Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seeing Traffic from 195.22.26.248: Possible Botnet?


  • Please log in to reply
6 replies to this topic

#1 Lerxst23

Lerxst23

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:02:58 AM

Posted 25 October 2016 - 05:16 PM

I noticed that it would take my email anywhere from 30 minutes to several hours to sync with the email server. Using wireshark, I discovered every time I'd see Outlook attempting a sync, it would try hitting 195.22.26.248. I set a firewall rule to block incoming/outgoing traffic from that address and my mail would sync immediately. Several days later, mail began hanging again and wireshark revealed traffic from 195.22.28.210. I expanded the firewall rule to block traffic from 195.22.24.0/21. Also, using nslookup shows 195.22.28.210 as a non-authoritative nameserver. My FRST report:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by Jefft (administrator) on 368-JEFFT-LT2 (25-10-2016 14:50:36)
Running from C:\Users\jefft\Downloads
Loaded Profiles: Jefft (Available Profiles: Jefft & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Dell Inc.) C:\Windows\System32\CmgShieldSvc.exe
(Dell Inc.) C:\Windows\System32\EmsService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\KACE\AMPAgent.exe
(Dell Inc.) C:\Program Files (x86)\Dell\KACE\AMPWatchDog.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\dell\Sytem64Folder\DellRctlService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
() C:\Program Files (x86)\Dell\KACE\konea.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Rescue Technician Console\LogMeInRescueTechnicianConsole_x64\LMIGuardianSvc.exe
(IBM Corp) C:\Lotus\Notes\SUService.exe
(IBM) C:\Lotus\Notes\nsd.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(IBM Corp) C:\Lotus\Notes\ntmulti.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe
() C:\Program Files (x86)\proXPN\bin\proXpnService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Trane\TracerTU.Service\EvoUSB.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\Temp\DPTF\CEFCa75.esif_assist_64.exe.TBD
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Bluebeam Software, Inc.) C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
() C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(SoftPerfect) C:\Program Files\NetWorx\networx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Encryption\Local Console\CmgSysTray.exe
(Dell Inc.) C:\Windows\System32\EmsServiceHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Program Files (x86)\FeedReader30\feedreader.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
() C:\Users\jefft\AppData\Local\Neubot\0.004016009\neubotw.exe
(Dell) C:\Users\jefft\AppData\Local\Apps\2.0\LZ4YEJNM.780\HK2ZP781.E4M\dell..tion_6d0a76327dca4869_0007.0009_d84bde3ab35e468d\DellSystemDetect.exe
() C:\Program Files (x86)\Egnyte Drive\EgnyteDrive.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Acronis) C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
() C:\Program Files (x86)\Tt eSPORTS\POSEIDON Z RGB\POSEIDON Z RGB HID.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(IBM Corp) C:\OTLKCON\nwrdaemn.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_185.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_185.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(LastPass) C:\Users\jefft\AppData\LocalLow\LastPass\LastPassBroker.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(The Wireshark developer community, hxxp://www.wireshark.org/) C:\Program Files\Wireshark\Wireshark.exe
(The Wireshark developer community) C:\Program Files\Wireshark\dumpcap.exe
() C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeNotify.exe
() C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\VssRequestor64\vss_requestor.exe
(Acronis) C:\Program Files (x86)\Acronis\DriveMonitor\adm.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [754984 2016-05-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation)
HKLM\...\Run: [BbInstallUser] => C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe [50744 2015-09-28] (Bluebeam Software, Inc.)
HKLM\...\Run: [BbPrintMonitor] => C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe [260152 2015-09-28] (Bluebeam Software, Inc.)
HKLM\...\Run: [Intel® WiDi Receiver Updater] => C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe [89600 2015-10-27] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [585240 2016-09-13] ()
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7710024 2016-09-22] (SoftPerfect)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [3932632 2016-05-20] (Stardock Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2015-06-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-06-30] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => c:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [611248 2015-05-26] (Waves Audio Ltd.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4879264 2016-02-08] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7823336 2015-12-07] (Motorola Solutions, Inc.)
