 - 2017-07-07 10:47 - 000036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2017-08-14 09:45 - 2017-07-07 10:47 - 000006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 10:47 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 10:47 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-08-14 09:45 - 2017-07-07 10:47 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-07-28 13:54 - 2017-07-28 13:54 - 000000000 ____D C:\ProgramData\Emsisoft
2017-07-17 08:23 - 2017-06-15 16:23 - 000753664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2017-07-17 08:23 - 2017-06-12 18:49 - 001363456 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
2017-07-17 08:23 - 2017-06-12 18:49 - 000594432 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll
2017-07-17 08:23 - 2017-06-12 18:49 - 000475136 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx
2017-07-17 08:23 - 2017-06-12 18:49 - 000058880 _____ (Microsoft Corporation) C:\windows\system32\pdhui.dll
2017-07-17 08:23 - 2017-06-12 18:29 - 001227264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
2017-07-17 08:23 - 2017-06-12 18:29 - 000444928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll
2017-07-17 08:23 - 2017-06-12 18:29 - 000390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx
2017-07-17 08:23 - 2017-06-12 18:28 - 000047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\pdhui.dll
2017-07-17 08:23 - 2017-06-12 18:14 - 000379392 _____ (Microsoft Corporation) C:\windows\system32\msinfo32.exe
2017-07-17 08:23 - 2017-06-12 18:14 - 000172544 _____ (Microsoft Corporation) C:\windows\system32\perfmon.exe
2017-07-17 08:23 - 2017-06-12 18:14 - 000103936 _____ (Microsoft Corporation) C:\windows\system32\resmon.exe
2017-07-17 08:23 - 2017-06-12 18:06 - 000303616 _____ (Microsoft Corporation) C:\windows\SysWOW64\msinfo32.exe
2017-07-17 08:23 - 2017-06-12 18:06 - 000157184 _____ (Microsoft Corporation) C:\windows\SysWOW64\perfmon.exe
2017-07-17 08:23 - 2017-06-12 18:06 - 000103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\resmon.exe
2017-07-17 08:23 - 2017-06-10 11:59 - 000313856 _____ (Microsoft Corporation) C:\windows\system32\Wldap32.dll
2017-07-17 08:23 - 2017-06-10 11:39 - 000271360 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wldap32.dll
2017-07-17 08:23 - 2017-06-09 11:33 - 001680616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2017-07-17 08:23 - 2017-06-06 11:30 - 001867264 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2017-07-17 08:23 - 2017-06-06 11:12 - 001499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2017-07-17 08:23 - 2017-05-30 00:56 - 001895656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2017-07-17 08:23 - 2017-05-30 00:56 - 000377576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2017-07-17 08:23 - 2017-05-30 00:56 - 000287976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2017-07-17 08:23 - 2017-05-21 00:24 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2017-07-17 08:23 - 2017-05-21 00:06 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2017-07-17 08:23 - 2017-05-16 11:35 - 000986856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2017-07-17 08:23 - 2017-05-16 11:35 - 000265448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2017-07-17 08:23 - 2017-05-16 11:30 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-16 18:02 - 2014-09-30 15:47 - 000000000 ____D C:\ProgramData\TEMP
2017-08-16 14:22 - 2014-10-01 16:10 - 000192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-16 13:55 - 2009-07-13 23:20 - 000000000 ____D C:\windows\system32\NDF
2017-08-16 13:50 - 2009-07-14 00:45 - 000024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-16 13:50 - 2009-07-14 00:45 - 000024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-16 13:42 - 2015-12-26 23:53 - 000000000 __SHD C:\Users\JONES13 LLC\IntelGraphicsProfiles
2017-08-16 13:40 - 2009-07-14 01:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-08-16 09:41 - 2009-07-14 01:32 - 000000000 ____D C:\windows\system32\FxsTmp
2017-08-15 15:54 - 2009-07-14 01:13 - 000781790 _____ C:\windows\system32\PerfStringBackup.INI
2017-08-15 15:54 - 2009-07-13 23:20 - 000000000 ____D C:\windows\inf
2017-08-15 15:13 - 2014-12-10 14:33 - 000000000 ____D C:\Users\JONES13 LLC\AppData\Local\CrashDumps
2017-08-14 15:23 - 2014-09-29 17:19 - 000000000 ____D C:\Users\JONES13 LLC\Desktop\JaSoN
2017-08-14 11:03 - 2015-05-25 10:12 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-14 11:01 - 2015-05-25 10:11 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-14 10:40 - 2016-02-29 10:19 - 000432112 _____ C:\windows\system32\FNTCACHE.DAT
2017-08-14 10:25 - 2014-05-20 06:45 - 000774404 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2017-08-14 10:17 - 2014-10-05 16:14 - 000000000 ____D C:\windows\system32\MRT
2017-08-14 10:12 - 2014-10-05 16:14 - 140394280 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-08-14 09:29 - 2014-10-30 10:07 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-14 09:26 - 2014-10-30 09:56 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-08-14 08:59 - 2017-06-28 08:31 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-08-08 04:25 - 2017-06-28 08:31 - 001493270 _____ C:\windows\ZAM_Guard.krnl.trace
2017-07-28 14:47 - 2014-12-22 20:10 - 000000000 ____D C:\windows\Minidump
2017-07-28 14:39 - 2017-06-28 08:32 - 000103098 _____ C:\windows\ZAM.krnl.trace
2017-07-28 13:54 - 2014-09-29 13:59 - 000000000 ____D C:\Users\JONES13 LLC
2017-07-17 13:08 - 2014-09-29 17:16 - 000000000 ____D C:\Users\JONES13 LLC\AppData\Local\Adobe
2017-07-17 13:05 - 2014-05-20 06:53 - 000803328 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-07-17 13:05 - 2014-05-20 06:53 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-17 13:04 - 2014-05-20 06:53 - 000000000 ____D C:\windows\SysWOW64\Macromed
2017-07-17 13:04 - 2014-05-20 06:53 - 000000000 ____D C:\windows\system32\Macromed
2017-07-17 12:52 - 2014-12-11 14:20 - 000000000 ____D C:\windows\system32\appraiser

