Jump to content

Recommended Posts

Hello statguy2003 and welcome to Malwarebytes,

What version of Windows is installed to the sick PC. Do you have access to another PC, if so what version of Windows is installed.. Do you have USB flash drive (memory stick) if so what size, is it 4GB or above...

Do you have Windows Installation DVD or USB for sick PC...

Thank you,

Kevin

 

Link to post
Share on other sites

I`ve not used a ChromBook before so have no idea what it can or cannot do.... see if you can do the following:

On you Chromebook can you download Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

We can now try and boot your sick PC to System Recovery Options. as you have no installation DVD we only have one option.... as follows :-

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the sick computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


On the System Recovery Options menu you may get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

 
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Thanks,

Kevin..

Link to post
Share on other sites

Hi Kevin,

Here is the output:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by SYSTEM on MININT-HMEP5QA (22-12-2017 17:11:05)
Running from g:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet002
[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [InstantUpdate] => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe [124520 2012-04-06] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12448872 2012-02-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-07] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2821936 2012-03-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1021056 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800896 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2015-05-04] (BlackBerry Limited)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4857592 2014-11-28] (BlackBerry Limited)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2015-08-02] (Dritek System Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [557392 2017-11-15] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [402768 2017-11-15] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Default\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
HKU\Default\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [450048 2011-09-12] ()
HKU\Default User\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
HKU\Default User\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [450048 2011-09-12] ()
HKU\Jim\...\Run: [Google Update] => C:\Users\Jim\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-20] (Google Inc.)
HKU\Jim\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\Jim\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Jim\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKU\Jim\...\Run: [76C34C4F529FAADC3A9D6C7D5C900CABAB119D54._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1592664 2017-12-05] (Google Inc.)
AppInit_DLLs-x32: c:\progra~2\citrix\icacli~1\rshook.dll => No File
Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2017-11-27]
ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2015-05-04] (BlackBerry Limited)
S3 DCDhcpService; C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe [111776 2012-02-10] (Atheros Communication Inc.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [399720 2017-10-09] (WildTangent)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-15] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2014-12-14] (NETGEAR)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
S2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2014-11-28] (Apple Inc.)
S2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1348344 2014-11-28] (BlackBerry Limited)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-02-19] (Atheros)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6_AMD64.sys [25088 2014-09-08] (BlackBerry)
S3 Ctxusbr; C:\Windows\System32\DRIVERS\ctxusbr.sys [77488 2016-09-04] (Citrix Systems, Inc.)
S5 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [312400 2015-08-02] (Dritek System Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [80384 2015-09-14] (BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-11-28] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 NPF; system32\drivers\NPF.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-22 13:49 - 2017-12-22 18:48 - 000852798 _____ C:\Users\Jim\Desktop\SecurityCheck.exe
2017-12-22 10:34 - 2017-12-22 10:34 - 000028272 _____ C:\Windows\System32\Drivers\TrueSight.sys
2017-12-22 10:33 - 2017-12-22 15:32 - 026848328 _____ (Adlice Software) C:\Users\Jim\Desktop\RogueKillerX64.exe
2017-12-22 10:33 - 2017-12-22 13:18 - 000000000 ____D C:\ProgramData\RogueKiller
2017-12-22 10:31 - 2017-12-22 15:30 - 000000000 _____ C:\Users\Jim\Desktop\RogueKiller.exe
2017-12-22 10:29 - 2017-12-22 15:09 - 000605424 _____ (Reimage) C:\Users\Jim\Desktop\ReimageRepair.exe
