Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

What once was, is again.... [Closed]

Started by Leefpile , Apr 30 2016 01:54 AM

This topic is locked

#1
Leefpile

Posted 30 April 2016 - 01:54 AM

New Member

Member
8 posts

I had been having issues with my laptop for a long time, and decided to build a desktop to move my files and programs to. We build it out, it's running great, getting my programming for work done quickly, but then things start to bog down over time, the desktop is now infected also. After digging into both machines it turns out that my Google account was infected and by logging in it would continuously infect whatever PC... from add-on's?... from extensions? I don't know...

I've been trying to get FRST, ADWCleaner, MBAM, GMER, MBAR, HJT, fileASSASSIN, JRT, rkill, etc. (and I suppose Windows Defender as well) to clean up this machine, to minimal luck..

I have dug through pages of scripts in Chrome, IE and Edge to try and track things down, with screenshots and copied code...

I have tried to pinpoint apps that have been infected, with plenty of thoughts available....

I've got TONS logs from most of them. I just redownloaded FRST and ran it in Safe Mode w/ Net (w/o optionals), and normal (w/ optionals) to get some variables to generate.

I'm at the point where I've spent weeks trying to do this on my own, had minimal to no luck and could use some help, please.

Sooooo... where should we start?

#2
Essexboy

Posted 30 April 2016 - 05:12 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi could you post the normal run FRST logs please

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Select additions at the bottom
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please attach both logs generated.

#3
Leefpile

Posted 02 May 2016 - 02:15 AM

New Member

Topic Starter
Member
8 posts

I wonder who the two guests are that are viewing this currently...

#4
Leefpile

Posted 02 May 2016 - 02:15 AM

New Member

Topic Starter
Member
8 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-05-2016
Ran by AE Office (administrator) on DESKTOP-5CPLEM7 (02-05-2016 01:11:55)
Running from C:\Users\AE Office\Desktop
Loaded Profiles: AE Office (Available Profiles: AE Office)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(D-Tools, Inc.) C:\Program Files (x86)\D-Tools\SIX\Server\SIServices.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.DTOOLSSIX\MSSQL\Binn\sqlservr.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\msoia.exe
(Sysinternals - www.sysinternals.com) C:\Users\AE Office\Downloads\ProcessExplorer\procexp.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Sysinternals - www.sysinternals.com) C:\Windows\Temp\PROCEXP64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-10-15] (Realtek Semiconductor)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.29.1
Tcpip\..\Interfaces\{3e33ef35-955b-4415-bda0-3542425f741a}: [DhcpNameServer] 192.168.29.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-712566120-1319213845-3578928782-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-04-03] (Microsoft Corporation)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-04-03] (Microsoft Corporation)
Handler: mk - i3|'eajo8tds)n#mkq/ti/!+zuV_+zskq - No File