==================== Files in the root of some directories =======

2014-09-18 06:59 - 2014-09-18 06:59 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\JONES13 LLC\adwcleaner_6.043.exe
C:\Users\JONES13 LLC\JRT.exe
C:\Users\JONES13 LLC\TFC.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-16 17:36

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2017
Ran by JONES13 LLC (16-08-2017 18:02:43)
Running from C:\Users\JONES13 LLC\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-09-29 17:59:42)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4021497823-3032418622-2152258761-500 - Administrator - Disabled)
Guest (S-1-5-21-4021497823-3032418622-2152258761-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4021497823-3032418622-2152258761-1002 - Limited - Enabled)
JONES13 LLC (S-1-5-21-4021497823-3032418622-2152258761-1000 - Administrator - Enabled) => C:\Users\JONES13 LLC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-4021497823-3032418622-2152258761-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
ANT Drivers Installer x64 (HKLM\...\{1B6B17C2-176C-433C-93F3-640D12825426}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 2.0.0.27 - Qualcomm Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Elevated Installer (HKLM-x32\...\{BA007E03-72AE-4D2D-8A73-FA4B935D4015}) (Version: 5.4.1.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson E-Web Print (HKLM-x32\...\{E904F572-D7DB-43C1-929F-043F267FC77D}) (Version: 1.22.0000 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
Garmin Express (HKLM-x32\...\{2f694ffe-66ec-4674-a32d-ec690281ca57}) (Version: 5.4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{BCEE507D-8D49-40FF-B437-70E3B9C2D51C}) (Version: 5.4.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{198E262D-8C4F-4131-91C7-1F81FB8688F1}) (Version: 5.4.1.0 - Garmin Ltd or its subsidiaries) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.19 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4953.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4021497823-3032418622-2152258761-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Net Deed Plotter (HKLM-x32\...\{1F9A5127-FAAE-4B93-BA26-74EA24116034}) (Version: 5.61 - Greenbrier Graphics, LLC) Hidden
Net Deed Plotter (HKLM-x32\...\Net Deed Plotter) (Version: 5.61 - Greenbrier Graphics, LLC)
Nuance Cloud Connector (HKLM-x32\...\{EAA35115-7313-496C-8EEC-A281CF95B876}) (Version: 3.2.1156 - Nuance Communications, Inc.)
Nuance Power PDF Hotfix-14219.939.14357 (HKLM-x32\...\{E462B5A4-C4A8-4128-BC3B-14885102B95A}) (Version: 1.00.14357 - Nuance Communications, Inc.)
Nuance Power PDF Standard (HKLM\...\{B43651AB-6285-4FEB-95A2-3450D63378A2}) (Version: 1.10.8423 - Nuance Communications, Inc.)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
P@H-Protocol (HKLM-x32\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.78.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474}) (Version: 4.3.6 - SEIKO EPSON CORPORATION)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.53.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.13 - Toshiba Corporation)
TOSHIBA Battery Manager (HKLM\...\{22C02670-53B4-4DEC-8BFE-E09720DF2904}) (Version: 9.0.4.64 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.13 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.4.5.64 - Toshiba Corporation)
TOSHIBA Flash Cards (HKLM\...\{F5D089A2-3E02-4471-AA04-3C7B87A60BD4}) (Version: 9.0.5.6401 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.15C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.55C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.15 - TOSHIBA Corporation)
TOSHIBA PC Diagnostic Tool (HKLM-x32\...\{F0794FA5-1809-4FC3-AA4E-48061281B5A2}) (Version: 9.0.2.6400 - Toshiba Corporation)
TOSHIBA Power Saver (HKLM\...\{4573FA6D-5FC1-4CA0-8D90-BAF9325B28ED}) (Version: 9.0.2.6402 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.9.52040013 - Toshiba Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.14C - TOSHIBA CORPORATION)