HKLM\...\Run: [LocalSecurityAgent] => C:\Program Files\Dell\Dell Data Protection\Encryption\Local Console\CmgSysTray.exe [35656 2016-03-11] (Dell Inc.)
HKLM\...\Run: [EmsService] => C:\Windows\system32\EmsServiceHelper.exe [3230536 2016-03-11] (Dell Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [299504 2016-03-17] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2327440 2014-07-07] (Trend Micro Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [adm_tray.exe] => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [531664 2010-08-26] (Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4654664 2016-09-13] ()
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425352 2016-06-03] (Acronis International GmbH)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-06-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25366584 2016-10-10] (Dropbox, Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [113344 2015-11-03] (VMware, Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [Tt esports] => C:\Program Files (x86)\Tt eSPORTS\POSEIDON Z RGB\POSEIDON Z RGB HID.exe [1774592 2016-01-20] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-1968492731-363172122-855795525-47339\...\Run: [feedreader.exe] => C:\Program Files (x86)\FeedReader30\feedreader.exe [2058240 2009-03-29] ()
HKU\S-1-5-21-1968492731-363172122-855795525-47339\...\Run: [Spark] => C:\Program Files (x86)\Spark\Spark.exe [506368 2016-10-01] (Ignite Realtime)
HKU\S-1-5-21-1968492731-363172122-855795525-47339\...\Run: [Neubot] => C:\Users\jefft\AppData\Local\Neubot\0.004016009\neubotw.exe [34816 2013-10-23] ()
HKU\S-1-5-21-1968492731-363172122-855795525-47339\...\Run: [DellSystemDetect] => C:\Users\jefft\AppData\Local\Apps\2.0\LZ4YEJNM.780\HK2ZP781.E4M\dell..tion_6d0a76327dca4869_0007.0009_d84bde3ab35e468d\DellSystemDetect.exe [313800 2016-10-04] (Dell)
HKU\S-1-5-21-1968492731-363172122-855795525-47339\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\UC3D.scr [173568 2004-09-08] ()
SSODL: EldosMountNotificator-cbfs5-0 - {841295A0-3714-4EF1-A07F-868535B92E45} - C:\Program Files (x86)\Egnyte Drive\CBFS\cbfsMntNtf5.dll (EldoS Corporation)
SSODL: EldosMountNotificator-cbfs6-0 - {A9C2E1DE-760A-4B5E-807E-7BEE902BEA79} - C:\Program Files (x86)\Egnyte Drive\CBFS\cbfsMntNtf6.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs5-0 - {841295A0-3714-4EF1-A07F-868535B92E45} - C:\Program Files (x86)\Egnyte Drive\CBFS\WOW64\cbfsMntNtf5.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs6-0 - {A9C2E1DE-760A-4B5E-807E-7BEE902BEA79} - C:\Program Files (x86)\Egnyte Drive\CBFS\WOW64\cbfsMntNtf6.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [  _002EgnyteDriveUploadPending] -> {E4D87DEC-D444-4CF4-AFF3-024CC18254B7} => C:\Program Files (x86)\Egnyte Drive\libEgnyteDriveWinShOverlay.dll [2016-07-06] (Egnyte)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-08-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-08-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-08-09] (Acronis)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-11-17] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [CmgEncOverlay] -> {7B0F6726-38DD-49DD-8A5E-02EFED6EEDA4} => C:\Program Files\Dell\Dell Data Protection\Encryption\Local Console\CmgShellExt.dll [2016-03-11] (Dell Inc.)