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-04-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-04-03] (Microsoft Corporation)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2838768 2016-04-03] (Microsoft Corporation)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [621472 2016-03-22] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-27] (Dropbox, Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2016-03-22] (Intel Corporation)
S4 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [452096 2015-09-16] (Rivet Networks) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [740832 2016-01-29] (Malwarebytes Corporation)
R2 MSSQL$DTOOLSSIX; c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.DTOOLSSIX\MSSQL\Binn\sqlservr.exe [160768 2012-12-29] (Microsoft Corporation)
S3 ose64; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [242720 2016-04-02] (Microsoft Corporation) [File not signed]
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [89368 2016-04-13] (Reason Software Company Inc.)
R2 SIServices.exe; C:\Program Files (x86)\D-Tools\SIX\Server\SIServices.exe [53096 2016-03-22] (D-Tools, Inc.)
S4 SQLAgent$DTOOLSSIX; c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.DTOOLSSIX\MSSQL\Binn\SQLAGENT.EXE [448488 2012-12-29] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-01-29] ()
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [83768 2016-01-23] (Windows ® Win 7 DDK provider)
R3 iaLPSS2_UART2; C:\Windows\System32\drivers\iaLPSS2_UART2.sys [281400 2016-01-23] (Intel Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e24w10x64.sys [158264 2015-09-10] (Qualcomm Atheros, Inc.)
S3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [204032 2016-01-19] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 ipadtst; \??\C:\Program Files (x86)\MSI\Super Charger\ipadtst_64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-02 01:11 - 2016-05-02 01:12 - 00011440 _____ C:\Users\AE Office\Desktop\FRST.txt
2016-05-02 00:39 - 2016-05-02 00:39 - 00062338 _____ C:\Users\AE Office\Desktop\OlderVersionSafeNetUserFRST.txt
2016-05-02 00:39 - 2016-05-02 00:39 - 00026203 _____ C:\Users\AE Office\Desktop\OlderVersionSafeNetUserAddition.txt
2016-05-02 00:21 - 2016-05-02 00:21 - 00000032 _____ C:\Users\AE Office\Desktop\Whaaaaat.txt
2016-05-01 23:20 - 2016-05-02 00:36 - 00000000 ____D C:\Users\AE Office\Desktop\FRST-OlderVersion
2016-05-01 23:19 - 2016-05-01 23:20 - 00001590 _____ C:\Users\AE Office\Desktop\IECrashAfterTextReset.txt
2016-04-30 00:38 - 2016-05-02 00:43 - 00062700 _____ C:\Users\AE Office\Desktop\5Addition (2).txt
2016-04-30 00:38 - 2016-05-02 00:42 - 00062413 _____ C:\Users\AE Office\Desktop\3FRST.txt
2016-04-30 00:38 - 2016-04-30 00:39 - 00029028 _____ C:\Users\AE Office\Desktop\Shortcut.txt
2016-04-30 00:32 - 2016-05-02 00:43 - 00026167 _____ C:\Users\AE Office\Desktop\5Addition (1).txt
2016-04-30 00:32 - 2016-04-30 00:39 - 00025274 _____ C:\Users\AE Office\Desktop\3Addition.txt
2016-04-30 00:32 - 2016-04-30 00:32 - 00025274 _____ C:\Users\AE Office\Desktop\Additio2n.txt
2016-04-30 00:31 - 2016-04-30 00:38 - 00181858 _____ C:\Users\AE Office\Desktop\FRS2T.txt
2016-04-30 00:23 - 2016-04-30 00:23 - 02376704 _____ (Farbar) C:\Users\AE Office\Downloads\FRST64 (2).exe
2016-04-30 00:22 - 2016-04-30 00:22 - 02376704 _____ (Farbar) C:\Users\AE Office\Downloads\FRST64 (1).exe
2016-04-30 00:19 - 2016-04-30 00:19 - 02376704 _____ (Farbar) C:\Users\AE Office\Downloads\FRST64.exe
2016-04-29 23:35 - 2016-04-29 23:35 - 00023191 _____ C:\Users\AE Office\Desktop\Additio1n.txt
2016-04-29 23:34 - 2016-04-29 23:35 - 00061344 _____ C:\Users\AE Office\Desktop\FRS1T.txt
2016-04-29 23:33 - 2016-05-01 23:20 - 02377216 _____ (Farbar) C:\Users\AE Office\Desktop\FRST64.exe
2016-04-29 21:11 - 2016-04-29 21:11 - 00000000 ____D C:\WINDOWS\Downloaded Program Files
2016-04-29 21:02 - 2016-04-29 21:02 - 00042168 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2016-04-29 20:59 - 2016-04-29 20:59 - 00003418 _____ C:\WINDOWS\System32\Tasks\Process Explorer-DESKTOP-5CPLEM7-AE Office
2016-04-29 20:59 - 2016-04-29 20:59 - 00000000 ____D C:\Users\AE Office\Downloads\ProcessExplorer
2016-04-29 20:58 - 2016-04-29 20:58 - 01270466 _____ C:\Users\AE Office\Downloads\ProcessExplorer.zip
2016-04-29 00:37 - 2016-04-29 00:37 - 00185300 _____ C:\WINDOWS\Minidump\042916-4125-01.dmp
2016-04-28 17:20 - 2016-04-28 17:20 - 00793425 _____ C:\Users\AE Office\Downloads\screen.pdf
2016-04-28 16:50 - 2016-04-28 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-28 16:48 - 2016-04-28 16:49 - 71459224 _____ (Dropbox, Inc.) C:\Users\AE Office\Downloads\Dropbox 3.18.1 Offline Installer.exe
2016-04-28 01:24 - 2016-04-28 01:25 - 00024064 __RSH C:\Users\AE Office\Desktop\Thumbs.db
2016-04-27 22:25 - 2016-04-27 22:25 - 00113711 _____ C:\Users\AE Office\Downloads\cports-x64 (1).zip
2016-04-27 22:25 - 2016-04-27 22:25 - 00087612 _____ C:\Users\AE Office\Downloads\cports.zip
2016-04-27 22:22 - 2016-04-27 22:22 - 00113711 _____ C:\Users\AE Office\Downloads\cports-x64.zip
2016-04-27 22:22 - 2016-04-27 22:22 - 00000000 ____D C:\Users\AE Office\Downloads\cports-x64
2016-04-27 21:40 - 2016-04-27 21:46 - 02725330 _____ C:\Users\AE Office\Downloads\618729-Rev C_selected-pages.pdf
2016-04-27 20:48 - 2016-04-27 20:49 - 32289791 _____ C:\Users\AE Office\Downloads\618729-rev-c.pdf
2016-04-27 13:54 - 2016-04-27 13:54 - 07092224 _____ (Remote Technologies Inc.) C:\Users\AE Office\Downloads\Automated Environments' KX7 Preview.exe
2016-04-27 13:52 - 2016-04-27 13:53 - 00690072 _____ (Dropbox, Inc.) C:\Users\AE Office\Downloads\DropboxInstaller (2).exe
2016-04-27 11:07 - 2016-04-27 11:07 - 00354108 _____ C:\Users\AE Office\Desktop\13609491381_rcvm234_2016042115121700.wav
2016-04-26 01:13 - 2016-04-26 01:25 - 00003646 _____ C:\WINDOWS\System32\Tasks\ReasonSecurityScheduledScan
2016-04-26 01:13 - 2016-04-26 01:13 - 00003518 _____ C:\WINDOWS\System32\Tasks\ReasonSecurityStart
2016-04-26 01:13 - 2016-04-26 01:13 - 00000000 ____D C:\ProgramData\Reason
2016-04-26 01:13 - 2016-04-26 01:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2016-04-26 01:12 - 2016-04-26 01:12 - 00000000 ____D C:\Program Files\Reason
2016-04-26 01:11 - 2016-04-26 01:12 - 03919376 _____ (Reason Software Company Inc.) C:\Users\AE Office\Downloads\reason-core-security-setup (1).exe
2016-04-26 01:09 - 2016-04-26 01:11 - 03919376 _____ (Reason Software Company Inc.) C:\Users\AE Office\Downloads\reason-core-security-setup.exe
2016-04-25 21:28 - 2016-04-25 21:28 - 00000278 _____ C:\Users\AE Office\Downloads\Svo_43716_TimeEntries.csv
2016-04-25 02:41 - 2016-04-25 02:42 - 05198336 _____ (AVAST Software) C:\Users\AE Office\Downloads\aswMBR.exe
2016-04-25 02:16 - 2016-04-25 02:16 - 00003175 _____ C:\Users\AE Office\Downloads\startuplist.txt
2016-04-25 01:43 - 2016-04-29 21:59 - 00000000 ____D C:\Users\AE Office\Downloads\backups
2016-04-25 01:39 - 2016-04-25 01:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\AE Office\Downloads\HijackThis.exe
2016-04-24 11:25 - 2016-04-24 11:25 - 00000000 ____D C:\Program Files (x86)\MSI
2016-04-24 11:24 - 2016-04-24 11:24 - 00000000 ____D C:\Users\AE
2016-04-24 10:53 - 2016-04-24 10:54 - 00690072 _____ (Dropbox, Inc.) C:\Users\AE Office\Downloads\DropboxInstaller (1).exe
2016-04-23 09:46 - 2016-05-01 22:15 - 00000000 ___RD C:\Users\AE Office\Documents\Scanned Documents
2016-04-23 09:46 - 2016-04-23 09:46 - 00000000 ____D C:\Users\AE Office\Documents\Fax
2016-04-21 22:03 - 2016-04-21 22:03 - 01610352 _____ (Malwarebytes) C:\Users\AE Office\Downloads\JRT.exe
2016-04-21 21:51 - 2016-04-21 21:51 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-04-21 21:15 - 2016-04-21 21:15 - 03683904 _____ C:\Users\AE Office\Downloads\adwcleaner_5.112.exe
2016-04-21 21:08 - 2016-04-28 23:48 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-21 21:07 - 2016-04-21 21:07 - 22851472 _____ (Malwarebytes ) C:\Users\AE Office\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-20 21:15 - 2016-04-20 21:15 - 00000000 _____ C:\WINDOWS\BRPARAM.INI
2016-04-15 02:18 - 2016-05-01 22:13 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-04-15 02:18 - 2016-04-15 02:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-04-15 02:18 - 2016-04-15 02:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-04-15 02:14 - 2016-04-21 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-15 02:14 - 2016-04-21 21:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-15 02:14 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-15 02:14 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-15 00:21 - 2016-04-15 00:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2016-04-15 00:21 - 2016-04-15 00:21 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN
2016-04-14 03:05 - 2016-04-14 03:06 - 93751896 _____ (Kaspersky Lab ZAO) C:\Users\AE Office\Downloads\KVRT.exe
2016-04-14 01:49 - 2016-04-14 01:49 - 00015237 _____ C:\Users\AE Office\Downloads\transcript (8).txt
2016-04-14 01:10 - 2016-04-14 01:10 - 00015237 _____ C:\Users\AE Office\Downloads\transcript (7).txt
2016-04-14 01:00 - 2016-04-14 01:00 - 00014308 _____ C:\Users\AE Office\Downloads\transcript (6).txt
2016-04-14 00:44 - 2016-04-14 00:44 - 00011303 _____ C:\Users\AE Office\Downloads\transcript (5).txt
2016-04-14 00:37 - 2016-04-14 00:37 - 00002040 _____ C:\Users\AE Office\Downloads\transcript (4).txt
2016-04-14 00:36 - 2016-04-14 00:36 - 00001499 _____ C:\Users\AE Office\Downloads\transcript (3).txt
2016-04-14 00:36 - 2016-04-14 00:36 - 00001388 _____ C:\Users\AE Office\Downloads\transcript (2).txt
2016-04-14 00:33 - 2016-04-14 00:33 - 00000549 _____ C:\Users\AE Office\Downloads\transcript (1).txt
2016-04-14 00:01 - 2016-04-14 00:01 - 00007750 _____ C:\Users\AE Office\Downloads\transcript.txt
2016-04-13 21:16 - 2016-04-22 00:57 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-13 20:32 - 2016-04-13 20:32 - 00222812 _____ C:\WINDOWS\Minidump\041316-3953-01.dmp
2016-04-13 20:22 - 2016-04-13 20:22 - 00205052 _____ C:\WINDOWS\Minidump\041316-3890-01.dmp
2016-04-13 19:50 - 2016-04-13 19:50 - 00000000 ____D C:\Users\AE Office\AppData\LocalLow\Intel
2016-04-12 19:31 - 2016-04-01 21:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-12 19:31 - 2016-04-01 21:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-12 19:31 - 2016-04-01 21:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-12 19:31 - 2016-04-01 20:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-12 19:31 - 2016-04-01 20:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-12 19:31 - 2016-04-01 20:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-12 19:31 - 2016-04-01 20:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-12 19:31 - 2016-04-01 20:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-12 19:31 - 2016-04-01 20:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-12 19:31 - 2016-04-01 20:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-12 19:31 - 2016-04-01 20:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-12 19:31 - 2016-04-01 20:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-12 19:31 - 2016-04-01 20:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-12 19:31 - 2016-04-01 20:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-12 19:31 - 2016-03-29 03:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-12 19:31 - 2016-03-29 03:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-12 19:31 - 2016-03-29 03:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-12 19:31 - 2016-03-29 03:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 19:31 - 2016-03-29 03:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-12 19:31 - 2016-03-29 03:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-12 19:31 - 2016-03-29 03:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-12 19:31 - 2016-03-29 03:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-12 19:31 - 2016-03-29 03:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-12 19:31 - 2016-03-29 03:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-12 19:31 - 2016-03-29 03:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-12 19:31 - 2016-03-29 03:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-12 19:31 - 2016-03-29 02:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-12 19:31 - 2016-03-29 02:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-12 19:31 - 2016-03-29 02:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-12 19:31 - 2016-03-29 02:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-12 19:31 - 2016-03-29 02:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-12 19:31 - 2016-03-29 02:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-12 19:31 - 2016-03-29 02:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-12 19:31 - 2016-03-29 02:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-12 19:31 - 2016-03-29 02:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-12 19:31 - 2016-03-29 02:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-12 19:31 - 2016-03-29 02:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-12 19:31 - 2016-03-29 02:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-12 19:31 - 2016-03-29 02:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-12 19:31 - 2016-03-29 02:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-12 19:31 - 2016-03-29 01:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-12 19:31 - 2016-03-29 01:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-12 19:31 - 2016-03-29 01:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-12 19:31 - 2016-03-29 01:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-12 19:31 - 2016-03-29 01:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-12 19:31 - 2016-03-29 01:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-12 19:31 - 2016-03-29 01:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-12 19:31 - 2016-03-29 01:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-12 19:31 - 2016-03-29 01:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-12 19:31 - 2016-03-29 01:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-12 19:31 - 2016-03-29 01:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-12 19:31 - 2016-03-29 01:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-12 19:31 - 2016-03-29 01:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-12 19:31 - 2016-03-29 01:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-12 19:31 - 2016-03-29 01:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-12 19:31 - 2016-03-29 00:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-12 19:31 - 2016-03-29 00:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-12 19:31 - 2016-03-29 00:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-12 19:31 - 2016-03-29 00:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-12 19:31 - 2016-03-29 00:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-12 19:31 - 2016-03-29 00:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-12 19:31 - 2016-03-29 00:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-12 19:31 - 2016-03-29 00:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-12 19:31 - 2016-03-29 00:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-12 19:31 - 2016-03-29 00:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-12 19:31 - 2016-03-29 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-12 19:31 - 2016-03-29 00:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-12 19:31 - 2016-03-29 00:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-12 19:31 - 2016-03-29 00:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-12 19:31 - 2016-03-29 00:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-12 19:31 - 2016-03-29 00:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-12 19:31 - 2016-03-29 00:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-12 19:31 - 2016-03-29 00:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-12 19:31 - 2016-03-29 00:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-12 19:31 - 2016-03-29 00:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-12 19:31 - 2016-03-29 00:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-12 19:31 - 2016-03-29 00:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-12 19:31 - 2016-03-29 00:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-12 19:31 - 2016-03-29 00:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-12 19:31 - 2016-03-29 00:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-12 19:31 - 2016-03-29 00:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-12 19:31 - 2016-03-29 00:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-12 19:31 - 2016-03-29 00:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-12 19:31 - 2016-03-29 00:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-12 19:31 - 2016-03-29 00:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-12 19:31 - 2016-03-29 00:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-12 19:31 - 2016-03-29 00:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-12 19:31 - 2016-03-29 00:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-12 19:31 - 2016-03-29 00:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-12 19:31 - 2016-03-29 00:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-12 19:31 - 2016-03-29 00:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-12 19:31 - 2016-03-29 00:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-12 19:31 - 2016-03-29 00:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-12 19:31 - 2016-03-29 00:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-12 19:31 - 2016-03-29 00:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-12 19:31 - 2016-03-29 00:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-12 19:31 - 2016-03-29 00:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-12 19:31 - 2016-03-29 00:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-12 19:31 - 2016-03-29 00:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-12 19:31 - 2016-03-29 00:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-12 19:31 - 2016-03-29 00:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-12 19:31 - 2016-03-29 00:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-12 19:31 - 2016-03-29 00:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-12 19:31 - 2016-03-29 00:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-12 19:31 - 2016-03-29 00:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-12 19:31 - 2016-03-29 00:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-12 19:31 - 2016-03-29 00:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-12 19:31 - 2016-03-29 00:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-12 19:31 - 2016-03-29 00:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-12 19:31 - 2016-03-29 00:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-12 19:31 - 2016-03-29 00:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-12 19:31 - 2016-03-28 23:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-12 19:31 - 2016-03-28 23:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-12 19:31 - 2016-03-28 23:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-12 19:31 - 2016-03-28 23:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-12 19:31 - 2016-03-28 23:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-12 19:31 - 2016-03-28 23:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-12 19:31 - 2016-03-28 23:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-12 19:31 - 2016-03-28 23:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-12 19:31 - 2016-03-28 23:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-12 19:31 - 2016-03-28 23:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-12 19:31 - 2016-03-28 23:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-12 19:31 - 2016-03-28 23:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-12 19:31 - 2016-03-28 23:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-12 19:31 - 2016-03-28 23:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-12 19:31 - 2016-03-28 23:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-12 19:31 - 2016-03-28 23:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-12 19:31 - 2016-03-28 23:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-12 19:31 - 2016-03-28 23:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-12 19:31 - 2016-03-28 23:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-12 19:31 - 2016-03-28 23:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-12 19:31 - 2016-03-28 23:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-12 19:31 - 2016-03-28 23:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-12 19:31 - 2016-03-28 23:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-12 19:31 - 2016-03-28 23:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-12 19:31 - 2016-03-28 23:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-12 19:31 - 2016-03-28 23:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-12 19:31 - 2016-03-28 23:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-12 19:31 - 2016-03-28 23:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-12 19:31 - 2016-03-28 23:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-12 19:31 - 2016-03-28 23:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-12 19:31 - 2016-03-28 23:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-12 19:31 - 2016-03-28 23:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-12 19:31 - 2016-03-28 23:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-12 19:31 - 2016-03-28 23:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-12 19:31 - 2016-03-28 23:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-12 19:31 - 2016-03-28 23:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-12 19:31 - 2016-03-28 23:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-12 19:31 - 2016-03-28 23:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-12 19:31 - 2016-03-28 23:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-12 19:31 - 2016-03-28 23:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-12 19:31 - 2016-03-28 23:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-12 19:31 - 2016-03-28 23:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-12 19:31 - 2016-03-28 23:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-12 19:31 - 2016-03-28 23:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-12 19:31 - 2016-03-28 23:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-12 19:31 - 2016-03-28 23:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-12 19:31 - 2016-03-28 23:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-12 19:31 - 2016-03-28 23:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-12 19:31 - 2016-03-28 23:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-12 19:31 - 2016-03-28 23:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-12 19:31 - 2016-03-28 23:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-12 19:31 - 2016-03-28 23:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-12 19:31 - 2016-03-28 23:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-12 19:31 - 2016-03-28 23:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-12 19:31 - 2016-03-28 23:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-12 19:31 - 2016-03-28 23:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-12 19:31 - 2016-03-28 23:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-12 19:31 - 2016-03-28 23:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-12 19:31 - 2016-03-28 22:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-12 19:31 - 2016-03-28 22:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-12 19:31 - 2016-03-28 22:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-12 19:31 - 2016-03-28 22:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-12 19:31 - 2016-03-28 22:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-12 19:31 - 2016-03-28 22:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-12 19:31 - 2016-03-28 22:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-12 19:31 - 2016-03-28 22:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-12 19:31 - 2016-03-28 22:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-12 19:31 - 2016-03-28 22:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-12 19:31 - 2016-03-28 22:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-12 19:31 - 2016-03-28 22:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-12 19:31 - 2016-03-28 22:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-12 19:31 - 2016-03-28 22:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-12 19:31 - 2016-03-28 22:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-12 19:31 - 2016-03-28 22:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-12 19:31 - 2016-03-28 22:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-12 19:31 - 2016-03-28 22:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-12 19:31 - 2016-03-28 22:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-12 19:31 - 2016-03-28 22:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-12 19:31 - 2016-03-28 22:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-12 19:30 - 2016-04-01 21:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-12 19:30 - 2016-04-01 20:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-12 19:30 - 2016-04-01 20:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-12 19:30 - 2016-04-01 20:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-12 19:30 - 2016-04-01 20:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-12 19:30 - 2016-04-01 20:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-12 19:30 - 2016-04-01 20:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-12 19:30 - 2016-04-01 20:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-12 19:30 - 2016-04-01 20:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-12 19:30 - 2016-03-29 03:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-12 19:30 - 2016-03-29 02:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-12 19:30 - 2016-03-29 02:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-12 19:30 - 2016-03-29 02:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-12 19:30 - 2016-03-29 02:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-12 19:30 - 2016-03-29 01:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-12 19:30 - 2016-03-29 01:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-12 19:30 - 2016-03-29 01:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-12 19:30 - 2016-03-29 01:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-12 19:30 - 2016-03-29 01:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-12 19:30 - 2016-03-29 01:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-12 19:30 - 2016-03-29 01:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-12 19:30 - 2016-03-29 01:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-12 19:30 - 2016-03-29 01:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-12 19:30 - 2016-03-29 01:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-12 19:30 - 2016-03-29 01:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-12 19:30 - 2016-03-29 00:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-12 19:30 - 2016-03-29 00:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-12 19:30 - 2016-03-29 00:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-12 19:30 - 2016-03-29 00:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-12 19:30 - 2016-03-29 00:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-12 19:30 - 2016-03-29 00:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-12 19:30 - 2016-03-29 00:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-12 19:30 - 2016-03-29 00:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-12 19:30 - 2016-03-29 00:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-12 19:30 - 2016-03-29 00:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-12 19:30 - 2016-03-29 00:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-12 19:30 - 2016-03-29 00:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-12 19:30 - 2016-03-29 00:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-12 19:30 - 2016-03-29 00:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-12 19:30 - 2016-03-29 00:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-12 19:30 - 2016-03-29 00:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-12 19:30 - 2016-03-29 00:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-12 19:30 - 2016-03-29 00:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-12 19:30 - 2016-03-29 00:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-12 19:30 - 2016-03-29 00:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-12 19:30 - 2016-03-29 00:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-12 19:30 - 2016-03-29 00:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-12 19:30 - 2016-03-29 00:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-12 19:30 - 2016-03-29 00:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-12 19:30 - 2016-03-29 00:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-12 19:30 - 2016-03-29 00:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-12 19:30 - 2016-03-29 00:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-12 19:30 - 2016-03-29 00:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-12 19:30 - 2016-03-29 00:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-12 19:30 - 2016-03-29 00:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 19:30 - 2016-03-29 00:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-12 19:30 - 2016-03-29 00:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-12 19:30 - 2016-03-29 00:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-12 19:30 - 2016-03-29 00:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-12 19:30 - 2016-03-29 00:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-12 19:30 - 2016-03-29 00:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-12 19:30 - 2016-03-29 00:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-12 19:30 - 2016-03-29 00:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-12 19:30 - 2016-03-29 00:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-12 19:30 - 2016-03-29 00:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-12 19:30 - 2016-03-29 00:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-12 19:30 - 2016-03-29 00:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-12 19:30 - 2016-03-29 00:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-12 19:30 - 2016-03-29 00:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-12 19:30 - 2016-03-29 00:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-12 19:30 - 2016-03-29 00:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-12 19:30 - 2016-03-28 23:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-12 19:30 - 2016-03-28 23:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-12 19:30 - 2016-03-28 23:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-12 19:30 - 2016-03-28 23:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-12 19:30 - 2016-03-28 23:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-12 19:30 - 2016-03-28 23:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-12 19:30 - 2016-03-28 23:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 19:30 - 2016-03-28 23:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-12 19:30 - 2016-03-28 23:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-12 19:30 - 2016-03-28 23:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-12 19:30 - 2016-03-28 23:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-12 19:30 - 2016-03-28 23:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-12 19:30 - 2016-03-28 23:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-12 19:30 - 2016-03-28 23:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-12 19:30 - 2016-03-28 23:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-12 19:30 - 2016-03-28 23:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-12 19:30 - 2016-03-28 23:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-12 19:30 - 2016-03-28 23:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-12 19:30 - 2016-03-28 22:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-12 19:30 - 2016-03-28 22:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-12 19:30 - 2016-03-28 22:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-12 19:30 - 2016-03-28 22:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-12 19:30 - 2016-03-28 22:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-12 19:30 - 2016-03-28 22:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-12 12:22 - 2016-04-12 12:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-04-11 17:58 - 2016-04-11 17:58 - 00003460 _____ C:\WINDOWS\System32\Tasks\{914A509A-83D4-44EC-A51A-CE000A227FF8}
2016-04-11 17:54 - 2016-04-11 17:54 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-04-11 17:45 - 2016-04-13 20:03 - 00002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-04-11 17:26 - 2016-04-29 00:37 - 1262888901 _____ C:\WINDOWS\MEMORY.DMP
2016-04-11 17:26 - 2016-04-29 00:37 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-11 17:26 - 2016-04-11 17:26 - 00214476 _____ C:\WINDOWS\Minidump\041116-3781-01.dmp
2016-04-10 17:23 - 2016-04-30 00:24 - 00000000 ____D C:\Users\AE Office\Desktop\Junk Removal
2016-04-10 17:15 - 2016-04-29 23:32 - 00000000 ____D C:\AdwCleaner
2016-04-10 14:04 - 2016-04-10 14:04 - 02175247 _____ C:\Users\AE Office\Downloads\308_NEST_Thermostat_Partner_Print-Ad_Cooling_US_V2_Logo_FINAL.pdf
2016-04-10 13:04 - 2016-05-02 01:11 - 00000000 ____D C:\FRST
2016-04-10 02:04 - 2016-04-28 23:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-04-10 01:13 - 2016-05-01 23:10 - 00985024 _____ C:\WINDOWS\ntbtlog.txt
2016-04-10 01:13 - 2016-05-01 23:10 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-04-10 00:33 - 2016-04-28 23:48 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-10 00:28 - 2016-04-14 02:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-05 22:04 - 2016-04-05 22:04 - 09757889 _____ C:\Users\AE Office\Downloads\Mirage_1.2.zip
2016-04-05 17:42 - 2016-04-05 18:10 - 00000000 ____D C:\Program Files (x86)\Visual Integrity
2016-04-05 01:09 - 2016-04-05 01:09 - 00159594 _____ C:\Users\AE Office\Downloads\Autonomic_022015_PriceList.pdf
2016-04-05 00:08 - 2016-04-05 00:08 - 05202505 _____ C:\Users\AE Office\Downloads\MX-0606~0808-HDBT-H2_QSG_160330.pdf
2016-04-05 00:08 - 2016-04-05 00:08 - 01697503 _____ C:\Users\AE Office\Downloads\Web-UI_v7Matrices_ReferenceGuide_151216.pdf
2016-04-04 17:26 - 2016-04-29 23:04 - 00086491 ____T C:\Users\AE Office\Desktop\scan.pdf
2016-04-03 03:44 - 2016-04-13 21:14 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-04-03 03:44 - 2016-04-03 03:44 - 00000000 ____D C:\Program Files\Common Files\AV