TOSHIBA System Driver (HKLM\...\{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}) (Version: 9.0.2.6401 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.0.1 - TOSHIBA)
Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.6 - TOSHIBA) Hidden
Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.6 - TOSHIBA) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 15.6.9.0 - WOT Services Oy)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4021497823-3032418622-2152258761-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4021497823-3032418622-2152258761-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\JONES13 LLC\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4021497823-3032418622-2152258761-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\JONES13 LLC\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4021497823-3032418622-2152258761-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\JONES13 LLC\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4021497823-3032418622-2152258761-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\JONES13 LLC\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4021497823-3032418622-2152258761-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\JONES13 LLC\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll [2014-02-09] (Gladinet, INC)
ShellIconOverlayIdentifiers: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll [2014-02-09] (Gladinet, INC)
ShellIconOverlayIdentifiers-x32: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll [2014-02-09] (Gladinet, INC)
ShellIconOverlayIdentifiers-x32: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll [2014-02-09] (Gladinet, INC)
ContextMenuHandlers1: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [NPDF.ShellExtension] -> {03DDC0E5-AF08-40a2-85B9-FEDF1F4A780C} => C:\Program Files (x86)\Nuance\Power PDF\ShellExt.dll [2015-02-06] (Nuance Communications, Inc.)
ContextMenuHandlers1: [Nuance.SMFCDirectShellExt] -> {B080A0B4-C3ED-4E09-B92C-66D5829AA764} => C:\Program Files (x86)\Nuance\Power PDF\bin\SDirectShellExt.dll [2015-01-08] (Zeon International Investment Corp. )
ContextMenuHandlers1: [tosBtShllExt] -> [CC]{6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} =>  -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers3: [Open With Gladinet] -> [CC]{81695C6B-C2CA-492F-951D-5469840B2098} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [tosBtShllExt] -> [CC]{6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2016-07-07] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-4021497823-3032418622-2152258761-1000: [ SkyDriveEx] -> [CC]{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_S-1-5-21-4021497823-3032418622-2152258761-1000: [ SkyDriveEx] -> [CC]{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {354EAE48-ECB2-4130-9E6A-52A466B75C5F} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {773F88E6-090E-49F4-A3ED-CF8028A38A84} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {A0A9C8D7-FF9C-4CEA-B171-C5FE626F176A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {AC7DB583-F754-4D09-AFCA-6C42FB107A62} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {B257E2D2-143F-4F29-8328-5210CEFF88B3} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-05-18] ()
Task: {B5C5A4F9-704B-41D5-94D3-FE01FA9054F3} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {CF8D45B6-AF7C-41C8-9D6B-D2F1EF93174A} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-02-24] (Realtek Semiconductor)
Task: {D0A18DC9-5A58-4921-9E19-4FB568B43C4D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {F4B36E4D-997B-414A-A59C-295B4074E037} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\JONES13 LLC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB Book and Page Application.lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 70944229.www.wetzelcountywv.us

