1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Inactive-A] Virus Severely Infected...Need help

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by dashelter, Dec 8, 2017.

Thread Status:
Not open for further replies.
  1. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    I'll rely your reply :)
     
  2. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Try this set of commands from command prompt in recovery console:

    reg load HKLM\TempHive "C:\Windows\System32\Config\System"
    Reg delete HKLM\TempHive\ControlSet001\Services\UDiskMgr /f
    reg unload HKLM\TempHive
    Del /q /f C:\WINDOWS\system32\drivers\coe*.sys
    Del /q /f C:\Windows\System32\uphmswisvc.exe
    RD /s /q C:\Users\jbcon\AppData\Local\exntigs
    RD /s /q C:\Users\jbcon\AppData\Local\igfxmtc
     
  3. dashelter

    dashelter Established Techie7 Member

    I was able to unlock the drive and re-run FRST in RE mode.

    Here's the fresh log:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-12-2017
    Ran by SYSTEM on MININT-O5EL9E9 (19-12-2017 04:29:36)
    Running from d:\docu
    Platform: Windows 10 Pro Version 1709 16299.125 (X64) Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Recovery
    Default: ControlSet001
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Registry (Whitelisted) ===========================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (IvoSoft)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976832 2009-12-17] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-02] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2017-09-18] (Intel)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-11-27] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKU\Default\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
    HKU\Default User\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
    HKU\jbcon\...\Run: [WorkForce 840(Network)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGMA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
    HKU\jbcon\...\RunOnce: [Uninstall 17.3.7076.1026_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jbcon\AppData\Local\Microsoft\OneDrive\17.3.7076.1026_1\amd64"
    HKU\jbcon\...\RunOnce: [Uninstall 17.3.7076.1026_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jbcon\AppData\Local\Microsoft\OneDrive\17.3.7076.1026_1"
    HKU\User\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
    GroupPolicy: Restriction <==== ATTENTION
    ==================== Services (Whitelisted) ====================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
    S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
    S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
    S2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2017-09-18] (Intel)
    S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
    S3 FoxitPhantomService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1658944 2017-10-29] (Foxit Software Inc.)
    S2 IntelAudioService; C:\Windows\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [170592 2017-11-10] (Intel)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
    S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe [157456 2017-03-07] ()
    S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
    ===================== Drivers (Whitelisted) ======================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    S4 09868746; C:\Windows\System32\drivers\96695498.sys [208216 2017-12-13] (Kaspersky Lab, GERT)
    S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
    S3 iactrllogic; C:\Windows\System32\drivers\iactrllogic64.sys [183184 2017-10-12] (Intel(R) Corporation)
    S3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [98976 2017-11-10] (Intel Corporation)
    S2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2017-12-05] (CACE Technologies, Inc.)
    S4 oxhtokg; C:\Windows\System32\drivers\srliuif.sys [79064 2017-12-13] (Malwarebytes)
    S4 qjxqp; C:\Windows\System32\drivers\lqubue.sys [79064 2017-12-08] (Malwarebytes)
    S0 secnvme; C:\Windows\System32\drivers\secnvme.sys [135680 2017-11-10] (Samsung Electronics Co., Ltd)
    S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
    S4 twsk; C:\Windows\System32\drivers\tkvicmr.sys [79064 2017-12-13] (Malwarebytes)
    S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation)
    S1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-12-10] (Zemana Ltd.)
    S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    ==================== One Month Created files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2017-12-17 10:38 - 2017-12-17 10:38 - 000003816 _____ C:\Users\jbcon\Desktop\Rkill partial.txt
    2017-12-17 09:23 - 2017-12-17 09:27 - 000000909 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2017-12-17 09:23 - 2017-12-17 09:27 - 000000000 ____D C:\Program Files\RogueKiller
    2017-12-17 07:41 - 2017-12-18 08:40 - 000000000 ____D C:\Users\jbcon\Desktop\Quaera
    2017-12-17 04:03 - 2017-12-17 04:05 - 000004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2017-12-17 04:03 - 2017-12-17 04:03 - 000002101 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
    2017-12-17 04:03 - 2017-12-17 04:03 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
    2017-12-16 19:22 - 2017-12-19 04:28 - 000000000 _____ C:\Recovery.txt
    2017-12-16 16:50 - 2017-12-16 16:50 - 002643112 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2017-12-16 16:18 - 2017-12-16 16:18 - 000000000 ____D C:\Windows\SysWOW64\databases-incognito
    2017-12-16 16:15 - 2017-12-16 16:15 - 000002690 _____ C:\Users\jbcon\Desktop\office 2016.txt
    2017-12-15 22:54 - 2017-12-17 03:13 - 000000000 ____D C:\Users\jbcon\Documents\Techhelp
    2017-12-14 18:34 - 2017-12-14 18:34 - 000001826 _____ C:\Users\Public\Desktop\iTunes.lnk
    2017-12-14 18:34 - 2017-12-14 18:34 - 000000000 ____D C:\Program Files\iTunes
    2017-12-14 18:34 - 2017-12-14 18:34 - 000000000 ____D C:\Program Files\iPod
    2017-12-14 17:46 - 2017-12-17 10:40 - 000041448 _____ C:\Windows\System32\OV8865_REAR.aiqd
    2017-12-14 06:35 - 2017-12-14 06:35 - 000000000 ____D C:\Users\jbcon\AppData\Local\SkypePlugin
    2017-12-13 08:28 - 2017-12-13 08:28 - 000000000 ____D C:\ProgramData\Emsisoft
    2017-12-13 06:12 - 2017-12-13 08:17 - 000000000 ____D C:\Users\jbcon\Documents\MB Log
    2017-12-13 06:07 - 2017-12-13 06:07 - 000000000 ____D C:\Users\jbcon\Documents\Eset Log
    2017-12-13 05:17 - 2017-12-13 05:17 - 000000000 ____D C:\Program Files (x86)\ESET
    2017-12-13 05:11 - 2017-12-17 17:26 - 000000000 ____D C:\AdwCleaner
    2017-12-13 04:39 - 2017-12-13 04:39 - 000079064 _____ (Malwarebytes) C:\Windows\System32\Drivers\tkvicmr.sys
    2017-12-13 04:10 - 2017-12-13 04:10 - 000079064 _____ (Malwarebytes) C:\Windows\System32\Drivers\srliuif.sys
    2017-12-13 03:47 - 2017-12-13 03:49 - 000008944 _____ C:\TDSSKiller.2.8.16.0_13.12.2017_06.47.15_log.txt
    2017-12-13 03:47 - 2017-12-13 03:47 - 000208216 _____ (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\72291130.sys
    2017-12-13 03:45 - 2017-12-13 03:45 - 000208216 _____ (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\96695498.sys
    2017-12-13 03:44 - 2017-12-13 03:45 - 000005256 _____ C:\TDSSKiller.2.8.16.0_13.12.2017_06.44.05_log.txt
    2017-12-13 03:44 - 2017-12-13 03:44 - 000208216 _____ (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\38712264.sys
    2017-12-12 10:40 - 2017-12-07 22:52 - 000666112 _____ (Microsoft Corporation) C:\Windows\System32\DHolographicDisplay.dll
    2017-12-12 10:40 - 2017-12-07 15:34 - 001925296 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.dll
    2017-12-12 10:40 - 2017-12-07 15:34 - 001634288 _____ (Microsoft Corporation) C:\Windows\System32\user32.dll
    2017-12-12 10:40 - 2017-12-07 15:34 - 000059800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bam.sys
    2017-12-12 10:40 - 2017-12-07 15:31 - 008590744 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2017-12-12 10:40 - 2017-12-07 15:31 - 000779440 _____ (Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
    2017-12-12 10:40 - 2017-12-07 15:30 - 000166296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
    2017-12-12 10:40 - 2017-12-07 15:28 - 000710912 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
    2017-12-12 10:40 - 2017-12-07 15:28 - 000630752 _____ (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
    2017-12-12 10:40 - 2017-12-07 15:27 - 004504456 _____ (Microsoft Corporation) C:\Windows\System32\sppsvc.exe
    2017-12-12 10:40 - 2017-12-07 15:27 - 003903784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2017-12-12 10:40 - 2017-12-07 15:27 - 000184984 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
    2017-12-12 10:40 - 2017-12-07 15:26 - 007385088 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Protection.PlayReady.dll
    2017-12-12 10:40 - 2017-12-07 15:26 - 002709200 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2017-12-12 10:40 - 2017-12-07 15:26 - 000525208 _____ (Microsoft Corporation) C:\Windows\System32\wimserv.exe
    2017-12-12 10:40 - 2017-12-07 15:25 - 000374032 _____ (Microsoft Corporation) C:\Windows\System32\vac.exe