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-02 01:10 - 2016-03-27 13:21 - 00000942 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-05-02 01:10 - 2016-03-22 01:41 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-05-02 01:10 - 2016-03-22 00:30 - 00000000 __SHD C:\Users\AE Office\IntelGraphicsProfiles
2016-05-02 01:08 - 2016-02-13 06:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-02 01:08 - 2015-10-29 23:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-01 23:14 - 2016-03-21 23:42 - 00956484 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-01 23:14 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-01 22:54 - 2016-03-27 13:21 - 00000946 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-05-01 22:42 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-01 22:37 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-30 00:59 - 2016-03-22 01:42 - 00000000 ____D C:\Users\AE Office
2016-04-29 23:48 - 2015-10-30 00:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-04-29 23:10 - 2015-07-10 04:04 - 00000176 _____ C:\WINDOWS\win.ini
2016-04-28 17:19 - 2016-03-27 13:23 - 00000000 ___RD C:\Users\AE Office\Dropbox
2016-04-28 16:50 - 2016-03-27 13:21 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-04-28 16:49 - 2016-03-27 13:21 - 00004006 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-04-28 16:49 - 2016-03-27 13:21 - 00003774 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-04-28 15:45 - 2016-03-25 15:07 - 00000000 ____D C:\Users\AE Office\Documents\SI 2016 Projects
2016-04-25 02:06 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-24 11:36 - 2016-03-27 03:22 - 00000000 ___SD C:\Users\AE Office\Documents\My Shapes
2016-04-24 11:28 - 2016-03-22 00:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-21 23:36 - 2016-03-22 01:40 - 00000000 ____D C:\Program Files\Intel
2016-04-21 21:51 - 2016-03-22 20:12 - 00000000 ____D C:\Program Files\Microsoft Office
2016-04-21 21:51 - 2015-10-30 00:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-21 21:51 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-04-20 21:26 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-04-14 12:23 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-13 21:21 - 2016-03-22 00:37 - 00000000 ____D C:\ProgramData\Norton
2016-04-13 21:14 - 2015-10-30 00:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-13 21:14 - 2015-10-29 23:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-13 20:03 - 2016-03-27 13:23 - 00001299 _____ C:\Users\AE Office\Desktop\Dropbox.lnk
2016-04-13 20:03 - 2016-03-22 20:59 - 00002065 _____ C:\Users\Public\Desktop\SI 2016.lnk
2016-04-13 20:03 - 2016-03-22 20:58 - 00002199 _____ C:\Users\Public\Desktop\SI Server Manager.lnk
2016-04-13 20:03 - 2016-03-22 20:18 - 00002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio 2016.lnk
2016-04-13 20:03 - 2016-03-22 20:13 - 00002480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-04-13 20:03 - 2016-03-22 20:13 - 00002439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-04-13 20:03 - 2016-03-22 20:13 - 00002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-04-13 20:03 - 2016-03-22 20:13 - 00002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-04-13 20:03 - 2016-03-22 20:13 - 00002395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-04-13 20:03 - 2016-03-22 20:13 - 00002389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-04-13 20:03 - 2016-03-22 20:13 - 00002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-04-13 20:03 - 2016-03-22 01:42 - 00001564 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-13 20:03 - 2016-03-22 00:30 - 00000712 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk
2016-04-13 20:03 - 2016-03-22 00:30 - 00000706 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2016-04-13 20:03 - 2016-03-22 00:17 - 00002373 _____ C:\Users\AE Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-13 20:01 - 2016-02-13 06:11 - 00333072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-13 20:01 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\schemas
2016-04-13 20:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-13 20:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-13 20:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-13 20:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-13 19:51 - 2016-03-22 00:30 - 00000000 ____D C:\Program Files (x86)\Intel
2016-04-13 19:50 - 2016-03-22 00:35 - 00000000 ____D C:\ProgramData\Intel
2016-04-13 19:47 - 2016-03-22 00:36 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-12 20:25 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-12 20:24 - 2016-03-22 00:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-12 20:23 - 2016-03-22 00:54 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-11 17:55 - 2016-03-22 00:25 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-10 19:23 - 2016-04-01 00:40 - 00006335 _____ C:\Users\AE Office\AppData\Roaming\Comma Separated Values.EML
2016-04-10 18:57 - 2016-03-22 00:25 - 00000000 ____D C:\MSI
2016-04-06 11:32 - 2015-10-30 00:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 11:32 - 2015-10-30 00:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-05 22:29 - 2016-03-28 11:45 - 00000000 ____D C:\Users\AE Office\Documents\Integration Designer
2016-04-04 00:19 - 2016-03-25 16:02 - 00000000 ____D C:\DToolsSIXData