==================== Loaded Modules (Whitelisted) ==============

2014-10-30 09:56 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-03-21 12:43 - 2017-01-31 08:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-09 13:12 - 2014-02-09 13:12 - 000222544 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
2010-12-15 18:19 - 2010-12-15 18:19 - 000124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2013-08-21 02:49 - 2013-08-21 02:49 - 000080264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-02-09 12:59 - 2014-02-09 12:59 - 000293200 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\sqlite3.dll
2014-02-09 13:00 - 2014-02-09 13:00 - 000080208 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\zlib125.dll
2014-02-09 13:00 - 2014-02-09 13:00 - 000016720 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSMui.dll
2015-06-09 09:55 - 2015-06-09 09:55 - 001635328 _____ () C:\Program Files (x86)\WOT\WOT.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\TEMP:F9CFE070 [762]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4021497823-3032418622-2152258761-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\JONES13 LLC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.180.42.68 - 208.180.42.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\windows\pss\Bluetooth Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nuance Cloud Connector.lnk => C:\windows\pss\Nuance Cloud Connector.lnk.CommonStartup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{0DAEC057-0B62-4BF6-B99E-317F1AB0C696}C:\users\jones13 llc\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jones13 llc\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{376881BF-B5FB-485D-BD08-79D6E0B0D2E7}C:\users\jones13 llc\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jones13 llc\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{F0984E2D-4F8E-4943-9DA3-B6FF5EB8A1BE}C:\users\jones13 llc\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\jones13 llc\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{837D861A-6F0E-4392-8129-12397B0D848F}C:\users\jones13 llc\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\jones13 llc\appdata\local\akamai\netsession_win.exe
FirewallRules: [{104CDCEB-681A-4623-8D3A-5324CFF4991D}] => (Allow) C:\Users\JONES13 LLC\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{CEE54AFF-5A4F-4C3C-9D9F-A18152385BB0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E776B4E6-F9CC-4A7E-B746-6A81BAEB39F4}] => (Allow) LPort=2869
FirewallRules: [{E4C2858A-BE1D-4FA6-B53A-2985478338B5}] => (Allow) LPort=1900
FirewallRules: [{34357A14-5901-4991-80F5-C6E2BB656BC3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F1D140B2-F9F3-439F-8D5C-E6206A78FF27}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7ADDB5FF-FC49-4082-825E-5B1D959AE6FD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AEA907B9-420F-445C-A7A5-1D27714D0EBA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8B1CA07C-0393-45A3-A803-1FEE764BDC64}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{079CC9CA-9EA0-491C-A987-37B73A4943C4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C8D8E56-6F56-4E50-8987-804CE5B3EC99}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D5764D26-55A8-4339-AF6C-B5ABE770B2EB}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
FirewallRules: [{52E41205-D818-4064-84DF-8A703314696F}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
FirewallRules: [{C763FC5F-6D47-4D46-8BD0-4EDD5E4D9C95}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
FirewallRules: [{42417DB7-C909-4192-A891-AE1E5194982C}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
FirewallRules: [{B69E948B-A17B-4A8B-8B63-E2937D88DD69}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr2003.exe
FirewallRules: [{32CCCB11-BD06-471E-96F0-1EE15953FF15}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr2003.exe
FirewallRules: [TCP Query User{C6ED1A38-D62A-40A2-8122-687670FF0DD0}C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe] => (Allow) C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe
FirewallRules: [UDP Query User{D35C1E33-AB77-4121-B5AC-5F02BE826D2F}C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe] => (Allow) C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe
FirewallRules: [{C8064FB3-F306-4FD2-8775-4FF50A759DB1}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\NPDFAssist.exe
FirewallRules: [{C95316E6-50A5-450F-B181-F6781F1132BB}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\NPDFAssist.exe
FirewallRules: [{45C510C6-11FE-4521-B69D-53407CE8895C}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\NPDFLM.exe
FirewallRules: [{A60EC7AA-8D67-40FE-9466-5A3E550DF6E5}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\NPDFLM.exe
FirewallRules: [{1D994B91-7E38-4609-ADAC-94BE7308510C}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\bin\NPDFCreate.exe
FirewallRules: [{A9837D06-9A03-4B22-973E-22DA646F9B47}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\bin\NPDFCreate.exe
FirewallRules: [{527081EC-F631-4459-A844-D76BAAD918C7}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\bin\NuancePDF.exe
FirewallRules: [{89CF3942-95FC-4C30-832A-409BEA25BCAF}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\bin\NuancePDF.exe
FirewallRules: [{6F99B4BA-9E81-4170-BD2E-C3905DEADC74}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\Ereg\Ereg.exe
FirewallRules: [{703CE695-0157-45A0-9737-F491CE404124}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\Ereg\Ereg.exe
FirewallRules: [{4BE70737-2937-4D14-B927-2F99ED83917B}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