ShellIconOverlayIdentifiers: [CmgGhostOverlay] -> {74CD2AE0-8208-424C-8A4B-6670FE358620} => C:\Program Files\Dell\Dell Data Protection\Encryption\Local Console\CmgShellExt.dll [2016-03-11] (Dell Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs5-0] -> {0B5D8659-3506-4A7E-A6FC-B93C06457E63} => C:\Program Files (x86)\Egnyte Drive\CBFS\cbfsMntNtf5.dll [2015-08-24] (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6-0] -> {6F1DD184-365D-4F22-8BE6-E73716D7ECB8} => C:\Program Files (x86)\Egnyte Drive\CBFS\cbfsMntNtf6.dll [2016-06-13] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs5-0] -> {0B5D8659-3506-4A7E-A6FC-B93C06457E63} => C:\Program Files (x86)\Egnyte Drive\CBFS\WOW64\cbfsMntNtf5.dll [2015-08-24] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6-0] -> {6F1DD184-365D-4F22-8BE6-E73716D7ECB8} => C:\Program Files (x86)\Egnyte Drive\CBFS\WOW64\cbfsMntNtf6.dll [2016-06-13] (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Egnyte Drive.lnk [2016-08-31]
ShortcutTarget: Egnyte Drive.lnk -> C:\Windows\Installer\{A1C7C3ED-CDBA-4062-8853-1FC55BDB8FF6}\EgnyteDrive4A9895.ico ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-03-03]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-03-03]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\jefft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Network Drive Remover.lnk [2016-03-04]
ShortcutTarget: Network Drive Remover.lnk -> C:\net_drive_delete.bat ()
Startup: C:\Users\jefft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-03-17]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 8.8.8.8
Tcpip\..\Interfaces\{3C15EE3A-9D02-4FBF-BDC8-D95A3E3B0289}: [DhcpNameServer] 10.0.22.1 10.0.22.2
Tcpip\..\Interfaces\{4F2F792F-6BFE-4221-9D25-1C60D5ECE9B5}: [DhcpNameServer] 10.104.1.29 10.75.0.48 10.75.0.33
Tcpip\..\Interfaces\{50AA81FA-13CC-4C72-9C00-3D9042C09255}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{50AA81FA-13CC-4C72-9C00-3D9042C09255}: [DhcpNameServer] 75.75.75.75 8.8.8.8
Tcpip\..\Interfaces\{758080F9-2721-45A2-B27C-FC5EFEAD96AA}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{758080F9-2721-45A2-B27C-FC5EFEAD96AA}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{76B8B7C6-5CE6-456C-A12F-9FF5F2134204}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{F082018B-C5C8-4490-82A0-0525FFCFF4CF}: [DhcpNameServer] 10.104.1.29 10.75.0.48 10.75.0.33

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1968492731-363172122-855795525-47339\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1968492731-363172122-855795525-47339\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1968492731-363172122-855795525-47339\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1968492731-363172122-855795525-47339 -> DefaultScope {C767A611-E2A7-45A9-B70C-1C21642BA8CF} URL =
SearchScopes: HKU\S-1-5-21-1968492731-363172122-855795525-47339 -> {C767A611-E2A7-45A9-B70C-1C21642BA8CF} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg.dll [2014-01-28] (Trend Micro Inc.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-08-08] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg32.dll [2014-01-28] (Trend Micro Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-19] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-08-08] (LastPass)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-08-08] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-08-08] (LastPass)
DPF: HKLM-x32 {254AA86E-5655-4518-AA87-185D7CC41801} hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg.dll [2014-01-28] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg32.dll [2014-01-28] (Trend Micro Inc.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)

FireFox:
========
FF DefaultProfile: 3pzgfp2q.default
FF ProfilePath: C:\Users\jefft\AppData\Roaming\Mozilla\Firefox\Profiles\3pzgfp2q.default [2016-10-25]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\3pzgfp2q.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\3pzgfp2q.default -> hxxps://www.google.com/
FF Extension: (Heartbleed Notifier) - C:\Users\jefft\AppData\Roaming\Mozilla\Firefox\Profiles\3pzgfp2q.default\Extensions\heartbleed@dactyl.googlecode.com.xpi [2016-05-25]
FF Extension: (Heartbleed Monitor) - C:\Users\jefft\AppData\Roaming\Mozilla\Firefox\Profiles\3pzgfp2q.default\Extensions\jid1-eMhaOaq3SPBFDg@jetpack.xpi [2016-05-25]
FF Extension: (Long URL Please) - C:\Users\jefft\AppData\Roaming\Mozilla\Firefox\Profiles\3pzgfp2q.default\Extensions\longurlplease@darragh.curran.xpi [2016-05-25]
FF Extension: (RSS Icon in url bar) - C:\Users\jefft\AppData\Roaming\Mozilla\Firefox\Profiles\3pzgfp2q.default\Extensions\rssicon.vaka@gmail.com.xpi [2016-03-17]