==================== Files in the root of some directories =======

2016-03-26 12:16 - 2016-04-11 21:27 - 21572120 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-04-01 00:56 - 2016-04-01 00:56 - 0022159 _____ () C:\Users\AE Office\AppData\Roaming\Comma Separated Values.ADR
2016-04-01 00:40 - 2016-04-10 19:23 - 0006335 _____ () C:\Users\AE Office\AppData\Roaming\Comma Separated Values.EML
2016-04-29 00:09 - 2016-04-30 00:02 - 0007606 _____ () C:\Users\AE Office\AppData\Local\Resmon.ResmonCfg
2016-03-22 01:41 - 2016-03-22 01:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD.

LastRegBack: 2016-05-01 22:22

==================== End of FRST.txt ============================

#5
Leefpile

Posted 02 May 2016 - 02:16 AM

New Member

Topic Starter
Member
8 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-05-2016
Ran by AE Office (2016-05-02 01:12:38)
Running from C:\Users\AE Office\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-22 08:44:34)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-712566120-1319213845-3578928782-500 - Administrator - Disabled)
AE Office (S-1-5-21-712566120-1319213845-3578928782-1001 - Administrator - Enabled) => C:\Users\AE Office
DefaultAccount (S-1-5-21-712566120-1319213845-3578928782-503 - Limited - Disabled)
Guest (S-1-5-21-712566120-1319213845-3578928782-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Dropbox (HKLM-x32\...\Dropbox) (Version: 3.19.34 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.39.1 - Dropbox, Inc.) Hidden
D-Tools SI 2016 (HKLM-x32\...\{378A2CA1-E113-4715-A0E9-D927F63F6AEF}) (Version: 6.6.1723.0 - D-Tools, Inc.)
D-Tools SI 2016 Server (HKLM-x32\...\{EE66531C-0EB6-40F6-82EB-1C3405A1A97E}) (Version: 6.6.1723.0 - D-Tools, Inc.)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
GDR 3128 for SQL Server 2012 (KB2793634) (HKLM-x32\...\KB2793634) (Version: 11.1.3128.0 - Microsoft Corporation)
Integration Designer (HKLM-x32\...\{AB21B9A7-6AF7-4E3F-BF1B-792A40B313CB}) (Version: 9.71.0000 - Remote Technologies Inc.)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4279 - Intel Corporation)
Killer Bandwidth Control Filter Driver (Version: 1.1.56.1120 - Rivet Networks) Hidden
Killer E240x Drivers (Version: 1.1.56.1120 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.56.1120 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.56.1120 - Rivet Networks)
Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.6769.2017 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (HKLM-x32\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM-x32\...\{FEC535DD-0EB2-4709-87BD-1708C6364EB6}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x86) ENU (HKLM-x32\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Database Providers (x86) ENU (HKLM-x32\...\{296E293F-C481-4DDE-9ED2-3F79FCF38731}) (Version: 3.1.1648.0 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.6769.2017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.1.3000.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.1.2.0 - Reason Software Company Inc.)
Service Pack 1 for SQL Server 2012 (KB2674319) (HKLM-x32\...\KB2674319) (Version: 11.1.3000.0 - Microsoft Corporation)
SQL Server 2012 Common Files (x32 Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (x32 Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (x32 Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.1.3000.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (x32 Version: 11.1.3000.0 - Microsoft Corporation) Hidden
Windows Driver Package - Remote Technologies Inc. (WinUSB) Control Device (05/26/2012 2.0.0.202) (HKLM\...\9C77513A57291F0E6C36607E517383AF8317B9FF) (Version: 05/26/2012 2.0.0.202 - Remote Technologies Inc.)
Windows Driver Package - RTI ZB-Pro Driver Package (04/10/2012 2.08.24) (HKLM\...\BECDF025CBE7908A2B6A488537CE7A31D1D5E13B) (Version: 04/10/2012 2.08.24 - RTI)
Windows Driver Package - RTI ZB-Pro Driver Package (04/10/2012 2.08.24) (HKLM\...\E33851197B121AEAEDB1FDD072C90C458CF2E26C) (Version: 04/10/2012 2.08.24 - RTI)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-712566120-1319213845-3578928782-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\AE Office\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07E2B3F8-5BB9-4B2C-8331-D20CC0C6042D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-03] (Microsoft Corporation)
Task: {0C85D1E6-6347-47BE-BDA9-0BD08D7D2B14} - System32\Tasks\{914A509A-83D4-44EC-A51A-CE000A227FF8} => pcalua.exe -a C:\PROGRA~1\DIFX\2DDF8C298514F650\dpinst64.exe -c /u C:\WINDOWS\System32\DriverStore\FileRepository\zbpro_b.inf_amd64_d99eab6b9e64ea4f\zbpro_b.inf
Task: {253F1536-CF20-49B9-A3A9-9F26763825C5} - System32\Tasks\ReasonSecurityScheduledScan => C:\Program Files\Reason\Security\rsUI.exe [2016-04-13] (Reason Software Company Inc.)
Task: {26D219FC-4453-42E5-9861-8D042232CB81} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-04-21] (Microsoft Corporation)
Task: {2AAD1231-DA52-4F5F-96BC-3D6447683FFC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-04-03] (Microsoft Corporation)
Task: {2E43E9EB-C7D8-4653-93AC-2948DB768151} - System32\Tasks\NahimicMSIsvc64Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe
Task: {3E262795-99C1-4520-87B5-58654B5C4095} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {549D9E73-61AA-4C77-A4DC-B5054C009CA4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-27] (Dropbox, Inc.)
Task: {6C7CC1AA-E7D2-45BA-BDFE-8805F48FDEE9} - System32\Tasks\NahimicMSIUILauncherRun => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe
Task: {6F33F85B-3740-4247-92EA-C8DB2BBEEBAB} - System32\Tasks\NahimicMSIsvc32Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe
Task: {8261BA93-3AC2-4003-B989-498BE1B6246E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-03] (Microsoft Corporation)
Task: {8EE6C9D1-3A2D-4BF4-AAC6-64CEAF7E129E} - System32\Tasks\ReasonSecurityStart => C:\Program Files\Reason\Security\rsUI.exe [2016-04-13] (Reason Software Company Inc.)
Task: {8F47AF58-3A7C-4EB5-AB15-E0F20FBE719E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-04-21] (Microsoft Corporation)
Task: {9E6D891E-1765-4B2B-86AB-94134C3460E3} - System32\Tasks\Process Explorer-DESKTOP-5CPLEM7-AE Office => C:\USERS\AE OFFICE\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE [2016-04-29] (Sysinternals - www.sysinternals.com)
Task: {A8B71890-D3A8-4BA6-A283-9CBC9FB6E546} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-27] (Dropbox, Inc.)
Task: {C7752DC6-148D-4AB0-93E1-D84AEB7AA014} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 00:17 - 2015-10-30 00:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-22 20:11 - 2016-04-03 04:34 - 00172224 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-04-12 19:31 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 19:31 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-03-22 20:13 - 2016-04-03 04:34 - 08919232 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-02-13 05:54 - 2016-02-13 05:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-12 19:30 - 2016-04-01 20:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-12 19:31 - 2016-04-01 20:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-12 19:31 - 2016-04-01 19:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-12 19:31 - 2016-04-01 19:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-12 19:31 - 2016-04-01 20:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 04:04 - 2016-04-29 00:37 - 00002024 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-712566120-1319213845-3578928782-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.29.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "NahimicMSIUILauncher"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-712566120-1319213845-3578928782-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-712566120-1319213845-3578928782-1001\...\StartupApproved\Run: => "Lync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [MDNS-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [CoreNet-Teredo-In] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [CoreNet-DHCPV6-In] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [CoreNet-DHCP-In] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [Microsoft-Windows-WLANSvc-ASP-CP-In] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [WFDPRINT-SCAN-In-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [WFDPRINT-SPOOL-In-Active] => (Block) %SystemRoot%\system32\spoolsv.exe
FirewallRules: [WFDPRINT-DAFWSD-In-Active] => (Block) %SystemRoot%\system32\dashost.exe
FirewallRules: [PlayTo-QWave-In-TCP-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [PlayTo-QWave-In-UDP-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [PlayTo-SSDP-Discovery-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [PlayTo-In-RTSP-PlayToScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-LocalSubnetScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-NoScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-PlayToScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-LocalSubnetScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-NoScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-SSDPSrv-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-In-TCP-EdgeScope-Active] => (Block) %SystemRoot%\system32\msra.exe
FirewallRules: [RemoteAssistance-DCOM-In-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-RAServer-In-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\raserver.exe
FirewallRules: [WirelessDisplay-In-TCP] => (Block) %systemroot%\system32\WUDFHost.exe
FirewallRules: [NETDIS-FDRESPUB-WSD-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-LLMNR-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-DAS-In-UDP-Active] => (Block) %SystemRoot%\system32\dashost.exe
FirewallRules: [NETDIS-FDPHOST-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-SSDPSrv-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [AllJoyn-Router-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [AllJoyn-Router-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [ProximityUxHost-Sharing-In-TCP-NoScope] => (Block) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [DeliveryOptimization-UDP-In] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [DeliveryOptimization-TCP-In] => (Block) %SystemRoot%\system32\svchost.exe