17-07-2017 07:54:58 Windows Update
17-07-2017 12:33:00 Windows Update
20-07-2017 15:04:53 Windows Update
25-07-2017 13:06:47 Windows Update
28-07-2017 13:33:19 Windows Update
01-08-2017 12:44:54 Windows Update
14-08-2017 09:39:06 Windows Update
14-08-2017 10:11:23 Windows Update

==================== Faulty Device Manager Devices =============

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/16/2017 02:14:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18763 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 564

Start Time: 01d316b802396010

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (08/16/2017 01:42:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/15/2017 03:12:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NuancePDF.exe, version: 1.1.0.4, time stamp: 0x5487a7f8
Faulting module name: ntdll.dll, version: 6.1.7601.23864, time stamp: 0x595fa490
Exception code: 0xc0000374
Fault offset: 0x000ce8fb
Faulting process id: 0x4f4
Faulting application start time: 0x01d315f9eeb173c9
Faulting application path: C:\Program Files (x86)\Nuance\Power PDF\bin\NuancePDF.exe
Faulting module path: C:\windows\SysWOW64\ntdll.dll
Report Id: be3c159d-81ed-11e7-8677-f8a963f632ff

Error: (08/15/2017 08:50:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18763 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1034

Start Time: 01d315c29853235c

Termination Time: 93

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (08/14/2017 02:28:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18763 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1630

Start Time: 01d3150c0161d98d

Termination Time: 1245

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (08/14/2017 10:41:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/14/2017 10:11:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsl514176f5.

System Error:
The system cannot find the file specified.
.