2017-12-22 10:29 - 2017-12-22 14:24 - 127447672 _____ (ESET) C:\Users\Jim\Desktop\ess_nt64_enu.exe
2017-12-22 10:29 - 2017-12-22 13:39 - 000002536 _____ C:\Users\Jim\Desktop\fixlist.txt
2017-12-22 10:29 - 2017-12-22 13:14 - 011584088 _____ (SurfRight B.V.) C:\Users\Jim\Desktop\HitmanPro_x64.exe
2017-12-22 10:29 - 2017-12-22 12:45 - 083316440 _____ (Malwarebytes ) C:\Users\Jim\Desktop\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2017-12-22 10:12 - 2017-12-22 10:13 - 000000815 _____ C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
2017-12-22 09:49 - 2017-12-22 14:19 - 000899584 _____ C:\Users\Jim\Desktop\RGSA.exe
2017-12-22 08:59 - 2017-12-22 08:59 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-12-22 08:55 - 2017-12-22 12:55 - 008198432 _____ (Malwarebytes) C:\Users\Jim\Desktop\adwcleaner_7.0.6.0.exe
2017-12-22 08:43 - 2017-12-22 08:52 - 000006298 _____ C:\Users\Jim\Desktop\Fixlog.txt
2017-12-22 08:38 - 2017-12-22 13:37 - 000065753 _____ C:\Users\Jim\Desktop\FRST.txt
2017-12-22 08:38 - 2017-12-22 13:37 - 000044818 _____ C:\Users\Jim\Desktop\Addition.txt
2017-12-22 08:38 - 2017-12-22 13:34 - 002392064 _____ (Farbar) C:\Users\Jim\Desktop\FRST64.exe
2017-12-22 08:37 - 2017-12-22 17:11 - 000000000 ____D C:\FRST
2017-12-22 08:17 - 2017-12-22 08:25 - 000001861 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-12-22 08:17 - 2017-12-22 08:17 - 000000000 ____D C:\Program Files\HitmanPro
2017-12-22 07:47 - 2017-12-22 08:59 - 000001831 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-22 07:47 - 2017-12-22 07:47 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-22 07:47 - 2017-11-29 06:11 - 000077432 _____ C:\Windows\System32\Drivers\mbae64.sys
2017-12-16 21:30 - 2017-12-16 21:31 - 000000000 ____D C:\Users\Jim\Desktop\CANON_SC
2017-12-16 21:29 - 2014-04-14 23:19 - 004194304 _____ C:\Users\Jim\Desktop\Bios.fd
2017-12-16 16:33 - 2017-12-16 20:36 - 000459400 _____ C:\Windows\ntbtlog.txt
2017-12-12 22:43 - 2017-11-16 20:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2017-12-12 22:43 - 2017-11-14 17:27 - 000395968 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2017-12-12 22:43 - 2017-11-14 16:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-12-12 22:43 - 2017-11-13 19:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2017-12-12 22:43 - 2017-11-13 19:43 - 002724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2017-12-12 22:43 - 2017-11-13 19:43 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2017-12-12 22:43 - 2017-11-13 19:32 - 002903552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2017-12-12 22:43 - 2017-11-13 19:31 - 000066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2017-12-12 22:43 - 2017-11-13 19:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2017-12-12 22:43 - 2017-11-13 19:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2017-12-12 22:43 - 2017-11-13 19:30 - 000417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2017-12-12 22:43 - 2017-11-13 19:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2017-12-12 22:43 - 2017-11-13 19:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2017-12-12 22:43 - 2017-11-13 19:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2017-12-12 22:43 - 2017-11-13 19:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2017-12-12 22:43 - 2017-11-13 19:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2017-12-12 22:43 - 2017-11-13 19:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2017-12-12 22:43 - 2017-11-13 19:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2017-12-12 22:43 - 2017-11-13 19:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2017-12-12 22:43 - 2017-11-13 19:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2017-12-12 22:43 - 2017-11-13 19:15 - 000968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2017-12-12 22:43 - 2017-11-13 19:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2017-12-12 22:43 - 2017-11-13 19:06 - 000087552 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2017-12-12 22:43 - 2017-11-13 19:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-12-12 22:43 - 2017-11-13 19:05 - 000107520 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2017-12-12 22:43 - 2017-11-13 19:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2017-12-12 22:43 - 2017-11-13 19:02 - 000092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2017-12-12 22:43 - 2017-11-13 19:00 - 000315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2017-12-12 22:43 - 2017-11-13 18:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2017-12-12 22:43 - 2017-11-13 18:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2017-12-12 22:43 - 2017-11-13 18:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2017-12-12 22:43 - 2017-11-13 18:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2017-12-12 22:43 - 2017-11-13 18:48 - 000726528 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2017-12-12 22:43 - 