    2017-12-12 10:40 - 2017-12-07 15:24 - 000705944 _____ (Microsoft Corporation) C:\Windows\System32\wimgapi.dll
    2017-12-12 10:40 - 2017-12-07 15:24 - 000437144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBXHCI.SYS
    2017-12-12 10:40 - 2017-12-07 15:24 - 000246168 _____ (Microsoft Corporation) C:\Windows\System32\browserbroker.dll
    2017-12-12 10:40 - 2017-12-07 15:23 - 005905752 _____ (Microsoft Corporation) C:\Windows\System32\StartTileData.dll
    2017-12-12 10:40 - 2017-12-07 15:23 - 000677272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2017-12-12 10:40 - 2017-12-07 15:22 - 001003104 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase.dll
    2017-12-12 10:40 - 2017-12-07 15:22 - 000979352 _____ (Microsoft Corporation) C:\Windows\System32\LicenseManager.dll
    2017-12-12 10:40 - 2017-12-07 15:22 - 000137544 _____ (Microsoft Corporation) C:\Windows\System32\bcrypt.dll
    2017-12-12 10:40 - 2017-12-07 15:22 - 000129432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hvsocket.sys
    2017-12-12 10:40 - 2017-12-07 15:21 - 007676296 _____ (Microsoft Corporation) C:\Windows\System32\windows.storage.dll
    2017-12-12 10:40 - 2017-12-07 15:20 - 001170000 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
    2017-12-12 10:40 - 2017-12-07 15:19 - 021352136 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2017-12-12 10:40 - 2017-12-07 15:16 - 001776272 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
    2017-12-12 10:40 - 2017-12-07 15:16 - 000603920 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
    2017-12-12 10:40 - 2017-12-07 15:15 - 001426152 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
    2017-12-12 10:40 - 2017-12-07 15:15 - 000721592 _____ (Microsoft Corporation) C:\Windows\System32\sppwinob.dll
    2017-12-12 10:40 - 2017-12-07 15:14 - 000571288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
    2017-12-12 10:40 - 2017-12-07 15:12 - 000401304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
    2017-12-12 10:40 - 2017-12-07 15:10 - 000362904 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
    2017-12-12 10:40 - 2017-12-07 14:58 - 000123512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2017-12-12 10:40 - 2017-12-07 14:57 - 000649304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
    2017-12-12 10:40 - 2017-12-07 14:56 - 001528904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2017-12-12 10:40 - 2017-12-07 14:55 - 001490328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
    2017-12-12 10:40 - 2017-12-07 14:55 - 000097144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2017-12-12 10:40 - 2017-12-07 14:39 - 006092664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
    2017-12-12 10:40 - 2017-12-07 14:37 - 001145104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2017-12-12 10:40 - 2017-12-07 14:36 - 000769096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
    2017-12-12 10:40 - 2017-12-07 14:34 - 003484840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2017-12-12 10:40 - 2017-12-07 14:34 - 002192112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-12-12 10:40 - 2017-12-07 14:33 - 000747416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
    2017-12-12 10:40 - 2017-12-07 14:33 - 000592280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
    2017-12-12 10:40 - 2017-12-07 14:32 - 020286120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2017-12-12 10:40 - 2017-12-07 14:31 - 001522176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2017-12-12 10:40 - 2017-12-07 14:31 - 001246432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2017-12-12 10:40 - 2017-12-07 14:31 - 000982016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2017-12-12 10:40 - 2017-12-07 14:29 - 000047000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KeyboardFilterShim.dll
    2017-12-12 10:40 - 2017-12-07 14:23 - 006478528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2017-12-12 10:40 - 2017-12-07 14:22 - 025245696 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
    2017-12-12 10:40 - 2017-12-07 14:13 - 002905600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
    2017-12-12 10:40 - 2017-12-07 14:13 - 001008640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
    2017-12-12 10:40 - 2017-12-07 14:12 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
    2017-12-12 10:40 - 2017-12-07 14:12 - 000202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
    2017-12-12 10:40 - 2017-12-07 14:12 - 000101376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscript.ocx
    2017-12-12 10:40 - 2017-12-07 14:11 - 003669504 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
    2017-12-12 10:40 - 2017-12-07 14:10 - 018916352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
    2017-12-12 10:40 - 2017-12-07 14:10 - 006466048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
    2017-12-12 10:40 - 2017-12-07 14:10 - 001313792 _____ (Microsoft Corporation) C:\Windows\System32\InstallService.dll
    2017-12-12 10:40 - 2017-12-07 14:10 - 000536064 _____ (Microsoft Corporation) C:\Windows\System32\edgeIso.dll
    2017-12-12 10:40 - 2017-12-07 14:10 - 000250368 _____ (Microsoft Corporation) C:\Windows\System32\AppxAllUserStore.dll
    2017-12-12 10:40 - 2017-12-07 14:10 - 000150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
    2017-12-12 10:40 - 2017-12-07 14:10 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
    2017-12-12 10:40 - 2017-12-07 14:10 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2017-12-12 10:40 - 2017-12-07 14:09 - 001663488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\batmeter.dll
    2017-12-12 10:40 - 2017-12-07 14:09 - 000235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FSClient.dll
    2017-12-12 10:40 - 2017-12-07 14:09 - 000147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
    2017-12-12 10:40 - 2017-12-07 14:09 - 000143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
    2017-12-12 10:40 - 2017-12-07 14:09 - 000136704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gamingtcui.dll
    2017-12-12 10:40 - 2017-12-07 14:08 - 019336192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-12-12 10:40 - 2017-12-07 14:08 - 000514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
    2017-12-12 10:40 - 2017-12-07 14:08 - 000450048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TileDataRepository.dll
    2017-12-12 10:40 - 2017-12-07 14:08 - 000369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
    2017-12-12 10:40 - 2017-12-07 14:08 - 000206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
    2017-12-12 10:40 - 2017-12-07 14:08 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2017-12-12 10:40 - 2017-12-07 14:07 - 000365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
    2017-12-12 10:40 - 2017-12-07 14:07 - 000254976 _____ (Microsoft Corporation) C:\Windows\System32\PushToInstall.dll
    2017-12-12 10:40 - 2017-12-07 14:07 - 000246272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2017-12-12 10:40 - 2017-12-07 14:07 - 000192512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netvsc.sys
    2017-12-12 10:40 - 2017-12-07 14:07 - 000172544 _____ (Microsoft Corporation) C:\Windows\System32\itss.dll
    2017-12-12 10:40 - 2017-12-07 14:07 - 000164864 _____ (Microsoft Corporation) C:\Windows\System32\dmcertinst.exe
    2017-12-12 10:40 - 2017-12-07 14:07 - 000140800 _____ (Microsoft Corporation) C:\Windows\System32\Chakradiag.dll
    2017-12-12 10:40 - 2017-12-07 14:06 - 023652864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2017-12-12 10:40 - 2017-12-07 14:06 - 000676352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
    2017-12-12 10:40 - 2017-12-07 14:06 - 000559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-12-12 10:40 - 2017-12-07 14:06 - 000174080 _____ (Microsoft Corporation) C:\Windows\System32\gamingtcui.dll
    2017-12-12 10:40 - 2017-12-07 14:06 - 000164864 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
    2017-12-12 10:40 - 2017-12-07 14:05 - 006037504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
    2017-12-12 10:40 - 2017-12-07 14:05 - 001670656 _____ (Microsoft Corporation) C:\Windows\System32\batmeter.dll
    2017-12-12 10:40 - 2017-12-07 14:05 - 000664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-12-12 10:40 - 2017-12-07 14:05 - 000559616 _____ (Microsoft Corporation) C:\Windows\System32\iprtrmgr.dll
    2017-12-12 10:40 - 2017-12-07 14:05 - 000539136 _____ (Microsoft Corporation) C:\Windows\System32\HolographicExtensions.dll
    2017-12-12 10:40 - 2017-12-07 14:05 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcext.dll
    2017-12-12 10:40 - 2017-12-07 14:05 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-12-12 10:40 - 2017-12-07 14:05 - 000431616 _____ (Microsoft Corporation) C:\Windows\System32\msIso.dll
    2017-12-12 10:40 - 2017-12-07 14:05 - 000363008 _____ (Microsoft Corporation) C:\Windows\System32\SettingsEnvironment.Desktop.dll
    2017-12-12 10:40 - 2017-12-07 14:05 - 000334848 _____ (Microsoft Corporation) C:\Windows\System32\dusmsvc.dll