Error: (08/14/2017 09:28:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/14/2017 09:09:52 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nuance\Power PDF\NPDFAssist.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/14/2017 09:01:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (08/16/2017 05:24:45 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 117.8.0.0

 Update Source: Microsoft Malware Protection Center

 Update Stage: Search

 Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.13804.0&sig=117.8.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

 Signature Type: Network Inspection System

 Update Type: Full

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version:

 Previous Engine Version: 2.1.13804.0

 Error code: 0x80072ee7

 Error description: The server name or address could not be resolved

Error: (08/16/2017 05:24:45 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.249.1077.0

 Update Source: Microsoft Malware Protection Center

 Update Stage: Search

 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.14003.0&avdelta=1.249.1077.0&asdelta=1.249.1077.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

 Signature Type: AntiSpyware

 Update Type: Full

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version:

 Previous Engine Version: 1.1.14003.0

 Error code: 0x80072ee7

 Error description: The server name or address could not be resolved

Error: (08/16/2017 05:24:45 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.249.1077.0

 Update Source: Microsoft Malware Protection Center

 Update Stage: Search

 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.14003.0&avdelta=1.249.1077.0&asdelta=1.249.1077.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

 Signature Type: AntiVirus

 Update Type: Full

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version:

 Previous Engine Version: 1.1.14003.0

 Error code: 0x80072ee7

 Error description: The server name or address could not be resolved

Error: (08/16/2017 05:24:45 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.249.1077.0

 Update Source: Microsoft Update Server

 Update Stage: Search

 Source Path: http://www.microsoft.com

 Signature Type: AntiVirus

 Update Type: Full

 User: NT AUTHORITY\SYSTEM

 Current Engine Version:

 Previous Engine Version: 1.1.14003.0

 Error code: 0x8024402c

 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (08/16/2017 01:42:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (08/16/2017 01:42:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/16/2017 01:41:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (08/16/2017 01:41:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/16/2017 01:41:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Error: (08/15/2017 11:07:18 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

==================== Memory info ===========================

Processor: Intel® Celeron® CPU N2830 @ 2.16GHz
Percentage of memory in use: 63%
Total physical RAM: 3984.39 MB
Available physical RAM: 1472.71 MB
Total Virtual: 7966.96 MB
Available Virtual: 5573.12 MB

==================== Drives ================================

Drive c: (JONES13 LLC) (Fixed) (Total:454.8 GB) (Free:308.46 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: F1A22395)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=454.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.5 GB) - (Type=17)

==================== End of Addition.txt ============================


Edited by hamluis, 16 August 2017 - 05:59 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:12 AM

Posted 20 August 2017 - 09:12 PM

Greetings JONES113 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\ProgramData\TEMP:F9CFE070 [762]
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
Removeproxy:
emptytemp:
End::
  • Click Fix
  • Copy and paste the contents of the Fixlog.txt file in your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the Windows Key + R on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • MTB log
  • Attached System Summary report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 JONES113

JONES113
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 21 August 2017 - 08:37 AM

Hi Gary, my name is Jason and I appreciate all of your help with this matter.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017

Ran by JONES13 LLC (21-08-2017 09:12:31) Run:1
Running from C:\Users\JONES13 LLC\Desktop
Loaded Profiles: JONES13 LLC (Available Profiles: JONES13 LLC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\ProgramData\TEMP:F9CFE070 [762]
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
Removeproxy:
emptytemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\TEMP => ":F9CFE070" ADS removed successfully.
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {D58FFFFE-325F-4E46-83C9-246E602803E7}.
Unable to cancel {FC37B286-C8F2-459C-B43A-C6542ACA1F78}.
Unable to cancel {171FB6FA-A73D-4E2A-A206-09E29DF239B7}.
0 out of 3 jobs canceled.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4021497823-3032418622-2152258761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4021497823-3032418622-2152258761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 54678879 B
Java, Flash, Steam htmlcache => 2046 B
Windows/system/drivers => 25498611 B
Edge => 0 B
Chrome => 0 B
Firefox => 74472816 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 33186 B
LocalService => 0 B
NetworkService => 75062874 B
JONES13 LLC => 337771605 B
 