2017-11-13 18:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2017-12-12 22:43 - 2017-11-13 18:46 - 002134528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2017-12-12 22:43 - 2017-11-13 18:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2017-12-12 22:43 - 2017-11-13 18:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2017-12-12 22:43 - 2017-11-13 18:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2017-12-12 22:43 - 2017-11-13 17:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-12-12 22:43 - 2017-11-13 17:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-12-12 22:43 - 2017-11-13 17:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-12-12 22:43 - 2017-11-13 17:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-12-12 22:43 - 2017-11-13 17:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-12-12 22:43 - 2017-11-13 16:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-12-12 22:43 - 2017-11-13 16:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-12-12 22:43 - 2017-11-07 12:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-12-12 22:43 - 2017-11-07 12:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-12-12 22:43 - 2017-11-07 12:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-12-12 22:43 - 2017-11-07 12:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-12-12 22:43 - 2017-11-07 12:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-12-12 22:43 - 2017-11-07 12:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-12-12 22:43 - 2017-11-07 12:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-12-12 22:43 - 2017-11-07 12:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-12-12 22:43 - 2017-11-07 12:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-12-12 22:43 - 2017-11-07 12:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-12-12 22:43 - 2017-11-07 12:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-12-12 22:43 - 2017-11-07 12:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-12-12 22:43 - 2017-11-07 12:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-12-12 22:43 - 2017-11-07 12:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-12-12 22:43 - 2017-11-07 12:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-12-12 22:43 - 2017-11-07 12:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-12-12 22:43 - 2017-11-07 12:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-12-12 22:43 - 2017-11-07 12:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-12-12 22:43 - 2017-11-07 12:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-12-12 22:43 - 2017-11-07 12:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-12-12 22:43 - 2017-11-07 12:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-12-12 22:43 - 2017-11-07 12:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-12-12 22:43 - 2017-11-07 12:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-12-12 22:43 - 2017-11-07 11:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-12-12 22:43 - 2017-11-07 08:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2017-12-12 22:43 - 2017-11-07 08:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-12-12 22:43 - 2017-11-04 07:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\System32\itircl.dll
2017-12-12 22:43 - 2017-11-04 07:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\System32\itss.dll
2017-12-12 22:43 - 2017-11-04 07:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2017-12-12 22:43 - 2017-11-04 07:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2017-12-12 22:43 - 2017-11-02 08:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\System32\iprtrmgr.dll
2017-12-12 22:43 - 2017-11-02 08:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\System32\rtm.dll
2017-12-12 22:43 - 2017-11-02 08:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\System32\mprdim.dll
2017-12-12 22:43 - 2017-11-02 08:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\System32\iprtprio.dll
2017-12-12 22:43 - 2017-11-02 07:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2017-12-12 22:43 - 2017-11-02 07:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
2017-12-12 22:43 - 2017-11-02 07:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2017-12-12 22:43 - 2017-11-02 06:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
2017-12-12 22:43 - 2017-10-16 15:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\System32\gpedit.dll
2017-12-12 22:43 - 2017-10-16 14:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2017-12-12 22:43 - 2017-10-11 16:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2017-12-12 06:34 - 2017-12-12 06:34 - 000000000 ____D C:\Users\Jim\AppData\Roaming\Citrix
2017-12-12 06:10 - 2017-12-12 06:10 - 000000663 _____ C:\Users\Jim\Downloads\receiverconfig.cr
2017-12-09 20:59 - 2017-12-09 20:59 - 000002058 _____ C:\Users\Jim\Downloads\Invisible_Influence_by_Jonah_Berger_EPUB-(Demonoid_www.Demonoid.pw).TORRENT