FF Extension: (LastPass) - C:\Users\jefft\AppData\Roaming\Mozilla\Firefox\Profiles\3pzgfp2q.default\Extensions\support@lastpass.com [2016-09-06]
FF Extension: (uBlock Origin) - C:\Users\jefft\AppData\Roaming\Mozilla\Firefox\Profiles\3pzgfp2q.default\Extensions\uBlock0@raymondhill.net.xpi [2016-10-25]
FF Extension: (URL Tooltip) - C:\Users\jefft\AppData\Roaming\Mozilla\Firefox\Profiles\3pzgfp2q.default\Extensions\url-tooltip@timothytate.net.xpi [2016-03-03]
FF Extension: (Themes Menu) - C:\Users\jefft\AppData\Roaming\Mozilla\Firefox\Profiles\3pzgfp2q.default\Extensions\{84625510-7e5d-11e0-a411-0800200c9a66}.xpi [2016-03-03]
FF Extension: (FireFTP) - C:\Users\jefft\AppData\Roaming\Mozilla\Firefox\Profiles\3pzgfp2q.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2016-07-29]
FF Extension: (Adblock Plus) - C:\Users\jefft\AppData\Roaming\Mozilla\Firefox\Profiles\3pzgfp2q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-25]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtension
FF Extension: (Trend Micro NSC Firefox Extension) - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtension [2016-02-18] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-11] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-03] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-11] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-03] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1968492731-363172122-855795525-47339: @citrixonline.com/appdetectorplugin -> C:\Users\jefft\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-20] (Citrix Online)
FF Plugin HKU\S-1-5-21-1968492731-363172122-855795525-47339: @zoom.us/ZoomVideoPlugin -> C:\Users\jefft\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-09-08] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-1968492731-363172122-855795525-47339: vidyo.com/VidyoWeb_1.2.3.0093 -> C:\Users\jefft\AppData\Roaming\VidyoInc\VidyoWeb\1.2.3.0093\npVidyoWeb.dll [2016-02-25] (Vidyo, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2016-09-13] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\jefft\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-09-13] (Cisco WebEx LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\jefft\AppData\Local\Google\Chrome\User Data\Default [2016-10-21]
CHR Extension: (Google Slides) - C:\Users\jefft\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-03]
CHR Extension: (Google Docs) - C:\Users\jefft\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-28]
CHR Extension: (Google Drive) - C:\Users\jefft\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-28]
CHR Extension: (YouTube) - C:\Users\jefft\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-28]
CHR Extension: (Adblock Plus) - C:\Users\jefft\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-09-29]
CHR Extension: (uBlock Origin) - C:\Users\jefft\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-09-29]
CHR Extension: (Google Search) - C:\Users\jefft\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-28]
CHR Extension: (Google Sheets) - C:\Users\jefft\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-28]
CHR Extension: (Google Docs Offline) - C:\Users\jefft\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-05]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\jefft\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-08-29]
CHR Extension: (Colors) - C:\Users\jefft\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhbgjlhhonbdjfdoiklbbkejcipkbnac [2016-09-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jefft\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-05]
CHR Extension: (Gmail) - C:\Users\jefft\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-28]
CHR Extension: (Chrome Media Router) - C:\Users\jefft\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-29]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1276216 2016-09-13] ()
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6086232 2016-09-22] ()
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 AMPAgent; C:\Program Files (x86)\Dell\KACE\AMPAgent.exe [3883136 2015-06-17] (Dell Inc.) [File not signed]
R2 AMPWatchDog; C:\Program Files (x86)\Dell\KACE\AMPWatchDog.exe [3045504 2015-06-17] (Dell Inc.) [File not signed]
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [104744 2016-05-17] (Alps Electric Co., Ltd.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 CMGShield; C:\Windows\system32\CmgShieldSvc.exe [8631112 2016-03-11] (Dell Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-03] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-03] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [38000 2016-10-10] (Dropbox, Inc.)