RecycleBin => 5075603 B
EmptyTemp: => 554.1 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:14:10 ====
 
 
MiniToolBox by Farbar  Version: 17-06-2016
Ran by JONES13 LLC (administrator) on 21-08-2017 at 09:19:53
Running from "C:\Users\JONES13 LLC\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Satellite C50-B Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Atheros AR956x Wireless Network Adapter = Wireless Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Work
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR956x Wireless Network Adapter
   Physical Address. . . . . . . . . : 64-5A-04-9C-06-9C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : F8-A9-63-F6-32-FF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.Belkin:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host yahoo.com. Please check the name and try again.
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...64 5a 04 9c 06 9c ......Atheros AR956x Wireless Network Adapter
 11...f8 a9 63 f6 32 ff ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
**** End of log ****
 
 
 

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:12 AM

Posted 21 August 2017 - 09:47 AM

Gretings Jason, nice to meet you.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
2017-08-14 08:59 - 2017-06-28 08:31 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-08-08 04:25 - 2017-06-28 08:31 - 001493270 _____ C:\windows\ZAM_Guard.krnl.trace
2017-07-28 14:39 - 2017-06-28 08:32 - 000103098 _____ C:\windows\ZAM.krnl.trace
StartPowershell:
Get-BitsTransfer -AllUsers | select -ExpandProperty FileList  | Out-File C:\bits.txt
type C:\bits.txt
EndPowershell:
End::
  • Click Fix
  • Copy and paste the contents of the Fixlog.txt file in your reply.
===================================================

Updating Driver Through Device Manager

----------
  • Press windows key Windows Key + R at the same time
  • Type devmgmt.msc and press Enter
  • Expand the Network Adapters device by clicking the + sign
  • Individually right click on each of the below entries and select Update Driver

Atheros AR956x Wireless Network Adapter
Realtek PCIe FE Family Controller

  • Allow the computer to check Windows Update by selecting Yes, this time only then click Next
  • Select Install the software automatically (Recommended) then click Next
  • Reboot your computer and check for symptoms (if no driver was found and installed let me know)
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Drivers update?
  • Update on Internet connectivity

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 JONES113

JONES113
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 21 August 2017 - 10:08 AM

Drivers were up to date and I still have no internet connectivity, I can't even see a list of wireless networks. Fixlog is below.

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017

Ran by JONES13 LLC (21-08-2017 10:59:09) Run:2
Running from C:\Users\JONES13 LLC\Desktop
Loaded Profiles: JONES13 LLC (Available Profiles: JONES13 LLC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
CreateRestorePoint:
CloseProcesses:
2017-08-14 08:59 - 2017-06-28 08:31 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-08-08 04:25 - 2017-06-28 08:31 - 001493270 _____ C:\windows\ZAM_Guard.krnl.trace
2017-07-28 14:39 - 2017-06-28 08:32 - 000103098 _____ C:\windows\ZAM.krnl.trace
StartPowershell:
Get-BitsTransfer -AllUsers | select -ExpandProperty FileList  | Out-File C:\bits.txt
type C:\bits.txt
EndPowershell:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Zemana AntiMalware => moved successfully
C:\windows\ZAM_Guard.krnl.trace => moved successfully
C:\windows\ZAM.krnl.trace => moved successfully
 
========= Powershell: =========
 
 
========= End of Powershell: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 10:59:49 ====


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:12 AM

Posted 21 August 2017 - 11:24 AM

Please follow the steps again and instead of Updating Driver select Uninstall for both. Reboot and check your Internet.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 JONES113

JONES113
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 21 August 2017 - 12:24 PM