    2017-12-12 10:40 - 2017-12-07 14:05 - 000306688 _____ (Microsoft Corporation) C:\Windows\System32\FSClient.dll
    2017-12-12 10:40 - 2017-12-07 14:05 - 000222208 _____ (Microsoft Corporation) C:\Windows\System32\scrobj.dll
    2017-12-12 10:40 - 2017-12-07 14:05 - 000164864 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
    2017-12-12 10:40 - 2017-12-07 14:05 - 000019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slcext.dll
    2017-12-12 10:40 - 2017-12-07 14:04 - 003678208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-12-12 10:40 - 2017-12-07 14:04 - 001498112 _____ (Microsoft Corporation) C:\Windows\System32\WebRuntimeManager.dll
    2017-12-12 10:40 - 2017-12-07 14:04 - 001321472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
    2017-12-12 10:40 - 2017-12-07 14:04 - 000568832 _____ (Microsoft Corporation) C:\Windows\System32\TileDataRepository.dll
    2017-12-12 10:40 - 2017-12-07 14:03 - 002467840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
    2017-12-12 10:40 - 2017-12-07 14:03 - 001559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-12-12 10:40 - 2017-12-07 14:03 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
    2017-12-12 10:40 - 2017-12-07 14:03 - 000841728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
    2017-12-12 10:40 - 2017-12-07 14:03 - 000708096 _____ (Microsoft Corporation) C:\Windows\System32\SndVolSSO.dll
    2017-12-12 10:40 - 2017-12-07 14:03 - 000708096 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
    2017-12-12 10:40 - 2017-12-07 14:03 - 000594944 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2017-12-12 10:40 - 2017-12-07 14:03 - 000403968 _____ (Microsoft Corporation) C:\Windows\System32\WpAXHolder.dll
    2017-12-12 10:40 - 2017-12-07 14:03 - 000308736 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
    2017-12-12 10:40 - 2017-12-07 14:03 - 000085504 _____ (Microsoft Corporation) C:\Windows\System32\hascsp.dll
    2017-12-12 10:40 - 2017-12-07 14:02 - 007545344 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
    2017-12-12 10:40 - 2017-12-07 14:02 - 002864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
    2017-12-12 10:40 - 2017-12-07 14:02 - 002117632 _____ (Microsoft Corporation) C:\Windows\System32\pnidui.dll
    2017-12-12 10:40 - 2017-12-07 14:02 - 000815616 _____ (Microsoft Corporation) C:\Windows\System32\ieproxy.dll
    2017-12-12 10:40 - 2017-12-07 14:02 - 000813056 _____ (Microsoft Corporation) C:\Windows\System32\bisrv.dll
    2017-12-12 10:40 - 2017-12-07 14:02 - 000496640 _____ (Microsoft Corporation) C:\Windows\System32\sppcext.dll
    2017-12-12 10:40 - 2017-12-07 14:01 - 008097280 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
    2017-12-12 10:40 - 2017-12-07 14:01 - 004592640 _____ (Microsoft Corporation) C:\Windows\System32\SystemSettingsThresholdAdminFlowUI.dll
    2017-12-12 10:40 - 2017-12-07 14:01 - 001980928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
    2017-12-12 10:40 - 2017-12-07 14:01 - 000601088 _____ (Microsoft Corporation) C:\Windows\System32\ipnathlp.dll
    2017-12-12 10:40 - 2017-12-07 14:01 - 000021504 _____ (Microsoft Corporation) C:\Windows\System32\slcext.dll
    2017-12-12 10:40 - 2017-12-07 14:00 - 004740608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2017-12-12 10:40 - 2017-12-07 14:00 - 002862080 _____ (Microsoft Corporation) C:\Windows\System32\dwmcore.dll
    2017-12-12 10:40 - 2017-12-07 14:00 - 001509888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
    2017-12-12 10:40 - 2017-12-07 13:59 - 003121664 _____ (Microsoft Corporation) C:\Windows\System32\Microsoft.Bluetooth.Profiles.Gatt.dll
    2017-12-12 10:40 - 2017-12-07 13:59 - 002105856 _____ (Microsoft Corporation) C:\Windows\System32\win32kbase.sys
    2017-12-12 10:40 - 2017-12-07 13:59 - 001666048 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Input.Inking.dll
    2017-12-12 10:40 - 2017-12-07 13:59 - 001058304 _____ (Microsoft Corporation) C:\Windows\System32\comdlg32.dll
    2017-12-12 10:40 - 2017-12-07 13:59 - 000880640 _____ (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
    2017-12-12 10:40 - 2017-12-07 13:58 - 003478016 _____ (Microsoft Corporation) C:\Windows\System32\mispace.dll
    2017-12-12 10:40 - 2017-12-07 13:58 - 003211776 _____ (Microsoft Corporation) C:\Windows\System32\NetworkMobileSettings.dll
    2017-12-12 10:40 - 2017-12-07 13:58 - 001547264 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
    2017-12-12 10:40 - 2017-12-07 13:58 - 001353728 _____ (Microsoft Corporation) C:\Windows\System32\usercpl.dll
    2017-12-12 10:40 - 2017-12-07 13:58 - 000812032 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2017-12-12 10:40 - 2017-12-07 13:57 - 001822208 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2017-12-12 10:40 - 2017-12-07 13:57 - 001487872 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
    2017-12-12 10:40 - 2017-12-07 13:56 - 002666496 _____ (Microsoft Corporation) C:\Windows\System32\storagewmi.dll
    2017-12-12 10:40 - 2017-12-07 13:56 - 001739264 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Immersive.dll
    2017-12-12 10:40 - 2017-12-07 13:56 - 000685056 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
    2017-12-12 10:40 - 2017-12-07 13:54 - 002510336 _____ (Microsoft Corporation) C:\Windows\System32\ResetEngine.dll
    2017-12-12 10:40 - 2017-12-07 13:54 - 001570816 _____ (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe
    2017-12-12 10:40 - 2017-12-07 13:54 - 001160704 _____ (Microsoft Corporation) C:\Windows\System32\reseteng.dll
    2017-12-12 08:19 - 2017-12-12 01:43 - 000135183 _____ C:\Users\jbcon\Desktop\boot manager screen.pdf
    2017-12-12 08:19 - 2017-12-10 20:24 - 000000735 _____ C:\Users\jbcon\Desktop\Windows 10 Update Assistant.lnk
    2017-12-12 08:19 - 2017-11-16 08:24 - 000431306 _____ C:\Users\jbcon\Desktop\Analytics__A_Powerful_Tool_for_the_Life_Insurance_Industry.pdf
    2017-12-12 08:19 - 2017-11-14 11:22 - 000284471 _____ C:\Users\jbcon\Desktop\JBCW2-2016.pdf
    2017-12-12 08:19 - 2017-11-14 11:04 - 000221170 _____ C:\Users\jbcon\Desktop\JBCW2-2015.pdf
    2017-12-12 08:19 - 2017-11-14 10:50 - 000102670 _____ C:\Users\jbcon\Desktop\paystub_10182017.pdf
    2017-12-12 08:19 - 2017-11-04 21:25 - 000995013 _____ C:\Users\jbcon\Desktop\Account Development Plan Template.pptx
    2017-12-12 08:19 - 2017-11-02 14:06 - 003827461 _____ C:\Users\jbcon\Desktop\Neal Analytics Overview May 17 2017.pptx
    2017-12-12 08:19 - 2017-11-01 03:00 - 000799778 _____ C:\Users\jbcon\Desktop\Sales Approach and GTM Ins Strategy-Infobeans.pptx
    2017-12-12 08:19 - 2017-10-31 18:47 - 000436224 _____ C:\Users\jbcon\Desktop\JBC InsCarrier List.xls
    2017-12-12 08:19 - 2017-10-08 18:49 - 009466005 _____ C:\Users\jbcon\Desktop\Fractal Analytics - MunichRe Wkshp_v1jbc.pptx
    2017-12-12 08:19 - 2017-10-06 01:57 - 005512167 _____ C:\Users\jbcon\Desktop\Claims Analytics-Fractal.pptx
    2017-12-12 08:18 - 2017-12-18 11:04 - 000000000 ____D C:\Users\jbcon\Desktop\Essentials
    2017-12-12 08:18 - 2017-12-17 04:01 - 000000000 ____D C:\Users\jbcon\Desktop\Adobe Acrobat
    2017-12-12 08:18 - 2017-12-12 21:13 - 000000000 ____D C:\Users\jbcon\Desktop\Receipts
    2017-12-12 08:18 - 2017-12-12 08:19 - 000000000 ____D C:\Users\jbcon\Desktop\SOE
    2017-12-12 08:18 - 2017-12-12 08:19 - 000000000 ____D C:\Users\jbcon\Desktop\SG Analytics
    2017-12-12 08:18 - 2017-12-12 08:19 - 000000000 ____D C:\Users\jbcon\Desktop\Sales
    2017-12-12 08:18 - 2017-12-12 08:19 - 000000000 ____D C:\Users\jbcon\Desktop\Roadmap
    2017-12-12 08:18 - 2017-12-12 08:19 - 000000000 ____D C:\Users\jbcon\Desktop\Paystubs
    2017-12-12 08:18 - 2017-12-12 08:19 - 000000000 ____D C:\Users\jbcon\Desktop\Infobeans
    2017-12-12 08:18 - 2017-12-12 08:19 - 000000000 ____D C:\Users\jbcon\Desktop\HLS
    2017-12-12 08:18 - 2017-12-12 08:19 - 000000000 ____D C:\Users\jbcon\Desktop\Haiti Docs
    2017-12-12 08:18 - 2017-12-12 08:19 - 000000000 ____D C:\Users\jbcon\Desktop\Delta
    2017-12-12 08:18 - 2017-12-12 08:19 - 000000000 ____D C:\Users\jbcon\Desktop\Ballman
    2017-12-12 08:18 - 2017-12-12 08:19 - 000000000 ____D C:\Users\jbcon\Desktop\Adobe Acrobat Pro DC 2017.012.20098 + Patch [CracksNow]
    2017-12-12 08:18 - 2017-12-12 08:19 - 000000000 ____D C:\Users\jbcon\Desktop\2017 PortfolioRes
    2017-12-12 08:18 - 2017-12-12 08:18 - 000000000 ____D C:\Users\jbcon\Desktop\Altar Server Schedule
    2017-12-12 04:53 - 2017-12-12 04:53 - 000000000 ___HD C:\$Windows.~WS
    2017-12-12 04:53 - 2017-12-12 04:53 - 000000000 ____D C:\$WINDOWS.~BT
    2017-12-12 02:56 - 2017-12-12 02:56 - 018617536 _____ (Microsoft Corporation) C:\Users\jbcon\Downloads\MediaCreationTool.exe
    2017-12-12 02:00 - 2017-12-15 22:54 - 000000000 ____D C:\Users\jbcon\AppData\Local\CrashDumps
    2017-12-11 10:31 - 2017-12-11 10:31 - 000029381 _____ C:\Users\jbcon\Downloads\Fixlog.txt
    2017-12-11 02:56 - 2017-12-12 05:01 - 000000000 ____D C:\Windows\Panther
    2017-12-11 02:45 - 2017-12-18 17:49 - 000000554 __RSH C:\ProgramData\ntuser.pol
    2017-12-10 20:24 - 2017-12-10 20:24 - 000000000 ____D C:\Windows10Upgrade