S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [94136 2016-06-02] (Dell Inc.)
R2 DellRctlService; C:\Dell\Sytem64Folder\DellRctlService.exe [389120 2016-05-03] () [File not signed]
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [11127016 2016-02-12] (DisplayLink Corp.)
R2 EMS; C:\Windows\system32\EMSService.exe [1977672 2016-03-11] (Dell Inc.)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1392792 2015-10-30] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [171640 2016-02-27] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [356336 2016-08-11] (Intel Corporation)
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] ()
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
S4 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [395744 2015-01-14] (Intel)
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation)
R2 konea; C:\Program Files (x86)\Dell\KACE\konea.exe [7144960 2015-06-17] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Rescue Technician Console\LogMeInRescueTechnicianConsole_x64\LMIGuardianSvc.exe [419360 2016-06-30] (LogMeIn, Inc.)
R2 LNSUSvc; C:\Lotus\Notes\SUService.exe [189832 2011-09-16] (IBM Corp)
R2 Lotus Notes Diagnostics; C:\Lotus\Notes\nsd.exe [4453768 2011-09-16] (IBM)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4692840 2016-08-15] (Acronis International GmbH)
R2 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [7717528 2016-07-18] (Acronis International GmbH)
R2 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1510712 2016-09-13] ()
R2 Multi-user Cleanup Service; C:\Lotus\Notes\ntmulti.exe [71048 2011-09-16] (IBM Corp)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [4638784 2014-07-07] (Trend Micro Inc.)
R2 proXPN VPN; C:\Program Files (x86)\proXPN\bin\proXPNService.exe [127456 2016-09-13] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-18] (Realtek Semiconductor)
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [9729272 2016-08-11] ()
R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [575024 2014-03-19] (Trend Micro Inc.)
R3 tmccsf; C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\tmccsf.exe [701064 2014-04-08] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [4628200 2014-07-07] (Trend Micro Inc.)
S3 TmPfw; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe [596744 2013-07-15] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [929328 2014-01-28] (Trend Micro Inc.)
R2 Tracer TU Service; C:\Program Files (x86)\Trane\TracerTU.Service\EvoUSB.exe [114176 2015-03-05] () [File not signed]
R2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [503512 2016-02-09] (VMware, Inc.)
S4 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [503512 2016-02-09] (VMware, Inc.)
R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [503512 2016-02-09] (VMware, Inc.)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12731584 2015-11-03] ()
R2 WavesSysSvc; c:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [564144 2015-05-26] (Waves Audio Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-07-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)
S3 Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{5D6F022A-D0DE-47B6-B74F-31D02E52FDFE}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-24] (Advanced Micro Devices, Inc.)
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [75992 2016-02-09] (VMware, Inc.)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141800 2015-10-13] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1545704 2015-10-16] (Motorola Solutions, Inc.)
R1 cbfs5-0; C:\Program Files (x86)\Egnyte Drive\CBFS\cbfs5.sys [421568 2015-08-24] (EldoS Corporation)
R1 cbfs6-0; C:\Program Files (x86)\Egnyte Drive\CBFS\cbfs6.sys [460992 2016-06-13] (EldoS Corporation)
R0 cmgfve; C:\Windows\System32\Drivers\cmgfve.sys [210688 2016-02-01] (Dell Inc.)
R0 CmgHiber; C:\Windows\System32\DRIVERS\CmgHiber.sys [149728 2016-03-11] (Dell Inc.)
R0 CmgPassThrough; C:\Windows\System32\DRIVERS\CmgShPT.sys [16608 2016-03-11] (Dell Inc.)
R0 CmgPCS; C:\Windows\System32\DRIVERS\CmgPCS.sys [159456 2016-02-01] (Dell Inc.)
R0 CmgShieldFFE; C:\Windows\System32\DRIVERS\CmgFFE.sys [478944 2016-03-11] (Dell Inc.)
R1 CMGShieldReg; C:\Windows\System32\DRIVERS\CmgShREG.sys [87776 2016-03-11] (Dell Inc.)