==================== Restore Points =========================

11-04-2016 17:52:19 Nahimic for MSI
13-04-2016 21:03:49 JRT Pre-Junkware Removal
14-04-2016 02:35:39 JRT Pre-Junkware Removal
14-04-2016 02:36:30 JRT Pre-Junkware Removal
15-04-2016 02:17:57 JRT Pre-Junkware Removal
21-04-2016 22:02:03 JRT Pre-Junkware Removal
29-04-2016 22:10:52 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Intel® Management Engine Interface
Description: Intel® Management Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/02/2016 01:04:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.10586.20, time stamp: 0x56542a5e
Faulting module name: IEFRAME.dll, version: 11.0.10586.212, time stamp: 0x56fa1519
Exception code: 0xc0000005
Fault offset: 0x000000000054f35e
Faulting process id: 0xa84
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (05/02/2016 12:52:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5CPLEM7)
Description: Activation of app Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe:App.AppX65n3t4j73ch7cremsjxn7q8bph1ma8jw.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/02/2016 12:10:09 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5CPLEM7)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy:App.AppXe35aa078nkgkdbkbrk5tjm2xds5rwz5q.wwa failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/02/2016 12:10:08 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5CPLEM7)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy:App.AppXe35aa078nkgkdbkbrk5tjm2xds5rwz5q.wwa failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/02/2016 12:10:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5CPLEM7)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy:App.AppXe35aa078nkgkdbkbrk5tjm2xds5rwz5q.wwa failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (05/02/2016 01:08:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The cphs service terminated with the following error:
%%2147942659

Error: (05/02/2016 01:07:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/02/2016 01:07:53 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-5CPLEM7)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/02/2016 01:07:52 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-5CPLEM7)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/02/2016 01:07:45 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-5CPLEM7)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/02/2016 01:07:35 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-5CPLEM7)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/02/2016 01:07:29 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-5CPLEM7)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/02/2016 01:07:28 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-5CPLEM7)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/02/2016 01:04:19 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-5CPLEM7)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

==================== Memory info ===========================

Processor: Intel® Core™ i5-6600 CPU @ 3.30GHz
Percentage of memory in use: 10%
Total physical RAM: 16273.08 MB
Available physical RAM: 14639.81 MB
Total Virtual: 18705.08 MB
Available Virtual: 17143.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.4 GB) (Free:169.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 38298846)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)
Could not read MBR for disk 1.

==================== End of Addition.txt ============================

#6
Essexboy

Posted 02 May 2016 - 03:23 AM

GeekU Moderator

Retired Staff
69,964 posts

What are your actual symptoms ? Have you stopped Google synchronisation

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
2016-04-11 17:58 - 2016-04-11 17:58 - 00003460 _____ C:\WINDOWS\System32\Tasks\{914A509A-83D4-44EC-A51A-CE000A227FF8}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

#7
Leefpile

Posted 02 May 2016 - 04:36 AM

New Member

Topic Starter
Member
8 posts

It looks like the email responses don't come through on here?

#8
Leefpile

Posted 02 May 2016 - 04:37 AM

New Member

Topic Starter
Member
8 posts

Symptoms:
webpage redirects, seems a lot of w3.org keeps coming up in the scripts of I.E., edge, etc.

resi//ieframe.dll/dnserror.htm#:http://go.microsoft/..."numericString"where numeric string is populated in a lot of different ways in a lot of different pages.

!!!!

I just found a Trojan.Win32.Bredolab.Gen1 (v) as I typed this up to you. Found through Sysinternals Process Explorer that I had running

Can I attach a photo to this?

Fix result of Farbar Recovery Scan Tool (x64) Version:01-05-2016
Ran by AE Office (2016-05-02 03:40:01) Run:1
Running from C:\Users\AE Office\Desktop
Loaded Profiles: AE Office (Available Profiles: AE Office)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
2016-04-11 17:58 - 2016-04-11 17:58 - 00003460 _____ C:\WINDOWS\System32\Tasks\{914A509A-83D4-44EC-A51A-CE000A227FF8}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.
C:\WINDOWS\System32\Tasks\{914A509A-83D4-44EC-A51A-CE000A227FF8} => moved successfully

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

'reg' is not recognized as an internal or external command,
operable program or batch file.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

'reg' is not recognized as an internal or external command,
operable program or batch file.

========= End of Reg: =========

========= RemoveProxy: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-712566120-1319213845-3578928782-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-712566120-1319213845-3578928782-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= bitsadmin /reset /allusers =========

'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========

EmptyTemp: => 119.6 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 03:40:18 ====

Edited by Leefpile, 02 May 2016 - 04:48 AM.

#9
Essexboy

Posted 02 May 2016 - 05:05 AM

GeekU Moderator

Retired Staff
69,964 posts

Yes you can attach a jpg or similar

I can see no sign of that Trojan as your run key is restricted to your audio card

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Handler: mk - i3|'eajo8tds)n#mkq/ti/!+zuV_+zskq - No File

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

#10
Leefpile

Posted 02 May 2016 - 05:38 AM

New Member

Topic Starter
Member
8 posts

K. I've got to get some sleep. Back soon.

#11
Essexboy

Posted 06 May 2016 - 08:12 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.