    2017-12-10 11:58 - 2017-12-10 11:58 - 000012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
    2017-12-10 11:54 - 2017-12-10 11:54 - 000000000 ____D C:\Program Files\HitmanPro
    2017-12-10 11:44 - 2017-12-19 01:22 - 000364293 _____ C:\Windows\ZAM_Guard.krnl.trace
    2017-12-10 11:44 - 2017-12-12 03:48 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
    2017-12-10 11:44 - 2017-12-12 02:51 - 000092888 _____ C:\Windows\ZAM.krnl.trace
    2017-12-10 11:44 - 2017-12-10 11:44 - 000203680 _____ (Zemana Ltd.) C:\Windows\System32\Drivers\zamguard64.sys
    2017-12-10 11:43 - 2017-12-10 11:43 - 000000000 ____D C:\Users\jbcon\AppData\Local\Zemana
    2017-12-10 11:00 - 2017-12-17 09:56 - 000028272 _____ C:\Windows\System32\Drivers\TrueSight.sys
    2017-12-10 10:59 - 2017-12-10 11:22 - 000000000 ____D C:\ProgramData\RogueKiller
    2017-12-10 10:45 - 2017-12-10 11:22 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2017-12-09 23:56 - 2017-12-09 23:56 - 000037489 _____ C:\Users\jbcon\Downloads\Addition.txt
    2017-12-09 23:55 - 2017-12-09 23:56 - 000115050 _____ C:\Users\jbcon\Downloads\FRST.txt
    2017-12-09 20:08 - 2017-12-12 05:07 - 000000000 ____D C:\ESD
    2017-12-08 20:16 - 2017-12-09 13:06 - 000000000 ____D C:\Users\jbcon\Downloads\FRST-OlderVersion
    2017-12-08 19:47 - 2017-12-17 10:41 - 000000000 __SHD C:\Users\jbcon\IntelGraphicsProfiles
    2017-12-08 19:47 - 2017-12-08 19:47 - 000000000 ____D C:\Program Files (x86)\VulkanRT
    2017-12-08 19:47 - 2017-09-13 15:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
    2017-12-08 19:47 - 2017-09-13 15:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
    2017-12-08 19:47 - 2017-09-13 15:19 - 000927544 _____ C:\Windows\System32\vulkan-1.dll
    2017-12-08 19:47 - 2017-09-13 15:19 - 000591160 _____ C:\Windows\System32\vulkaninfo.exe
    2017-12-08 10:28 - 2017-12-08 10:28 - 000278016 _____ C:\Windows\System32\igfxCPL.cpl
    2017-12-08 04:18 - 2017-12-08 04:18 - 000000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2017-12-08 03:23 - 2017-12-08 03:23 - 000000000 ____D C:\Users\jbcon\AppData\Roaming\Apple Computer
    2017-12-08 03:23 - 2017-12-08 03:23 - 000000000 ____D C:\Users\jbcon\AppData\Local\Apple Computer
    2017-12-08 02:51 - 2017-12-08 02:51 - 000000000 ____D C:\ProgramData\Apple Computer
    2017-12-08 02:48 - 2017-12-08 02:48 - 000000000 ____D C:\Windows\System32\Tasks\Apple
    2017-12-08 02:48 - 2017-12-08 02:48 - 000000000 ____D C:\Users\jbcon\AppData\Local\Apple
    2017-12-08 02:47 - 2017-12-08 02:48 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
    2017-12-08 02:46 - 2017-12-08 02:46 - 000000000 ____D C:\Program Files\Bonjour
    2017-12-08 02:46 - 2017-12-08 02:46 - 000000000 ____D C:\Program Files (x86)\Bonjour
    2017-12-08 02:44 - 2017-12-08 02:47 - 000000000 ____D C:\Program Files\Common Files\Apple
    2017-12-08 02:43 - 2017-12-08 02:47 - 000000000 ____D C:\ProgramData\Apple
    2017-12-08 02:30 - 2017-12-08 02:30 - 000000000 ____D C:\Users\jbcon\AppData\Local\MediaMonkey
    2017-12-08 02:29 - 2017-12-17 05:26 - 000000000 ____D C:\Users\jbcon\AppData\Roaming\MediaMonkey
    2017-12-08 02:29 - 2017-12-08 02:29 - 000001126 _____ C:\Users\Public\Desktop\MediaMonkey.lnk
    2017-12-08 02:29 - 2017-12-08 02:29 - 000000000 ____D C:\ProgramData\MediaMonkey
    2017-12-08 02:29 - 2017-12-08 02:29 - 000000000 ____D C:\Program Files (x86)\MediaMonkey
    2017-12-08 01:57 - 2017-12-08 01:57 - 004922400 _____ (AO Kaspersky Lab) C:\Users\jbcon\Downloads\tdsskiller.exe
    2017-12-08 01:29 - 2017-12-08 01:29 - 000000000 ____D C:\ProgramData\MB3CoreBackup
    2017-12-08 01:28 - 2017-12-08 01:28 - 000079064 _____ (Malwarebytes) C:\Windows\System32\Drivers\lqubue.sys
    2017-12-08 01:19 - 2017-12-08 01:19 - 006705178 _____ C:\Users\jbcon\Downloads\mbam-chameleon-3.1.33.0.zip
    2017-12-08 01:10 - 2017-12-08 01:10 - 000021189 _____ C:\Users\jbcon\Downloads\JB Constant - References EXL.pdf
    2017-12-07 21:23 - 2017-12-16 19:36 - 000000000 ____D C:\FRST
    2017-12-07 21:23 - 2017-12-09 13:06 - 002390528 _____ (Farbar) C:\Users\jbcon\Downloads\FRST64.exe
    2017-12-07 21:14 - 2017-12-08 01:13 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2017-12-07 21:14 - 2017-12-07 21:14 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
    2017-12-07 21:13 - 2017-12-08 01:13 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2017-12-07 21:12 - 2017-12-07 21:13 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\jbcon\Downloads\spybotsd-2.6.46.exe
    2017-12-07 20:56 - 2017-12-07 20:56 - 005659763 _____ (Swearware) C:\Users\jbcon\Downloads\ComboFix (1).exe
    2017-12-07 20:37 - 2017-12-17 02:35 - 000000000 ____D C:\Program Files\Malwarebytes
    2017-12-07 20:37 - 2017-12-07 20:37 - 083316440 _____ (Malwarebytes ) C:\Users\jbcon\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
    2017-12-07 20:30 - 2017-12-07 20:30 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\jbcon\Downloads\rkill.exe
    2017-12-07 20:21 - 2017-12-07 20:21 - 000003424 _____ C:\Windows\System32\.crusader
    2017-12-07 20:19 - 2017-12-10 11:57 - 000055232 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
    2017-12-07 20:19 - 2017-12-10 11:53 - 000000000 ____D C:\ProgramData\HitmanPro
    2017-12-07 20:19 - 2017-12-07 20:19 - 011584088 _____ (SurfRight B.V.) C:\Users\jbcon\Downloads\hitmanpro_x64.exe
    2017-12-07 20:07 - 2017-12-07 20:07 - 008187336 _____ (Malwarebytes) C:\Users\jbcon\Downloads\adwcleaner_7.0.5.0.exe
    2017-12-07 19:53 - 2017-12-10 17:18 - 000000000 ____D C:\Users\jbcon\AppData\Local\pcasklm
    2017-12-07 19:48 - 2017-12-16 19:35 - 000000000 ____D C:\Users\jbcon\AppData\Local\igfxmtc
    2017-12-07 19:48 - 2017-12-16 19:35 - 000000000 ____D C:\Users\jbcon\AppData\Local\exntigs
    2017-12-07 19:47 - 2017-12-07 19:47 - 000000000 ____D C:\Windows\System32\Drivers\wd
    2017-12-07 19:47 - 2017-12-07 19:47 - 000000000 ____D C:\Users\jbcon\AppData\Roaming\Macromedia
    2017-12-07 19:46 - 2017-12-16 16:31 - 002884096 _____ C:\Windows\System32\uphmswisvc.exe
    2017-12-07 19:46 - 2017-12-07 19:46 - 000000000 ____D C:\Windows\SysWOW64\rabsoez
    2017-12-07 19:46 - 2017-12-07 19:46 - 000000000 ____D C:\Windows\System32\rabsoez
    2017-12-07 19:46 - 2017-12-07 19:46 - 000000000 ____D C:\Users\jbcon\AppData\Roaming\et
    2017-12-07 19:45 - 2017-12-07 19:45 - 000000020 _____ C:\Windows\b21689277
    2017-12-07 19:45 - 2017-12-07 19:45 - 000000000 ____D C:\Program Files (x86)\spendthrifts
    2017-12-07 19:09 - 2017-12-07 19:09 - 000120381 _____ C:\Users\jbcon\Downloads\paystub_JB Constant Nov17.pdf
    2017-12-07 19:07 - 2017-12-07 19:07 - 000119209 _____ C:\Users\jbcon\Downloads\paystub_JB Constant Oct17.pdf
    2017-12-07 12:03 - 2017-12-07 12:03 - 000102711 _____ C:\Users\jbcon\Downloads\paystub_10182017 (8).pdf
    2017-12-07 12:03 - 2017-12-07 12:03 - 000102670 _____ C:\Users\jbcon\Downloads\paystub_10182017 (9).pdf
    2017-12-07 11:54 - 2017-12-07 11:54 - 000102160 _____ C:\Users\jbcon\Downloads\paystub_06292017.pdf
    2017-12-07 11:42 - 2017-12-07 11:42 - 000039936 _____ C:\Users\jbcon\Downloads\Neal Analytics Expenses Reimb to JB Constant (2).xls
    2017-12-07 11:41 - 2017-12-07 11:41 - 001415390 _____ C:\Users\jbcon\Downloads\Expense Reimb Receipts-JB Constant (2).pdf
    2017-12-07 11:21 - 2017-12-07 11:21 - 000102711 _____ C:\Users\jbcon\Downloads\paystub_10182017 (6).pdf
    2017-12-07 11:21 - 2017-12-07 11:21 - 000102670 _____ C:\Users\jbcon\Downloads\paystub_10182017 (7).pdf
    2017-12-07 11:20 - 2017-12-07 11:20 - 000102670 _____ C:\Users\jbcon\Downloads\paystub_10182017 (5).pdf
    2017-12-07 11:07 - 2017-12-07 11:07 - 000102670 _____ C:\Users\jbcon\Downloads\paystub_10182017 (4).pdf
    2017-12-07 11:07 - 2017-12-07 11:07 - 000102196 _____ C:\Users\jbcon\Downloads\paystub_08312017.pdf
    2017-12-07 10:38 - 2017-12-07 10:38 - 000102196 _____ C:\Users\jbcon\Downloads\paystub_09292017 (1).pdf
    2017-12-07 10:37 - 2017-12-07 10:37 - 000102670 _____ C:\Users\jbcon\Downloads\paystub_10182017 (3).pdf
    2017-12-07 07:16 - 2017-12-07 07:16 - 004023234 _____ C:\Users\jbcon\Downloads\New Patient Packet.pdf
    2017-12-07 05:11 - 2017-12-07 05:11 - 000037158 _____ C:\Windows\uninstaller.dat
    2017-12-06 11:09 - 2017-11-26 05:47 - 001053592 _____ (Microsoft Corporation) C:\Windows\System32\hvax64.exe
    2017-12-06 11:09 - 2017-11-26 05:41 - 000285080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys
    2017-12-06 11:09 - 2017-11-26 05:38 - 001636376 _____ (Microsoft Corporation) C:\Windows\System32\gdi32full.dll
    2017-12-06 11:09 - 2017-11-26 05:33 - 002395032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2017-12-06 11:09 - 2017-11-26 05:32 - 000373656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\clfs.sys
    2017-12-06 11:09 - 2017-11-26 05:31 - 000187288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsd.sys
    2017-12-06 11:09 - 2017-11-26 05:29 - 002573208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2017-12-06 11:09 - 2017-11-26 05:26 - 000428952 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