2017-12-09 20:59 - 2017-12-09 20:59 - 000002058 _____ C:\Users\Jim\Downloads\(Demonoid_www.Demonoid.pw)-Invisible_Influence_by_Jonah_Berger_EPUB.TORRENT
2017-12-09 20:59 - 2017-12-09 20:59 - 000000000 ____D C:\Users\Jim\Downloads\Invisible Influence by Jonah Berger EPUB
2017-12-09 14:48 - 2017-12-09 14:55 - 000000000 ____D C:\Users\Jim\Downloads\Spy Secrets That Can Save Your Life_ A Former CIA Officer Reveals ... by Jason Hanson ePUB MOBI eBOOK-ZAK
2017-12-09 14:48 - 2017-12-09 14:48 - 000004963 _____ C:\Users\Jim\Downloads\Spy_Secrets_That_Can_Save_Your_Life_A_Former_CIA_Officer_Reveals_by_Jason_Hanson_ePUB_MOBI_eBOOK_ZAK-((Demonoid_www.Demonoid.pw)).TORRENT
2017-12-09 14:47 - 2017-12-09 14:47 - 000002864 _____ C:\Users\Jim\Downloads\The_Rothschilds_The_Dynasty_And_The_Legacy_by_Michael_W_Simmons_ePUB_eBOOK_ZAK-((Demonoid_www.Demonoid.pw)).TORRENT
2017-12-09 14:47 - 2017-12-09 14:47 - 000002864 _____ C:\Users\Jim\Downloads\[]Demonoid_www.Demonoid.pw[]-The_Rothschilds_The_Dynasty_And_The_Legacy_by_Michael_W_Simmons_ePUB_eBOOK_ZAK.TORRENT
2017-12-09 14:45 - 2017-12-09 14:45 - 000018685 _____ C:\Users\Jim\Downloads\[]Demonoid_www.Demonoid.pw[]-Leonardo_da_Vinci_by_Walter_Isaacson_EPUB.TORRENT
2017-12-09 14:45 - 2017-12-09 14:45 - 000000000 ____D C:\Users\Jim\Downloads\Saul Alinsky - Rules for Radicals - epub [TKRG]
2017-12-09 14:44 - 2017-12-09 14:44 - 000000774 _____ C:\Users\Jim\Downloads\((Demonoid_www.Demonoid.pw))-Saul_Alinsky_Rules_for_Radicals_epub_[TKRG].TORRENT
2017-12-03 12:29 - 2017-12-03 12:29 - 000907795 _____ C:\Users\Jim\Downloads\setup-x86_64 (2).exe
2017-12-03 09:59 - 2017-12-03 09:59 - 000071358 _____ C:\Users\Jim\Downloads\Science_Fiction_and_Fantasy_Masterworks_(218)_x-Demonoid_www.Demonoid.pw-x.TORRENT
2017-12-03 09:10 - 2017-12-03 09:10 - 000000945 _____ C:\Users\Jim\Downloads\Elric_by_Michael_Moorcock_6_epub_novels-((Demonoid_www.Demonoid.pw)).TORRENT
2017-12-03 09:05 - 2017-12-03 10:00 - 000000000 ____D C:\Users\Jim\Downloads\Micheal Crichton Collection (epub and mobi)
2017-12-03 09:04 - 2017-12-03 09:04 - 000016122 _____ C:\Users\Jim\Downloads\+-Demonoid_www.Demonoid.pw-+_17_Michael_Crichton_eBooks_(epub_and_mobi).TORRENT
2017-12-03 09:03 - 2017-12-03 12:46 - 000000000 ____D C:\Users\Jim\Downloads\622 iBooks
2017-12-03 09:00 - 2017-12-03 10:00 - 000000000 ____D C:\Users\Jim\Downloads\Books Torrent
2017-12-03 08:37 - 2017-12-03 08:37 - 000047572 _____ C:\Users\Jim\Downloads\((Demonoid_www.Demonoid.pw))-Ebook_Library_(EPUB).TORRENT
2017-12-03 08:35 - 2017-12-03 08:35 - 000017750 _____ C:\Users\Jim\Downloads\622_iBooks_for_iPhone_iPad_epub_format_x-Demonoid_www.Demonoid.pw-x.TORRENT
2017-11-24 14:53 - 2017-11-24 17:32 - 000000000 ____D C:\Users\Jim\Downloads\The Genius Of Dogs
2017-11-24 14:33 - 2017-12-03 10:00 - 000000000 ____D C:\Users\Jim\Downloads\Dog Training e-Books
2017-11-24 14:31 - 2017-11-24 14:32 - 004180715 _____ C:\Users\Jim\Downloads\Labrador - The Story of the World's Favourite Dog (2015).epub
2017-11-24 14:31 - 2017-11-24 14:31 - 000008065 _____ C:\Users\Jim\Downloads\((Demonoid_www.Demonoid.pw))-Dog_Training_e_Books.TORRENT
2017-11-24 14:30 - 2017-11-24 17:32 - 000000000 ____D C:\Users\Jim\Downloads\Dogs Trust-Basic dog training
2017-11-24 14:30 - 2017-11-24 14:30 - 000001550 _____ C:\Users\Jim\Downloads\Dogs_Trust_Basic_dog_training-((Demonoid_www.Demonoid.pw)).TORRENT
2017-11-24 14:29 - 2017-11-24 14:29 - 000003045 _____ C:\Users\Jim\Downloads\_-Demonoid_www.Demonoid.pw-_Labrador_Retriever_Your_Happy_Healthy_Pet.TORRENT
2017-11-24 13:47 - 2017-11-24 17:32 - 000000000 ____D C:\Users\Jim\Downloads\DK Pocket Genius - Dogs
2017-11-24 13:46 - 2017-11-24 13:46 - 000005067 _____ C:\Users\Jim\Downloads\DK_Pocket_Genius_Dogs_(gnv64)_O-Demonoid_www.Demonoid.pw-O.TORRENT
2017-11-24 11:43 - 2017-11-24 11:54 - 000000000 ____D C:\Users\Jim\Downloads\For Dummies E-Book Collection
2017-11-24 11:41 - 2017-11-24 11:54 - 000000000 ____D C:\Users\Jim\Downloads\The Wills and Trusts Kit -Your Complete Guide to Planning for the Future-Mantesh
2017-11-24 11:40 - 2017-11-24 11:40 - 000107383 _____ C:\Users\Jim\Downloads\_For_Dummies_E_Book_Collection_-(Demonoid_www.Demonoid.pw).TORRENT
2017-11-24 11:39 - 2017-11-24 11:39 - 000107383 _____ C:\Users\Jim\Downloads\[[Demonoid_www.Demonoid.pw]]-_For_Dummies_E_Book_Collection_.TORRENT
2017-11-24 11:37 - 2017-11-24 11:37 - 000004467 _____ C:\Users\Jim\Downloads\[Demonoid_www.Demonoid.pw]-Quicken_WillMaker_Plus_2009_v8_0_0_3_build_1420.TORRENT
2017-11-24 11:36 - 2017-11-24 11:36 - 000004626 _____ C:\Users\Jim\Downloads\JK_Lasser's_New_Rules_for_Estate_and_Tax_Planning_Revised_3rd_Edition_[2010]_PDF-[[Demonoid_www.Demonoid.pw]].TORRENT
2017-11-24 11:36 - 2017-11-24 11:36 - 000004626 _____ C:\Users\Jim\Downloads\-_Demonoid_www.Demonoid.pw_-JK_Lasser's_New_Rules_for_Estate_and_Tax_Planning_Revised_3rd_Edition_[2010]_PDF.TORRENT