R3 DellRctl; C:\Windows\System32\DRIVERS\DellRctl.sys [37792 2016-04-27] ()
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.9.1488.0.sys [58640 2016-06-09] ()
R3 dptf_acpi; C:\Windows\System32\DRIVERS\dptf_acpi.sys [55784 2015-10-30] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\DRIVERS\dptf_cpu.sys [52200 2015-10-30] (Intel Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [502256 2015-10-06] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 esif_lf; C:\Windows\System32\DRIVERS\esif_lf.sys [260072 2015-10-30] (Intel Corporation)
S3 EVOUSB; C:\Windows\System32\Drivers\evousb.sys [43864 2012-05-30] (Trane)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [375136 2016-09-22] (Acronis International GmbH)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [31712 2015-11-24] (Intel Corporation)
S3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [306448 2016-02-20] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2540760 2015-06-30] (Realtek Semiconductor Corp.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [179456 2015-08-31] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw04.sys [3370248 2016-02-27] (Intel Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [72632 2016-09-20] (NetFilterSDK.com)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [758488 2015-08-04] (Realsil Semiconductor Corporation)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [103088 2015-07-27] (STMicroelectronics)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1267544 2016-09-22] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [212320 2016-09-22] (Acronis International GmbH)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [106000 2014-03-19] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [297592 2013-12-09] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69480 2014-03-19] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [368392 2015-07-02] (Trend Micro Inc.)
R1 TmLwf; C:\Windows\System32\DRIVERS\tmlwf.sys [197432 2012-06-21] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [44808 2015-07-02] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [109080 2013-06-18] (Trend Micro Inc.)
R2 tmWfp; C:\Windows\System32\DRIVERS\tmwfp.sys [338232 2012-06-21] (Trend Micro Inc.)
S3 tnd; C:\Windows\System32\DRIVERS\tnd.sys [687968 2016-09-22] (Acronis International GmbH)
S3 U2SP; C:\Windows\System32\DRIVERS\u2s2kxp64.sys [91008 2010-05-27] (Magic Control Technology Corp.)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [212056 2015-01-14] (Windows ® Win 7 DDK provider)
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [48344 2015-12-10] (USBPcap)
R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [331104 2016-09-22] (Acronis International GmbH)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31936 2015-11-03] (VMware, Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-02-19] (Cisco Systems, Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2384136 2015-07-02] (Trend Micro Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-05-21] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [35032 2016-02-09] (VMware, Inc.)
S3 WirelessKeyboardFilter; C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R4 DBUtil_2_3; \??\C:\Windows\TEMP\DBUtil_2_3.Sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-25 14:50 - 2016-10-25 14:51 - 00052279 _____ C:\Users\jefft\Downloads\FRST.txt
2016-10-25 14:49 - 2016-10-25 14:50 - 00000000 ____D C:\FRST
2016-10-25 14:49 - 2016-10-25 14:49 - 02407424 _____ (Farbar) C:\Users\jefft\Downloads\FRST64.exe
2016-10-25 07:20 - 2016-10-25 07:20 - 00000000 ____D C:\Users\jefft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchPad
2016-10-21 08:17 - 2016-10-21 08:17 - 00000000 ____D C:\Snort
2016-10-21 08:08 - 2016-10-21 08:08 - 03183949 _____ C:\Users\jefft\Downloads\Snort_2_9_8_3_Installer.exe
2016-10-21 08:02 - 2016-10-25 07:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-14 14:55 - 2016-09-30 08:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-14 14:55 - 2016-09-30 00:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-14 14:55 - 2016-09-29 23:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-14 14:55 - 2016-09-29 23:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-14 14:55 - 2016-09-29 23:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-14 14:55 - 2016-09-29 22:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-14 14:55 - 2016-09-29 22:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-14 14:55 - 2016-09-29 22:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-14 14:55 - 2016-09-29 22:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-14 14:55 - 2016-09-29 22:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-14 14:55 - 2016-09-29 22:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-14 14:55 - 2016-09-29 22:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-14 14:55 - 2016-09-29 22:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-14 14:55 - 2016-09-29 22:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-14 14:55 - 2016-09-29 21:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-14 14:55 - 2016-09-29 21:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-14 14:55 - 2016-09-12 14:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-14 14:55 - 2016-09-12 11:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-14 14:55 - 2016-09-10 09:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-14 14:55 - 2016-09-10 08:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-14 14:55 - 2016-08-12 09:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-14 14:55 - 2016-08-06 08:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-14 14:55 - 2016-08-06 08:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-14 14:55 - 2016-08-06 08:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-14 14:55 - 2016-08-06 08:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-14 14:55 - 2016-08-06 08:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-14 14:55 - 2016-08-06 08:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-14 14:55 - 2016-08-06 08:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-14 14:55 - 2016-06-14 10:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-14 14:55 - 2016-06-14 10:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-14 14:55 - 2016-06-14 10:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-14 14:55 - 2016-06-14 10:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-14 14:55 - 2016-06-14 10:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-14 14:55 - 2016-06-14 10:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-14 14:55 - 2016-06-14 10:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-14 14:55 - 2016-06-14 10:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-14 14:55 - 2016-06-14 10:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-14 14:55 - 2016-06-14 10:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-14 14:55 - 2016-06-14 10:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-14 14:55 - 2016-06-14 10:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-14 14:55 - 2016-06-14 10:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-14 14:55 - 2016-06-14 08:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-14 14:55 - 2016-06-14 08:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-14 14:55 - 2016-06-14 08:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-14 14:55 - 2016-06-14 08:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-14 14:55 - 2016-06-14 08:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-14 14:55 - 2016-06-14 08:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-14 14:55 - 2016-06-14 08:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-14 14:55 - 2016-06-14 08:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-14 14:55 - 2016-06-14 08:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-14 14:54 - 2016-09-30 13:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-14 14:54 - 2016-09-30 12:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-14 14:54 - 2016-09-30 08:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-14 14:54 - 2016-09-30 08:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-14 14:54 - 2016-09-29 23:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-14 14:54 - 2016-09-29 23:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-14 14:54 - 2016-09-29 23:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-14 14:54 - 2016-09-29 23:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-14 14:54 - 2016-09-29 23:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-14 14:54 - 2016-09-29 23:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-14 14:54 - 2016-09-29 23:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-14 14:54 - 2016-09-29 23:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-14 14:54 - 2016-09-29 23:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-14 14:54 - 2016-09-29 23:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-14 14:54 - 2016-09-29 23:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-14 14:54 - 2016-09-29 23:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-14 14:54 - 2016-09-29 23:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-14 14:54 - 2016-09-29 23:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-14 14:54 - 2016-09-29 23:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-14 14:54 - 2016-09-29 22:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-14 14:54 - 2016-09-29 22:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-14 14:54 - 2016-09-29 22:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-14 14:54 - 2016-09-29 22:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-14 14:54 - 2016-09-29 22:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-14 14:54 - 2016-09-29 22:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-14 14:54 - 2016-09-29 22:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-14 14:54 - 2016-09-29 22:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-14 14:54 - 2016-09-29 22:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-14 14:54 - 2016-09-29 22:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-14 14:54 - 2016-09-29 22:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-14 14:54 - 2016-09-29 22:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-14 14:54 - 2016-09-29 22:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-14 14:54 - 2016-09-29 22:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-14 14:54 - 2016-09-29 22:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-14 14:54 - 2016-09-29 22:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-14 14:54 - 2016-09-29 22:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-14 14:54 - 2016-09-29 22:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-14 14:54 - 2016-09-29 22:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-14 14:54 - 2016-09-29 22:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-14 14:54 - 2016-09-29 22:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-14 14:54 - 2016-09-29 22:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-14 14:54 - 2016-09-29 22:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-14 14:54 - 2016-09-29 22:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-14 14:54 - 2016-09-29 22:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-14 14:54 - 2016-09-29 22:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-14 14:54 - 2016-09-29 22:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-14 14:54 - 2016-09-29 22:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-14 14:54 - 2016-09-29 22:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-14 14:54 - 2016-09-29 22:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-14 14:54 - 2016-09-29 22:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-14 14:54 - 2016-09-29 22:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-14 14:54 - 2016-09-29 21:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-14 14:54 - 2016-09-29 21:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-14 14:54 - 2016-09-15 08:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-14 14:54 - 2016-09-15 08:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-14 14:54 - 2016-09-15 08:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-14 14:54 - 2016-09-15 08:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-14 14:54 - 2016-09-12 14:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-14 14:54 - 2016-09-12 14:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-14 