    2017-12-06 11:09 - 2017-11-26 04:55 - 000329728 _____ (Microsoft Corporation) C:\Windows\System32\AcGenral.dll
    2017-12-06 11:09 - 2017-11-26 04:31 - 000529408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys
    2017-12-06 11:09 - 2017-11-26 04:17 - 003334144 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2017-12-06 11:09 - 2017-11-26 04:05 - 000462336 _____ (Microsoft Corporation) C:\Windows\System32\wuuhext.dll
    2017-12-06 11:09 - 2017-11-26 04:03 - 002783744 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2017-12-06 11:09 - 2017-11-26 03:59 - 000726016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
    2017-12-06 11:09 - 2017-11-26 03:21 - 001432816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
    2017-12-06 11:09 - 2017-11-26 02:29 - 002869760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-12-06 11:08 - 2017-11-26 12:35 - 017084416 _____ (Microsoft Corporation) C:\Windows\System32\HologramCompositor.dll
    2017-12-06 11:08 - 2017-11-26 12:32 - 021754368 _____ (Microsoft Corporation) C:\Windows\System32\Hydrogen.dll
    2017-12-06 11:08 - 2017-11-26 12:15 - 000882688 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Mirage.Internal.dll
    2017-12-06 11:08 - 2017-11-26 08:43 - 000618496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
    2017-12-06 11:08 - 2017-11-26 05:48 - 001200536 _____ (Microsoft Corporation) C:\Windows\System32\hvix64.exe
    2017-12-06 11:08 - 2017-11-26 05:45 - 001642520 _____ (Microsoft Corporation) C:\Windows\System32\d3d9.dll
    2017-12-06 11:08 - 2017-11-26 05:45 - 000319352 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2017-12-06 11:08 - 2017-11-26 05:45 - 000264040 _____ (Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
    2017-12-06 11:08 - 2017-11-26 05:45 - 000198888 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
    2017-12-06 11:08 - 2017-11-26 05:37 - 001277848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2017-12-06 11:08 - 2017-11-26 05:35 - 001090440 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
    2017-12-06 11:08 - 2017-11-26 05:35 - 000924136 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
    2017-12-06 11:08 - 2017-11-26 05:33 - 001208184 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
    2017-12-06 11:08 - 2017-11-26 05:33 - 000471960 _____ (Microsoft Corporation) C:\Windows\System32\hal.dll
    2017-12-06 11:08 - 2017-11-26 05:33 - 000398744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys
    2017-12-06 11:08 - 2017-11-26 05:32 - 000082840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys
    2017-12-06 11:08 - 2017-11-26 05:30 - 001488792 _____ (Microsoft Corporation) C:\Windows\System32\ContentDeliveryManager.Utilities.dll
    2017-12-06 11:08 - 2017-11-26 05:29 - 003010720 _____ (Microsoft Corporation) C:\Windows\System32\d3d11.dll
    2017-12-06 11:08 - 2017-11-26 05:29 - 000891800 _____ (Microsoft Corporation) C:\Windows\System32\WWAHost.exe
    2017-12-06 11:08 - 2017-11-26 05:29 - 000840440 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Perception.Stub.dll
    2017-12-06 11:08 - 2017-11-26 05:29 - 000749976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms2.sys
    2017-12-06 11:08 - 2017-11-26 05:29 - 000703536 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
    2017-12-06 11:08 - 2017-11-26 05:29 - 000436120 _____ (Microsoft Corporation) C:\Windows\System32\CloudExperienceHostCommon.dll
    2017-12-06 11:08 - 2017-11-26 05:28 - 001259344 _____ (Microsoft Corporation) C:\Windows\System32\mfsvr.dll
    2017-12-06 11:08 - 2017-11-26 05:28 - 001012120 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Services.TargetedContent.dll
    2017-12-06 11:08 - 2017-11-26 05:28 - 000713624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
    2017-12-06 11:08 - 2017-11-26 05:28 - 000495000 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
    2017-12-06 11:08 - 2017-11-26 05:28 - 000149400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storahci.sys
    2017-12-06 11:08 - 2017-11-26 05:27 - 002446744 _____ (Microsoft Corporation) C:\Windows\System32\UpdateAgent.dll
    2017-12-06 11:08 - 2017-11-26 05:27 - 002412168 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2017-12-06 11:08 - 2017-11-26 05:27 - 001413760 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
    2017-12-06 11:08 - 2017-11-26 05:27 - 000464408 _____ (Microsoft Corporation) C:\Windows\System32\bcryptprimitives.dll
    2017-12-06 11:08 - 2017-11-26 05:27 - 000230296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
    2017-12-06 11:08 - 2017-11-26 05:26 - 000048112 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2017-12-06 11:08 - 2017-11-26 05:25 - 000902416 _____ (Microsoft Corporation) C:\Windows\System32\winhttp.dll
    2017-12-06 11:08 - 2017-11-26 05:23 - 001694224 _____ (Microsoft Corporation) C:\Windows\System32\winmde.dll
    2017-12-06 11:08 - 2017-11-26 05:23 - 001054280 _____ (Microsoft Corporation) C:\Windows\System32\msvproc.dll
    2017-12-06 11:08 - 2017-11-26 05:23 - 000754688 _____ (Microsoft Corporation) C:\Windows\System32\evr.dll
    2017-12-06 11:08 - 2017-11-26 05:22 - 000404888 _____ (Microsoft Corporation) C:\Windows\System32\CloudExperienceHost.dll
    2017-12-06 11:08 - 2017-11-26 05:21 - 002220952 _____ (Microsoft Corporation) C:\Windows\System32\AppVEntSubsystems64.dll
    2017-12-06 11:08 - 2017-11-26 05:21 - 001778584 _____ (Microsoft Corporation) C:\Windows\System32\AppVEntVirtualization.dll
    2017-12-06 11:08 - 2017-11-26 05:21 - 001628056 _____ (Microsoft Corporation) C:\Windows\System32\AppVIntegration.dll
    2017-12-06 11:08 - 2017-11-26 05:21 - 001585376 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
    2017-12-06 11:08 - 2017-11-26 05:21 - 001420696 _____ (Microsoft Corporation) C:\Windows\System32\AppVEntSubsystemController.dll
    2017-12-06 11:08 - 2017-11-26 05:21 - 000831384 _____ (Microsoft Corporation) C:\Windows\System32\AppVOrchestration.dll
    2017-12-06 11:08 - 2017-11-26 05:21 - 000819096 _____ (Microsoft Corporation) C:\Windows\System32\AppVClient.exe
    2017-12-06 11:08 - 2017-11-26 05:21 - 000813976 _____ (Microsoft Corporation) C:\Windows\System32\AppVEntStreamingManager.dll
    2017-12-06 11:08 - 2017-11-26 05:21 - 000744856 _____ (Microsoft Corporation) C:\Windows\System32\AppVReporting.dll
    2017-12-06 11:08 - 2017-11-26 05:21 - 000669592 _____ (Microsoft Corporation) C:\Windows\System32\AppVCatalog.dll
    2017-12-06 11:08 - 2017-11-26 05:21 - 000654048 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
    2017-12-06 11:08 - 2017-11-26 05:21 - 000645528 _____ (Microsoft Corporation) C:\Windows\System32\AppVPublishing.dll
    2017-12-06 11:08 - 2017-11-26 05:20 - 000615768 _____ (Microsoft Corporation) C:\Windows\System32\services.exe
    2017-12-06 11:08 - 2017-11-26 05:20 - 000519152 _____ (Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
    2017-12-06 11:08 - 2017-11-26 04:57 - 001664000 _____ (Microsoft Corporation) C:\Windows\System32\GdiPlus.dll
    2017-12-06 11:08 - 2017-11-26 04:55 - 001289216 _____ (Microsoft Corporation) C:\Windows\System32\usocore.dll
    2017-12-06 11:08 - 2017-11-26 04:55 - 000301056 _____ (Microsoft Corporation) C:\Windows\System32\AcLayers.dll
    2017-12-06 11:08 - 2017-11-26 04:55 - 000211456 _____ (Microsoft Corporation) C:\Windows\System32\MusNotificationUx.exe
    2017-12-06 11:08 - 2017-11-26 04:55 - 000175104 _____ (Microsoft Corporation) C:\Windows\System32\t2embed.dll
    2017-12-06 11:08 - 2017-11-26 04:55 - 000084992 _____ (Microsoft Corporation) C:\Windows\System32\DeviceUpdateAgent.dll
    2017-12-06 11:08 - 2017-11-26 04:54 - 000327680 _____ (Microsoft Corporation) C:\Windows\System32\MusNotification.exe
    2017-12-06 11:08 - 2017-11-26 04:54 - 000092160 _____ (Microsoft Corporation) C:\Windows\System32\usoapi.dll
    2017-12-06 11:08 - 2017-11-26 04:48 - 012829696 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2017-12-06 11:08 - 2017-11-26 04:47 - 002890240 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.Resources.dll
    2017-12-06 11:08 - 2017-11-26 04:43 - 000239104 _____ (Microsoft Corporation) C:\Windows\System32\smartscreenps.dll
    2017-12-06 11:08 - 2017-11-26 04:36 - 000204288 _____ (Microsoft Corporation) C:\Windows\System32\provisioningcsp.dll
    2017-12-06 11:08 - 2017-11-26 04:36 - 000169472 _____ (Microsoft Corporation) C:\Windows\System32\wuuhosdeployment.dll
    2017-12-06 11:08 - 2017-11-26 04:36 - 000168448 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers_SIUF.dll
    2017-12-06 11:08 - 2017-11-26 04:36 - 000041472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifimp.sys
    2017-12-06 11:08 - 2017-11-26 04:35 - 000170496 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers_ContentDeliveryManager.dll
    2017-12-06 11:08 - 2017-11-26 04:35 - 000057856 _____ (Microsoft Corporation) C:\Windows\System32\wuautoappupdate.dll
    2017-12-06 11:08 - 2017-11-26 04:34 - 000126464 _____ (Microsoft Corporation) C:\Windows\System32\cryptcatsvc.dll
    2017-12-06 11:08 - 2017-11-26 04:33 - 000361984 _____ (Microsoft Corporation) C:\Windows\System32\SpatializerApo.dll