2017-11-24 11:35 - 2017-11-24 11:35 - 000001648 _____ C:\Users\Jim\Downloads\The_Wills_and_Trusts_Kit_Your_Complete_Guide_to_Planning_for_the_Future_Mantesh_O-Demonoid_www.Demonoid.pw-O.TORRENT
2017-11-24 11:33 - 2017-11-24 11:33 - 000001648 _____ C:\Users\Jim\Downloads\(Demonoid_www.Demonoid.pw)-The_Wills_and_Trusts_Kit_Your_Complete_Guide_to_Planning_for_the_Future_Mantesh.TORRENT
2017-11-24 11:24 - 2017-11-24 11:24 - 000000000 ____D C:\Users\Jim\Downloads\How to Pay Zero Taxes 2016 Your Guide to Every Tax Break the IRS Allows by Jeff Schnepper
2017-11-24 11:22 - 2017-11-24 11:22 - 000001419 _____ C:\Users\Jim\Downloads\How_to_Pay_Zero_Taxes_2016_Your_Guide_to_Every_Tax_Break_the_IRS_Allows_by_Jeff_Schnepper-((Demonoid_www.Demonoid.pw)).TORRENT
2017-11-23 17:54 - 2017-11-23 17:54 - 011602591 _____ C:\Users\Jim\Downloads\McCullough, David-David McCullough Library E-Book Box (1).epub
2017-11-22 17:56 - 2017-11-22 19:13 - 000000000 ____D C:\Users\Jim\Downloads\Incognito_ The Secret Lives of the Brain by David Eagleman ePUB eBOOK-ZAK
2017-11-22 17:56 - 2017-11-22 17:56 - 000001104 _____ C:\Users\Jim\Downloads\Incognito_The_Secret_Lives_of_the_Brain_by_David_Eagleman_ePUB_eBOOK_ZAK-[Demonoid_www.Demonoid.pw].TORRENT
2017-11-22 17:52 - 2017-11-22 19:13 - 000000000 ____D C:\Users\Jim\Downloads\Behave_ The Biology of Humans at Our Best and Worst by Robert M Sapolsky ePUB eBOOK-ZAK
2017-11-22 17:52 - 2017-11-22 17:52 - 000013195 _____ C:\Users\Jim\Downloads\Behave_The_Biology_of_Humans_at_Our_Best_and_Worst_by_Robert_M_Sapolsky_ePUB_eBOOK_ZAK_-Demonoid_www.Demonoid.pw-_.TORRENT
2017-11-22 17:46 - 2017-12-03 09:42 - 000000000 ____D C:\Users\Jim\Downloads\Theories of Everything
2017-11-22 17:46 - 2017-11-22 17:46 - 000030702 _____ C:\Users\Jim\Downloads\[[Demonoid_www.Demonoid.pw]]-The_Major_Writings_on_'Theories_of_Everything'.TORRENT
2017-11-22 17:45 - 2017-11-22 19:13 - 000000000 ____D C:\Users\Jim\Downloads\Life 3.0 A I Tegmark 2017 WWT
2017-11-22 17:44 - 2017-11-22 17:44 - 000001548 _____ C:\Users\Jim\Downloads\Life_3_0_Being_Human_in_the_Age_of_Artificial_Intelligence_Max_Tegmark_2017_EPUB-_Demonoid_www.Demonoid.pw_-.TORRENT
2017-11-22 17:22 - 2017-11-22 17:27 - 000000000 ____D C:\Users\Jim\Downloads\John Mauldin - Endgame - The End of the Debt Supercycle and How It Changes Everything - epub [TKRG]
2017-11-22 17:22 - 2017-11-22 17:22 - 000016147 _____ C:\Users\Jim\Downloads\-_Demonoid_www.Demonoid.pw_-Jim_Rogers_Adventure_Capitalist.TORRENT
2017-11-22 17:21 - 2017-11-22 17:21 - 000003874 _____ C:\Users\Jim\Downloads\John_Mauldin_Endgame_The_End_of_the_Debt_Supercycle_and_How_It_Changes_Everything_epub_[TKRG]-[]Demonoid_www.Demonoid.pw[].TORRENT
2017-11-22 13:04 - 2017-10-16 13:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-22 13:04 - 2017-10-11 16:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-11-22 13:04 - 2017-10-11 16:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-11-22 13:04 - 2017-10-11 16:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-22 13:04 - 2017-10-11 16:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-22 13:04 - 2017-10-11 16:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-11-22 13:04 - 2017-10-11 16:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-11-22 13:04 - 2017-10-11 16:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-11-22 13:04 - 2017-10-11 16:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-11-22 13:04 - 2017-10-11 16:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-11-22 13:04 - 2017-10-11 16:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-11-22 13:04 - 2017-10-11 16:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-11-22 13:04 - 2017-10-11 16:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-11-22 13:04 - 2017-10-11 16:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-11-22 13:04 - 2017-10-11 16:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-11-22 13:04 - 2017-10-11 16:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-11-22 13:04 - 2017-10-11 16:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-11-22 13:04 - 2017-10-11 16:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-11-22 13:04 - 2017-10-11 16:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-11-22 13:04 - 2017-10-11 16:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-11-22 13:04 - 2017-10-11 16:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-11-22 13:04 - 2017-10-11 16:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-11-22 13:04 - 2017-10-11 16:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-11-22 13:04 - 2017-10-11 16:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-11-22 13:04 - 2017-10-11 16:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-11-22 13:04 - 2017-09-07 05:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-11-22 13:03 - 2017-10-17 18:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2017-11-22 13:03 - 2017-10-17 18:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2017-11-22 13:03 - 2017-10-17 18:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2017-11-22 13:03 - 2017-10-17 18:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2017-11-22 13:03 - 2017-10-17 18:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2017-11-22 13:03 - 2017-10-17 18:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2017-11-22 13:03 - 2017-10-17 18:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2017-11-22 13:03 - 2017-10-16 15:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2017-11-22 13:03 - 2017-10-11 16:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2017-11-22 13:03 - 2017-10-11 16:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\System32\tquery.dll