Completed the steps provided and nothing has changed, no wireless access and the wired access is on and off repeatedly. 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:12 AM

Posted 21 August 2017 - 12:53 PM

Please try this again. It didn't work the first time.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
StartPowershell:
Get-BitsTransfer -AllUsers | select -ExpandProperty FileList | Out-File C:\bits.txt
type C:\bits.txt
EndPowershell:
End::
  • Click Fix
  • Copy and paste the contents of the Fixlog.txt file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 JONES113

JONES113
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 21 August 2017 - 01:00 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017

Ran by JONES13 LLC (21-08-2017 13:58:23) Run:4
Running from C:\Users\JONES13 LLC\Desktop
Loaded Profiles: JONES13 LLC (Available Profiles: JONES13 LLC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
StartPowershell:
Get-BitsTransfer -AllUsers | select -ExpandProperty FileList | Out-File C:\bits.txt
type C:\bits.txt
EndPowershell:
 
*****************
 
 
========= Powershell: =========
 
 
========= End of Powershell: =========
 
 
==== End of Fixlog 13:58:31 ====


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:12 AM

Posted 21 August 2017 - 01:09 PM

While I look into your Wireless Driver version please try this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
cmd: cd c:\
cmd: bitsadmin /List /allusers /verbose
End::
  • Click Fix
  • Copy and paste the contents of the Fixlog.txt file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Edited by Oh My!, 21 August 2017 - 01:09 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 JONES113

JONES113
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 21 August 2017 - 01:15 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by JONES13 LLC (21-08-2017 14:13:36) Run:5
Running from C:\Users\JONES13 LLC\Desktop
Loaded Profiles: JONES13 LLC (Available Profiles: JONES13 LLC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
cmd: cd c:\
cmd: bitsadmin /List /allusers /verbose
 
*****************
 
 
========= cd c:\ =========
 
 
========= End of CMD: =========
 
 
========= bitsadmin /List /allusers /verbose =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Listed 0 job(s).
 
========= End of CMD: =========
 
 
==== End of Fixlog 14:13:37 ====



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:12 AM

Posted 21 August 2017 - 01:21 PM

I am getting conflicting information from your reports. This is what we previously got but what you are currently providing is saying there are no pending jobs.
 

Unable to cancel {D58FFFFE-325F-4E46-83C9-246E602803E7}.
Unable to cancel {FC37B286-C8F2-459C-B43A-C6542ACA1F78}.
Unable to cancel {171FB6FA-A73D-4E2A-A206-09E29DF239B7}.
0 out of 3 jobs canceled.


Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
cmd: Bitsadmin /Reset /Allusers
End::
  • Click Fix
  • Copy and paste the contents of the Fixlog.txt file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 JONES113

JONES113
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 21 August 2017 - 01:45 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017

Ran by JONES13 LLC (21-08-2017 14:43:56) Run:6
Running from C:\Users\JONES13 LLC\Desktop
Loaded Profiles: JONES13 LLC (Available Profiles: JONES13 LLC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
cmd: Bitsadmin /Reset /Allusers
 
*****************
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
==== End of Fixlog 14:43:56 ====


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:12 AM

Posted 21 August 2017 - 02:28 PM

Thanks, looks like the jobs were cancelled.

The Wireless Network driver for your computer, as indicated on the Toshiba site, is different than the one installed on your computer. Please download and install Atheros Wireless Lan Driver - Posted Date: 2016-09-21 | Version: 10.0.0.285.0.s3264_wCAT_wINF | Size: 37.88M

Also, if you have not done so recently please boot into Safe Mode with Networking and tell me what you find.

Edited by Oh My!, 21 August 2017 - 02:32 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 JONES113

JONES113
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 22 August 2017 - 08:53 AM

I installed the new driver yesterday evening. I tried using my computer in safe mode, but it kept freezing on me. This morning when I restarted my computer the wireless networked showed back up and I was able to connect to my home network.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users