    2017-12-06 11:08 - 2017-11-26 04:31 - 001495040 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.desktop.dll
    2017-12-06 11:08 - 2017-11-26 04:31 - 000115200 _____ (Microsoft Corporation) C:\Windows\System32\updatepolicy.dll
    2017-12-06 11:08 - 2017-11-26 04:31 - 000073216 _____ (Microsoft Corporation) C:\Windows\System32\provtool.exe
    2017-12-06 11:08 - 2017-11-26 04:29 - 000474112 _____ (Microsoft Corporation) C:\Windows\System32\DictationManager.dll
    2017-12-06 11:08 - 2017-11-26 04:29 - 000432640 _____ (Microsoft Corporation) C:\Windows\System32\provengine.dll
    2017-12-06 11:08 - 2017-11-26 04:29 - 000424960 _____ (Microsoft Corporation) C:\Windows\System32\provhandlers.dll
    2017-12-06 11:08 - 2017-11-26 04:29 - 000238080 _____ (Microsoft Corporation) C:\Windows\System32\DeviceSetupManager.dll
    2017-12-06 11:08 - 2017-11-26 04:28 - 000394752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
    2017-12-06 11:08 - 2017-11-26 04:26 - 000830464 _____ (Microsoft Corporation) C:\Windows\System32\d3d9on12.dll
    2017-12-06 11:08 - 2017-11-26 04:26 - 000770048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdiWiFi.sys
    2017-12-06 11:08 - 2017-11-26 04:26 - 000432640 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.LockScreen.dll
    2017-12-06 11:08 - 2017-11-26 04:25 - 001425408 _____ (Microsoft Corporation) C:\Windows\System32\SystemSettings.Handlers.dll
    2017-12-06 11:08 - 2017-11-26 04:25 - 000516096 _____ (Microsoft Corporation) C:\Windows\System32\ActivationManager.dll
    2017-12-06 11:08 - 2017-11-26 04:25 - 000354304 _____ (Microsoft Corporation) C:\Windows\System32\WwaApi.dll
    2017-12-06 11:08 - 2017-11-26 04:25 - 000292864 _____ (Microsoft Corporation) C:\Windows\System32\ExecModelClient.dll
    2017-12-06 11:08 - 2017-11-26 04:25 - 000266752 _____ (Microsoft Corporation) C:\Windows\System32\SIHClient.exe
    2017-12-06 11:08 - 2017-11-26 04:23 - 000588288 _____ (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
    2017-12-06 11:08 - 2017-11-26 04:22 - 000720896 _____ (Microsoft Corporation) C:\Windows\System32\LogonController.dll
    2017-12-06 11:08 - 2017-11-26 04:19 - 001167360 _____ (Microsoft Corporation) C:\Windows\System32\ISM.dll
    2017-12-06 11:08 - 2017-11-26 04:19 - 000887296 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll
    2017-12-06 11:08 - 2017-11-26 04:19 - 000059392 _____ (Microsoft Corporation) C:\Windows\System32\aadjcsp.dll
    2017-12-06 11:08 - 2017-11-26 04:18 - 003186688 _____ (Microsoft Corporation) C:\Windows\System32\Windows.CloudStore.dll
    2017-12-06 11:08 - 2017-11-26 04:18 - 001424896 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
    2017-12-06 11:08 - 2017-11-26 04:18 - 000556544 _____ (Microsoft Corporation) C:\Windows\System32\LockAppBroker.dll
    2017-12-06 11:08 - 2017-11-26 04:17 - 002208768 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.onecore.dll
    2017-12-06 11:08 - 2017-11-26 04:17 - 001054720 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2017-12-06 11:08 - 2017-11-26 04:08 - 017159680 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
    2017-12-06 11:08 - 2017-11-26 04:04 - 003578368 _____ (Microsoft Corporation) C:\Windows\System32\SRH.dll
    2017-12-06 11:08 - 2017-11-26 04:04 - 002596352 _____ (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    2017-12-06 11:08 - 2017-11-26 04:03 - 004772352 _____ (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
    2017-12-06 11:08 - 2017-11-26 04:01 - 003163648 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
    2017-12-06 11:08 - 2017-11-26 04:00 - 000899584 _____ (Microsoft Corporation) C:\Windows\System32\samsrv.dll
    2017-12-06 11:08 - 2017-11-26 03:59 - 004814848 _____ (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
    2017-12-06 11:08 - 2017-11-26 03:59 - 000259072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
    2017-12-06 11:08 - 2017-11-26 03:58 - 000151040 _____ (Microsoft Corporation) C:\Windows\System32\umpo.dll
    2017-12-06 11:08 - 2017-11-26 03:48 - 000534528 _____ (Microsoft Corporation) C:\Windows\System32\apphelp.dll
    2017-12-06 11:08 - 2017-11-26 03:48 - 000079360 _____ (Microsoft Corporation) C:\Windows\System32\acppage.dll
    2017-12-06 11:08 - 2017-11-26 03:21 - 001474680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
    2017-12-06 11:08 - 2017-11-26 03:02 - 001124760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContentDeliveryManager.Utilities.dll
    2017-12-06 11:08 - 2017-11-26 03:01 - 002339296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
    2017-12-06 11:08 - 2017-11-26 03:01 - 000791960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
    2017-12-06 11:08 - 2017-11-26 03:01 - 000746904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Services.TargetedContent.dll
    2017-12-06 11:08 - 2017-11-26 03:01 - 000590944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
    2017-12-06 11:08 - 2017-11-26 03:01 - 000506256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Perception.Stub.dll
    2017-12-06 11:08 - 2017-11-26 03:01 - 000354200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostCommon.dll
    2017-12-06 11:08 - 2017-11-26 03:00 - 001990160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2017-12-06 11:08 - 2017-11-26 03:00 - 000353848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
    2017-12-06 11:08 - 2017-11-26 02:59 - 000703568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
    2017-12-06 11:08 - 2017-11-26 02:58 - 001148216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
    2017-12-06 11:08 - 2017-11-26 02:58 - 001057824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
    2017-12-06 11:08 - 2017-11-26 02:57 - 001490840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
    2017-12-06 11:08 - 2017-11-26 02:51 - 001558856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
    2017-12-06 11:08 - 2017-11-26 02:51 - 000661664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2017-12-06 11:08 - 2017-11-26 02:41 - 002393600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcGenral.dll
    2017-12-06 11:08 - 2017-11-26 02:41 - 001470976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
    2017-12-06 11:08 - 2017-11-26 02:41 - 000372224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcLayers.dll
    2017-12-06 11:08 - 2017-11-26 02:41 - 000133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
    2017-12-06 11:08 - 2017-11-26 02:41 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
    2017-12-06 11:08 - 2017-11-26 02:40 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\smartscreenps.dll
    2017-12-06 11:08 - 2017-11-26 02:38 - 000271872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SpatializerApo.dll
    2017-12-06 11:08 - 2017-11-26 02:37 - 000098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
    2017-12-06 11:08 - 2017-11-26 02:36 - 013703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
    2017-12-06 11:08 - 2017-11-26 02:36 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActivationManager.dll
    2017-12-06 11:08 - 2017-11-26 02:36 - 000351232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DictationManager.dll
    2017-12-06 11:08 - 2017-11-26 02:36 - 000315392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
    2017-12-06 11:08 - 2017-11-26 02:35 - 000557056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9on12.dll
    2017-12-06 11:08 - 2017-11-26 02:35 - 000293888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WwaApi.dll
    2017-12-06 11:08 - 2017-11-26 02:35 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
    2017-12-06 11:08 - 2017-11-26 02:35 - 000242176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExecModelClient.dll
    2017-12-06 11:08 - 2017-11-26 02:32 - 011923456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-12-06 11:08 - 2017-11-26 02:31 - 000660480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
    2017-12-06 11:08 - 2017-11-26 02:31 - 000456704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppBroker.dll
    2017-12-06 11:08 - 2017-11-26 02:30 - 004385280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2017-12-06 11:08 - 2017-11-26 02:30 - 002859520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
    2017-12-06 11:08 - 2017-11-26 02:29 - 000823808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2017-12-06 11:08 - 2017-11-26 02:28 - 004249600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
    2017-12-06 11:08 - 2017-11-26 02:24 - 000614912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
    2017-12-06 11:08 - 2017-11-26 02:24 - 000068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\acppage.dll
    2017-12-06 11:08 - 2017-11-18 23:35 - 003331520 _____ C:\Windows\System32\Windows.Mirage.dll
    2017-12-06 11:08 - 2017-11-18 18:20 - 002491112 _____ C:\Windows\SysWOW64\Windows.Mirage.dll
    2017-12-05 10:07 - 2017-12-05 10:07 - 000452194 _____ C:\Users\jbcon\Downloads\JB Constant - Portfolioupde (2).pdf
    2017-12-05 10:01 - 2017-12-05 10:01 - 000202962 _____ C:\Users\jbcon\Downloads\Customer-Centric Selling - JBC Approach.pdf