2017-11-22 13:03 - 2017-10-11 16:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2017-11-22 13:03 - 2017-10-11 16:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2017-11-22 13:03 - 2017-10-11 16:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\System32\mssph.dll
2017-11-22 13:03 - 2017-10-11 16:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2017-11-22 13:03 - 2017-10-11 16:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\System32\mssitlb.dll
2017-11-22 13:03 - 2017-10-11 16:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2017-11-22 13:03 - 2017-10-11 16:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2017-11-22 13:03 - 2017-10-11 16:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\msshooks.dll
2017-11-22 13:03 - 2017-10-11 16:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2017-11-22 13:03 - 2017-10-11 16:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2017-11-22 13:03 - 2017-10-11 16:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2017-11-22 13:03 - 2017-09-07 05:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase.dll
2017-11-22 13:03 - 2017-09-07 05:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-private-l1-1-0.dll
2017-11-22 13:03 - 2017-09-07 05:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-math-l1-1-0.dll
2017-11-22 13:03 - 2017-09-07 05:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-22 13:03 - 2017-09-07 05:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-string-l1-1-0.dll
2017-11-22 13:03 - 2017-09-07 05:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-22 13:03 - 2017-09-07 05:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-22 13:03 - 2017-09-07 05:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-22 13:03 - 2017-09-07 05:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-time-l1-1-0.dll
2017-11-22 13:03 - 2017-09-07 05:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-2-0.dll
2017-11-22 13:03 - 2017-09-07 05:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-22 13:03 - 2017-09-07 05:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-process-l1-1-0.dll
2017-11-22 13:03 - 2017-09-07 05:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-22 13:03 - 2017-09-07 05:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-22 13:03 - 2017-09-07 05:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-22 13:03 - 2017-09-07 05:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-22 13:03 - 2017-09-07 05:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-22 13:03 - 2017-09-07 05:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2017-11-22 13:03 - 2017-09-07 05:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-22 13:03 - 2017-09-07 05:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-22 13:03 - 2017-09-07 05:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-22 13:03 - 2017-09-07 05:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l2-1-0.dll
2017-11-22 13:03 - 2017-09-07 05:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-2-0.dll
2017-11-22 13:02 - 2017-10-11 16:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2017-11-22 13:02 - 2017-10-11 16:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2017-11-22 13:02 - 2017-10-11 16:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\System32\Query.dll
2017-11-22 13:02 - 2017-10-11 16:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\System32\t2embed.dll
2017-11-22 13:02 - 2017-10-11 16:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2017-11-22 13:02 - 2017-10-11 16:55 - 000046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2017-11-22 13:02 - 2017-10-11 16:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2017-11-22 13:02 - 2017-10-11 16:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2017-11-22 13:02 - 2017-10-11 16:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\System32\spwmp.dll
2017-11-22 13:02 - 2017-10-11 16:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
2017-11-22 13:02 - 2017-10-11 16:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
2017-11-22 13:02 - 2017-10-11 16:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\luafv.sys
2017-11-22 12:00 - 2017-11-22 12:30 - 000000000 ____D C:\Users\Jim\Downloads\Einstein's Cosmos_ How Albert Einstein's Vision Transformed Our Understanding of Space by Michio Kaku MOBI eBOOK-ZAK
2017-11-22 11:58 - 2017-11-22 11:58 - 000001087 _____ C:\Users\Jim\Downloads\o-Demonoid_www.Demonoid.pw-o_Einstein_039_s_Cosmos_How_Albert_Einstein_039_s_Vision_Transformed_Our_Understanding_of_Space_by_Michio_Kaku_MOBI_eBOOK_ZAK.TORRENT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-22 13:56 - 2009-07-13 21:13 - 000781366 _____ C:\Windows\System32\PerfStringBackup.INI
2017-12-22 13:56 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2017-12-22 13:52 - 2009-07-13 20:45 - 000024608 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-22 13:52 - 2009-07-13 20:45 - 000024608 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-22 13:46 - 2013-08-18 13:41 - 000000000 ____D C:\Users\Jim\AppData\Local\CrashDumps
2017-12-22 13:43 - 2009-07-13 21:08 - 000032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-12-22 13:43 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-22 13:43 - 2009-07-13 20:45 - 000263640 _____ C:\Windows\System32\FNTCACHE.DAT
2017-12-22 13:13 - 2013-08-13 15:23 - 000060424 _____ C:\Users\Jim\AppData\Local\GDIPFONTCACHEV1.DAT
2017-12-22 11:22 - 2014-08-16 20:10 - 000000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2017-12-22 11:14 - 2017-01-11 13:41 - 000000000 ____D C:\Users\Jim\AppData\Local\SkypePlugin
2017-12-22 08:57 - 2013-11-09 15:18 - 000000000 ____D C:\AdwCleaner
2017-12-22 07:47 - 2013-11-09 15:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-16 16:55 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\System32\NDF
2017-12-16 16:30 - 2015-08-02 05:59 - 000000000 ____D C:\Users\Jim\Documents\Bluetooth Folder
2017-12-15 18:16 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2017-12-15 18:16 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\System32\Setup
2017-12-15 17:52 - 2013-08-16 16:14 - 000000000 ____D C:\Windows\System32\MRT
2017-12-15 17:35 - 2017-10-13 15:19 - 133326408 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
2017-12-15 17:34 - 2013-08-16 16:14 - 133326408 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2017-12-12 16:43 - 2015-12-19 19:16 - 000003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D42DA8FB-7C41-40C1-91B4-1F6FB438C152}
2017-12-12 15:11 - 2013-08-17 15:57 - 000000000 ____D C:\Users\Jim\AppData\Local\Citrix
2017-12-12 06:51 - 2015-08-25 08:53 - 000000000 ____D C:\ProgramData\Citrix
2017-12-11 18:30 - 2017-03-30 05:18 - 000002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-09 21:00 - 2015-12-24 12:10 - 000000000 ____D C:\Users\Jim\AppData\Roaming\uTorrent
2017-12-03 12:45 - 2015-07-03 06:20 - 000000000 ____D C:\Users\Jim\Downloads\Natural Cleaning Recipes Essential Oils Recipes to Safely Clean Your Home, Save Money, and Protect Your Family
2017-12-03 12:30 - 2014-02-13 19:58 - 000000000 ____D C:\Users\Jim\Downloads\http%3a%2f%2fcygwin.mirror.constant.com%2f
2017-11-27 09:13 - 2017-09-09 13:23 - 000000851 _____ C:\Users\Jim\Desktop\µTorrent.lnk
2017-11-27 09:13 - 2017-09-03 17:04 - 000002170 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2017-11-27 09:13 - 2017-03-09 17:42 - 000001081 _____ C:\Users\Public\Desktop\Torrent Search.lnk
2017-11-27 09:13 - 2016-11-12 17:08 - 000002045 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-11-27 09:13 - 2016-02-04 09:35 - 000000595 _____ C:\Users\Public\Desktop\FLAC To MP3.lnk
2017-11-27 09:13 - 2015-03-11 06:56 - 000002097 _____ C:\Users\Public\Desktop\Canon MP Navigator EX 5.0.lnk
2017-11-27 09:13 - 2015-03-05 15:51 - 000001013 _____ C:\Users\Public\Desktop\BlackBerry Blend.lnk
2017-11-27 09:13 - 2015-03-05 15:50 - 000001097 _____ C:\Users\Public\Desktop\BlackBerry Link.lnk
2017-11-27 09:13 - 2015-02-27 16:37 - 000002052 _____ C:\Users\Public\Desktop\NETGEAR Genie.lnk
2017-11-27 09:13 - 2015-02-16 16:52 - 000000573 _____ C:\Users\Public\Desktop\Cygwin64 Terminal.lnk
2017-11-27 09:13 - 2014-10-12 12:56 - 000001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-11-27 09:13 - 2014-09-20 14:38 - 000000888 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2017-11-27 09:13 - 2014-09-19 20:35 - 000001113 _____ C:\Users\Public\Desktop\Opera Browser.lnk
2017-11-27 09:13 - 2014-08-09 11:37 - 000001053 _____ C:\Users\Public\Desktop\R x64 3.1.1.lnk
2017-11-27 09:13 - 2013-04-03 22:35 - 000001156 _____ C:\Users\Public\Desktop\clear.fi Photo.lnk
2017-11-27 09:13 - 2013-04-03 22:32 - 000001156 _____ C:\Users\Public\Desktop\clear.fi Media.lnk
2017-11-27 09:13 - 2012-05-01 21:34 - 000002620 _____ C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
2017-11-24 05:54 - 2014-09-19 20:35 - 000003842 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1411187741
2017-11-24 05:54 - 2014-09-19 20:35 - 000000000 ____D C:\Program Files (x86)\Opera
2017-11-23 19:01 - 2014-09-20 14:39 - 000000000 ____D C:\Users\Jim\Documents\Calibre Library
2017-11-22 12:30 - 2017-11-08 16:26 - 000000000 ____D C:\Users\Jim\Downloads\the encyclopedia of country living