    2017-12-05 08:55 - 2017-12-05 08:55 - 000202962 _____ C:\Users\jbcon\Downloads\Customer-Centric Selling - JBC Approach (2).pdf
    2017-12-05 06:06 - 2017-12-07 19:49 - 000000000 ____D C:\Users\jbcon\AppData\Local\NETGEARGenie
    2017-12-05 06:05 - 2017-12-05 06:05 - 046426448 _____ (NETGEAR Inc.) C:\Users\jbcon\Downloads\NETGEARGenie-install.exe
    2017-12-05 06:05 - 2017-12-05 06:05 - 000369168 _____ (CACE Technologies, Inc.) C:\Windows\System32\wpcap.dll
    2017-12-05 06:05 - 2017-12-05 06:05 - 000281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
    2017-12-05 06:05 - 2017-12-05 06:05 - 000106000 _____ (CACE Technologies, Inc.) C:\Windows\System32\packet.dll
    2017-12-05 06:05 - 2017-12-05 06:05 - 000096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll
    2017-12-05 06:05 - 2017-12-05 06:05 - 000035344 _____ (CACE Technologies, Inc.) C:\Windows\System32\Drivers\npf.sys
    2017-12-05 06:00 - 2017-12-05 06:00 - 014810874 _____ C:\Users\jbcon\Downloads\EX7300_EX6400-V1.0.1.60.zip
    2017-12-05 00:59 - 2017-12-05 00:59 - 000200902 _____ C:\Users\jbcon\Downloads\Designer Greens Banner Pix 2.pdf
    2017-12-05 00:58 - 2017-12-05 00:58 - 000213495 _____ C:\Users\jbcon\Downloads\Designer Greens Banner Pix 1.pdf
    2017-12-04 13:18 - 2017-12-04 13:18 - 000440866 _____ C:\Users\jbcon\Downloads\JB Constant - Portfolioupd.pdf
    2017-12-02 11:49 - 2017-12-02 11:49 - 001415390 _____ C:\Users\jbcon\Downloads\Expense Reimb Receipts-JB Constant (1).pdf
    2017-12-02 11:48 - 2017-12-02 11:48 - 000039936 _____ C:\Users\jbcon\Downloads\Neal Analytics Expenses Reimb to JB Constant (1).xls
    2017-12-02 09:24 - 2017-12-02 09:25 - 000791331 _____ C:\Users\jbcon\Downloads\Analytics Roadmap.pptx
    2017-12-01 11:10 - 2017-12-01 11:10 - 000039936 _____ C:\Users\jbcon\Downloads\Neal Analytics Expenses Reimb to JB Constant.xls
    2017-12-01 11:09 - 2017-12-01 11:09 - 001400513 _____ C:\Users\jbcon\Downloads\Expense Reimb Receipts-JB Constant.pdf
    2017-12-01 10:33 - 2017-12-01 10:33 - 000025763 _____ C:\Users\jbcon\Downloads\Bally Sequence of Events v5[1].xlsx
    2017-12-01 05:07 - 2017-12-01 05:07 - 001475249 _____ C:\Users\jbcon\Downloads\EXL Expense Receipts for Reimb -JB Constant (1).pdf
    2017-12-01 05:07 - 2017-12-01 05:07 - 000039936 _____ C:\Users\jbcon\Downloads\EXL Expenses Reimb to JB Constant (1).xls
    2017-12-01 05:06 - 2017-12-01 05:06 - 000039936 _____ C:\Users\jbcon\Downloads\EXL Expenses Reimb to JB Constant.xls
    2017-12-01 05:00 - 2017-12-01 05:00 - 000039936 _____ C:\Users\jbcon\Downloads\EXL Expenses Reimb to JB Constant.xls
    2017-12-01 04:59 - 2017-12-01 04:59 - 001475249 _____ C:\Users\jbcon\Downloads\EXL Expense Receipts for Reimb -JB Constant.pdf
    2017-12-01 03:58 - 2017-12-01 03:58 - 000235804 _____ C:\Users\jbcon\Downloads\receipt (1).pdf
    2017-12-01 02:02 - 2017-12-01 02:02 - 000039424 _____ C:\Users\jbcon\Downloads\Indegene Expenses Reimb to JB Constant.xls
    2017-11-30 21:33 - 2017-11-30 21:33 - 000067711 _____ C:\Users\jbcon\Downloads\FOLIODETE_20171130055055 (1).pdf
    2017-11-30 20:53 - 2017-11-30 20:53 - 000235804 _____ C:\Users\jbcon\Downloads\receipt.pdf
    2017-11-30 04:01 - 2017-11-30 04:01 - 000067711 _____ C:\Users\jbcon\Downloads\FOLIODETE_20171130055055.pdf
    2017-11-30 02:44 - 2017-11-30 02:44 - 000067829 _____ C:\Users\jbcon\Downloads\FOLIODETE_20171129005643.pdf
    2017-11-29 20:32 - 2017-11-29 20:32 - 000060634 _____ C:\Users\jbcon\Downloads\FOLIODETE_20171129071819.pdf
    2017-11-27 13:03 - 2017-11-27 13:03 - 000065096 _____ (Adobe Systems Inc) C:\Windows\System32\AdobePDF.dll
    2017-11-27 13:03 - 2017-11-27 13:03 - 000035912 _____ (Adobe Systems Inc.) C:\Windows\System32\AdobePDFUI.dll
    2017-11-27 04:54 - 2017-11-27 04:54 - 000202962 _____ C:\Users\jbcon\Downloads\Customer-Centric Selling - JBC Approach (1).pdf
    2017-11-27 04:25 - 2017-11-27 04:25 - 000202962 _____ C:\Users\jbcon\Downloads\Customer-Centric Selling - JBC Approach.pdf
    2017-11-27 04:07 - 2017-11-27 04:07 - 000440873 _____ C:\Users\jbcon\Downloads\JB Constant - Portfolioupde (1).pdf
    2017-11-26 18:59 - 2017-11-26 18:59 - 001546451 _____ C:\Users\jbcon\Downloads\Timbercreek High School Advertising Space SPECIAL (1).pdf
    2017-11-26 12:48 - 2017-11-26 12:48 - 000452194 _____ C:\Users\jbcon\Downloads\JB Constant - Portfolioupde.pdf
    2017-11-26 11:56 - 2017-11-26 11:56 - 005867715 _____ C:\Users\jbcon\Downloads\Exhibit A_Employment Agreement (1).pdf
    2017-11-26 11:41 - 2017-11-26 11:41 - 000995318 _____ C:\Users\jbcon\Downloads\Ltr to Donna Ballman (2).pdf
    2017-11-26 11:38 - 2017-11-26 11:38 - 000223962 _____ C:\Users\jbcon\Downloads\2017_11_22_Bernard-Constant_Ltr to Atty Ballman in response to her letter received 11-20-2017 (1).pdf
    2017-11-26 03:36 - 2017-11-26 03:36 - 000223962 _____ C:\Users\jbcon\Downloads\2017_11_22_Bernard-Constant_Ltr to Atty Ballman in response to her letter received 11-20-2017.pdf
    2017-11-23 08:13 - 2017-11-23 08:13 - 000012894 _____ C:\Users\jbcon\Downloads\Christmas 2017 (1).pdf
    2017-11-21 12:02 - 2017-12-14 06:17 - 000000000 ____D C:\Users\jbcon\AppData\LocalLow\WebEx
    2017-11-21 12:02 - 2017-12-14 06:17 - 000000000 ____D C:\ProgramData\WebEx
    2017-11-21 12:02 - 2017-11-21 12:44 - 000000000 ____D C:\Users\jbcon\AppData\Roaming\webex
    2017-11-21 12:02 - 2017-11-21 12:02 - 000000000 __SHD C:\Users\jbcon\Documents\cache
    2017-11-21 12:02 - 2017-11-21 12:02 - 000000000 ____D C:\Users\jbcon\AppData\Roaming\Mozilla
    2017-11-21 12:02 - 2017-11-21 12:02 - 000000000 ____D C:\Users\jbcon\AppData\Local\WebEx
    2017-11-21 12:01 - 2017-11-21 12:01 - 001063952 _____ (Cisco WebEx LLC) C:\Users\jbcon\Downloads\Cisco_WebEx_Add-On.exe
    2017-11-20 19:57 - 2017-11-20 19:57 - 000184768 _____ C:\Users\jbcon\Downloads\December 2017.pdf
    2017-11-20 19:57 - 2017-11-20 19:57 - 000012894 _____ C:\Users\jbcon\Downloads\Christmas 2017.pdf
    2017-11-20 19:51 - 2017-11-20 19:51 - 000036864 _____ C:\Users\jbcon\Downloads\December 2017.xls
    2017-11-20 15:47 - 2017-11-20 15:47 - 000493937 _____ C:\Users\jbcon\Downloads\Timbercreek High School Advertising Space SPECIAL.pdf
    2017-11-20 15:02 - 2017-11-20 15:02 - 000056553 _____ C:\Users\jbcon\Downloads\receipts (3).pdf
    2017-11-20 02:19 - 2017-11-20 02:19 - 000005918 _____ C:\Windows\System32\Drivers\RTAIODAT.DAT
    2017-11-20 02:18 - 2017-11-20 02:19 - 000378384 _____ (Dolby Laboratories) C:\Windows\System32\HiFiDAX2API.dll
    2017-11-20 02:18 - 2017-11-20 02:18 - 001159176 _____ (Dolby Laboratories) C:\Windows\System32\DolbyDAX2APOProp.dll
    2017-11-20 02:17 - 2017-11-20 02:17 - 000192976 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll
    2017-11-20 02:16 - 2017-11-20 02:17 - 001347144 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
    2017-11-20 02:14 - 2017-11-20 02:16 - 003509200 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
    2017-11-20 02:12 - 2017-11-20 02:14 - 003205120 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
    2017-11-20 02:07 - 2017-11-20 02:08 - 000237656 _____ (Intel(R) Corporation) C:\Windows\System32\Drivers\IntcAudioBus.sys
    ==================== One Month Modified files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2017-12-19 01:22 - 2017-11-13 01:30 - 000000000 ____D C:\Users\jbcon\Documents\Outlook Files
    2017-12-19 01:22 - 2017-11-10 16:02 - 000000000 ____D C:\Users\jbcon\AppData\Local\ClassicShell
    2017-12-19 01:22 - 2017-11-10 12:36 - 000000000 ___RD C:\Users\jbcon\OneDrive
    2017-12-19 01:01 - 2017-11-12 12:10 - 000000000 ____D C:\Windows\System32\SleepStudy
    2017-12-18 21:31 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\DeliveryOptimization
    2017-12-18 21:30 - 2017-09-29 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
    2017-12-18 21:30 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\AppReadiness
    2017-12-18 20:29 - 2017-11-12 12:15 - 000004168 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5FF99640-E69E-4A94-8575-2F8B804B68B4}
    2017-12-18 11:37 - 2017-11-12 12:15 - 000003378 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1539859279-3168068175-3693021489-1001
    2017-12-18 11:17 - 2017-11-12 04:30 - 000000000 ____D C:\Users\jbcon\AppData\Local\ElevatedDiagnostics
    2017-12-18 11:17 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\rescache
    2017-12-18 08:49 - 2017-11-12 12:12 - 000000000 ____D C:\Users\jbcon\AppData\Local\Packages
    2017-12-18 08:43 - 2017-11-12 12:11 - 000000000 ____D C:\users\jbcon
    2017-12-17 10:45 - 2017-11-12 12:20 - 002783644 _____ C:\Windows\System32\PerfStringBackup.INI
    2017-12-17 10:41 - 2017-11-12 12:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2017-12-17 10:40 - 2017-11-10 15:06 - 000041448 _____ C:\Windows\System32\OV7251_FRONT.aiqd
    2017-12-17 10:40 - 2017-11-10 15:06 - 000041448 _____ C:\Windows\System32\OV5693_FRONT.aiqd
    2017-12-17 10:40 - 2017-09-29 00:45 - 000786432 _____ C:\Windows\System32\config\BBI
    2017-12-17 06:59 - 2017-11-12 12:10 - 000396560 _____ C:\Windows\System32\FNTCACHE.DAT
    2017-12-17 05:05 - 2017-11-12 05:02 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