Some files in TEMP:
====================
2017-12-22 10:33 - 2017-09-13 07:31 - 001732864 _____ (Microsoft Corporation) C:\Users\Jim\AppData\Local\Temp\dllnt_dump.dll
2017-10-26 00:07 - 2017-10-26 00:07 - 000488960 _____ () C:\Users\Jim\AppData\Local\Temp\sqlite3.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 3932.36 MB
Available physical RAM: 3207.63 MB
Total Virtual: 3930.56 MB
Available Virtual: 3207.96 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.66 GB) (Free:37.1 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:16 GB) (Free:0.83 GB) NTFS
Drive g: () (Removable) (Total:0.93 GB) (Free:0.69 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0B08CD2D)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 962 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=961 MB) - (Type=0B)

LastRegBack: 2017-12-09 16:08

==================== End of FRST.txt ============================
Link to post
Share on other sites

Thanks for that log, continue with the following:

Save the attached file fixlist.txt to your flash drive, same place as FRST.
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if your PC will boot ok.....

 

fixlist.txt

Link to post
Share on other sites

Hi Kevin,

Here it is:

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by SYSTEM (22-12-2017 18:23:35) Run:2
Running from g:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
Start
LastRegBack: 2017-12-09 16:08
End
*****************

DEFAULT => copied successfully to System32\config\HiveBackup
DEFAULT => restored successfully from registry back up
SAM => copied successfully to System32\config\HiveBackup
SAM => restored successfully from registry back up
SECURITY => copied successfully to System32\config\HiveBackup
SECURITY => restored successfully from registry back up
SOFTWARE => copied successfully to System32\config\HiveBackup
SOFTWARE => restored successfully from registry back up
SYSTEM => copied successfully to System32\config\HiveBackup
SYSTEM => restored successfully from registry back up

==== End of Fixlog 18:23:45 ====

Jim

Link to post
Share on other sites

Thanks for the update Jim, unless you have any remaining issues or concerns we can close out your thread....

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.