    2017-12-17 05:03 - 2017-11-10 19:13 - 000000000 ____D C:\Users\jbcon\AppData\LocalLow\Adobe
    2017-12-17 04:11 - 2017-11-10 19:13 - 000000000 ____D C:\ProgramData\Adobe
    2017-12-17 04:03 - 2017-09-29 05:44 - 000000000 ____D C:\Windows\INF
    2017-12-17 03:49 - 2017-11-12 10:20 - 000000000 ____D C:\Windows\System32\appmgmt
    2017-12-16 16:30 - 2017-09-29 00:45 - 024641536 _____ C:\Windows\System32\config\HARDWARE
    2017-12-15 22:12 - 2017-09-29 05:37 - 000000000 ____D C:\Windows\CbsTemp
    2017-12-14 18:05 - 2017-09-29 05:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-12-14 18:03 - 2017-06-19 17:12 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2017-12-13 04:39 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\LiveKernelReports
    2017-12-13 03:46 - 2017-11-10 16:59 - 000000000 ___RD C:\Users\jbcon\3D Objects
    2017-12-13 03:46 - 2017-06-19 17:25 - 000000000 __RHD C:\Users\Public\AccountPictures
    2017-12-13 03:45 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\TextInput
    2017-12-13 03:45 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\SysWOW64\Dism
    2017-12-13 03:45 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\oobe
    2017-12-13 03:45 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\appraiser
    2017-12-13 03:45 - 2017-09-29 00:45 - 000000000 ____D C:\Windows\System32\Dism
    2017-12-12 05:01 - 2017-11-12 12:15 - 000089518 _____ C:\Windows\diagwrn.xml
    2017-12-12 05:01 - 2017-11-12 12:15 - 000044417 _____ C:\Windows\diagerr.xml
    2017-12-11 02:45 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
    2017-12-11 02:45 - 2017-03-18 13:03 - 000000000 ___HD C:\Windows\System32\GroupPolicy
    2017-12-08 19:46 - 2017-10-21 23:09 - 000000000 ____D C:\Intel
    2017-12-08 13:22 - 2017-11-12 12:11 - 000144656 _____ (Khronos Group) C:\Windows\System32\OpenCL.DLL
    2017-12-08 13:22 - 2017-09-29 06:42 - 000122008 _____ (Khronos Group) C:\Windows\SysWOW64\opencl.dll
    2017-12-08 13:22 - 2017-08-01 18:22 - 000144656 _____ (Khronos Group) C:\Windows\System32\Intel_OpenCL_ICD64.dll
    2017-12-08 13:22 - 2017-08-01 18:22 - 000122008 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
    2017-12-08 10:01 - 2017-07-31 20:39 - 000756652 _____ C:\Windows\System32\cp_resources.bin
    2017-12-08 02:17 - 2017-11-10 20:10 - 000206496 _____ (Intel Corporation) C:\Windows\System32\Drivers\TeeDriverW8x64.sys
    2017-12-08 01:28 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\Help
    2017-12-07 20:11 - 2017-11-12 12:15 - 000000000 ____D C:\Windows\System32\Tasks\System
    2017-12-07 20:01 - 2017-11-10 15:06 - 000000000 ____D C:\Windows\Firmware
    2017-12-07 19:50 - 2017-11-11 09:53 - 000000000 ____D C:\Program Files (x86)\Beats by Dr. Dre
    2017-12-07 18:26 - 2017-11-10 12:48 - 000002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-12-06 12:35 - 2017-09-29 06:42 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
    2017-12-06 12:35 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
    2017-12-06 12:35 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\WinMetadata
    2017-12-06 12:35 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\ShellExperiences
    2017-12-06 12:35 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\Provisioning
    2017-12-06 12:35 - 2017-09-29 05:46 - 000000000 ____D C:\Program Files\Windows Defender
    2017-12-06 12:35 - 2017-09-29 05:46 - 000000000 ____D C:\PerfLogs
    2017-12-06 11:09 - 2017-09-29 05:42 - 001587200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2017-12-06 11:09 - 2017-09-29 05:41 - 001856000 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2017-12-06 11:09 - 2017-09-29 05:41 - 000139672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2017-12-06 11:09 - 2017-09-29 05:41 - 000028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
    2017-12-05 07:30 - 2017-11-10 12:34 - 000000000 ____D C:\Users\jbcon\AppData\Local\VirtualStore
    2017-12-03 14:38 - 2017-09-29 05:49 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-12-03 14:38 - 2017-09-29 05:49 - 000177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-11-30 03:07 - 2017-11-10 12:36 - 000000000 ____D C:\Users\jbcon\AppData\Local\Comms
    2017-11-26 04:32 - 2017-11-12 15:09 - 000000000 ____D C:\Windows.old
    2017-11-21 04:15 - 2017-11-10 15:09 - 000545440 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2017-11-20 15:41 - 2017-11-10 19:58 - 000000000 ____D C:\Users\jbcon\AppData\Roaming\Epson
    2017-11-20 02:18 - 2017-11-12 10:01 - 002444680 _____ (Dolby Laboratories) C:\Windows\System32\DolbyDAX2APOv201.dll
    2017-11-20 02:12 - 2017-11-12 10:01 - 003517496 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RltkAPO64.dll
    2017-11-20 02:11 - 2017-11-12 10:01 - 005911528 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
    2017-11-19 16:47 - 2017-11-10 15:08 - 000000000 ____D C:\Windows\System32\MRT
    2017-11-19 16:45 - 2017-11-10 15:08 - 127017032 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
    2017-11-19 16:45 - 2017-11-10 15:08 - 127017032 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
    Some files in TEMP:
    ====================
    2017-12-11 20:15 - 2017-12-11 20:15 - 002392064 _____ (Farbar) C:\Users\jbcon\AppData\Local\Temp\14F0.tmp.exe
    2017-12-14 01:59 - 2017-12-14 01:59 - 002392064 _____ (Farbar) C:\Users\jbcon\AppData\Local\Temp\1719.tmp.exe
    2017-12-11 20:40 - 2017-12-11 20:40 - 002392064 _____ (Farbar) C:\Users\jbcon\AppData\Local\Temp\7BBD.tmp.exe
    2017-12-11 20:22 - 2017-12-11 20:22 - 002392064 _____ (Farbar) C:\Users\jbcon\AppData\Local\Temp\830E.tmp.exe
    2017-12-11 20:16 - 2017-12-11 20:16 - 002392064 _____ (Farbar) C:\Users\jbcon\AppData\Local\Temp\AAB7.tmp.exe
    2017-12-14 01:57 - 2017-12-14 01:57 - 002392064 _____ (Farbar) C:\Users\jbcon\AppData\Local\Temp\B4FD.tmp.exe
    2017-12-11 02:24 - 2017-12-11 02:24 - 018617536 _____ (Microsoft Corporation) C:\Users\jbcon\AppData\Local\Temp\B90D.tmp.exe
    2017-12-14 02:00 - 2017-12-14 02:00 - 002392064 _____ (Farbar) C:\Users\jbcon\AppData\Local\Temp\C078.tmp.exe
    2017-12-17 09:23 - 2017-10-24 20:37 - 001954048 _____ (Microsoft Corporation) C:\Users\jbcon\AppData\Local\Temp\dllnt_dump.dll
    2017-12-14 01:58 - 2017-12-14 01:58 - 002392064 _____ (Farbar) C:\Users\jbcon\AppData\Local\Temp\EEB6.tmp.exe
    2017-12-11 20:16 - 2017-12-11 20:16 - 002392064 _____ (Farbar) C:\Users\jbcon\AppData\Local\Temp\F09A.tmp.exe
    2017-12-13 03:53 - 2017-12-13 03:53 - 083316440 _____ (Malwarebytes ) C:\Users\jbcon\AppData\Local\Temp\mb3-setup-1878.1878-3.3.1.2183 (1).exe
    2017-12-13 04:45 - 2017-12-13 04:01 - 083316440 _____ (Malwarebytes ) C:\Users\jbcon\AppData\Local\Temp\mbam-setup.exe
    ==================== Known DLLs (Whitelisted) =========================
    ==================== Bamital & volsnap ======================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe
    [2017-12-12 10:40] - [2017-12-07 15:27] - 003903784 _____ (Microsoft Corporation) 2B41096DED5180E1FE733DFC652D1AFF
    C:\Windows\SysWOW64\explorer.exe
    [2017-12-12 10:40] - [2017-12-07 14:34] - 003484840 _____ (Microsoft Corporation) 3F7DFCC49334A83CF9CA1213A70CBC9E
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll
    [2017-12-12 10:40] - [2017-12-07 15:34] - 001634288 _____ (Microsoft Corporation) 0370364D4D8846B6CF316ABBB2EDB083
    C:\Windows\SysWOW64\User32.dll
    [2017-12-12 10:40] - [2017-12-07 14:56] - 001528904 _____ (Microsoft Corporation) 5D41A00F6ED104C9639D5CBF0D38A1D6
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\dnsapi.dll => MD5 is legit
    C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys
    [2017-12-12 10:40] - [2017-12-07 15:12] - 000401304 _____ (Microsoft Corporation) 5B27846CF4B1C21AFB3A35A8336BA02F
    ==================== Association (Whitelisted) =============
    ==================== Restore Points =========================
    Restore point date: 2017-12-12 08:25
    Restore point date: 2017-12-15 22:12
    Restore point date: 2017-12-17 03:49
    Restore point date: 2017-12-18 21:30
    ==================== Memory info ===========================
    Percentage of memory in use: 6%
    Total physical RAM: 16309.11 MB
    Available physical RAM: 15291.11 MB
    Total Virtual: 16309.11 MB
    Available Virtual: 15329.79 MB
    ==================== Drives ================================
    Drive c: (Local Disk) (Fixed) (Total:475.69 GB) (Free:400.41 GB) NTFS
    Drive d: () (Removable) (Total:31.99 GB) (Free:31.99 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Size: 476.9 GB) (Disk ID: F6FAD0E3)
    Partition: GPT.
    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 115.7 GB) (Disk ID: 5757ED1D)
    Partition 1: (Not Active) - (Size=32 GB) - (Type=0C)
    LastRegBack: 2017-12-12 14:42
    ==================== End of FRST.txt ============================

    Please advise of next steps for full cleaning of this machine.
    Thanks.
     
    Last edited: Dec 19, 2017
  4. broni

    broni Malware Annihilator Techie7 Moderator Head Security

Thread Status:
Not open for further replies.