14:54 - 2016-09-12 14:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-14 14:54 - 2016-09-12 14:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-14 14:54 - 2016-09-12 14:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-14 14:54 - 2016-09-12 14:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-14 14:54 - 2016-09-12 14:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-14 14:54 - 2016-09-12 14:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-14 14:54 - 2016-09-12 14:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-14 14:54 - 2016-09-12 14:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-14 14:54 - 2016-09-12 14:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-14 14:54 - 2016-09-12 14:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-14 14:54 - 2016-09-12 14:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-14 14:54 - 2016-09-12 14:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-14 14:54 - 2016-09-12 14:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-14 14:54 - 2016-09-12 14:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-14 14:54 - 2016-09-12 14:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-14 14:54 - 2016-09-12 14:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-14 14:54 - 2016-09-12 14:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-14 14:54 - 2016-09-12 14:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-14 14:54 - 2016-09-12 14:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-14 14:54 - 2016-09-12 14:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-14 14:54 - 2016-09-12 13:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-14 14:54 - 2016-09-12 13:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-14 14:54 - 2016-09-12 13:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-14 14:54 - 2016-09-12 13:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-14 14:54 - 2016-09-12 13:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-14 14:54 - 2016-09-12 13:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-14 14:54 - 2016-09-12 13:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-14 14:54 - 2016-09-12 13:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-14 14:54 - 2016-09-12 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-14 14:54 - 2016-09-12 13:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-14 14:54 - 2016-09-12 13:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-14 14:54 - 2016-09-12 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-14 14:54 - 2016-09-12 13:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-14 14:54 - 2016-09-12 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-14 14:54 - 2016-09-12 13:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-14 14:54 - 2016-09-12 13:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-14 14:54 - 2016-09-12 13:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-14 14:54 - 2016-09-12 13:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-14 14:54 - 2016-09-12 13:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-14 14:54 - 2016-09-12 13:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-14 14:54 - 2016-09-12 13:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-14 14:54 - 2016-09-12 13:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-14 14:54 - 2016-09-12 13:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-14 14:54 - 2016-09-12 13:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-14 14:54 - 2016-09-12 12:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-14 14:54 - 2016-09-12 11:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-14 14:54 - 2016-09-09 11:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-14 14:54 - 2016-09-09 11:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-14 14:54 - 2016-09-09 11:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 11:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-14 14:54 - 2016-09-09 11:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-14 14:54 - 2016-09-09 11:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-14 14:54 - 2016-09-09 11:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-14 14:54 - 2016-09-09 11:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-14 14:54 - 2016-09-09 10:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-14 14:54 - 2016-09-09 10:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-14 14:54 - 2016-09-09 10:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-14 14:54 - 2016-09-09 10:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-14 14:54 - 2016-09-09 10:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-14 14:54 - 2016-09-09 10:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-14 14:54 - 2016-09-09 10:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-14 14:54 - 2016-09-09 10:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-14 14:54 - 2016-09-09 10:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-14 14:54 - 2016-09-09 10:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-14 14:54 - 2016-09-09 08:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-14 14:54 - 2016-09-09 08:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-14 14:54 - 2016-09-09 08:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-14 14:54 - 2016-09-09 08:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-14 14:54 - 2016-09-09 08:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-14 14:54 - 2016-09-09 08:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-14 14:54 - 2016-09-09 08:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-14 14:54 - 2016-09-08 13:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-14 14:54 - 2016-09-08 13:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-14 14:54 - 2016-09-08 13:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-14 14:54 - 2016-09-08 13:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-14 14:54 - 2016-09-08 07:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-14 14:54 - 2016-09-08 07:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-14 14:54 - 2016-08-16 13:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-10-14 14:54 - 2016-08-16 13:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-10-14 14:54 - 2016-08-16 13:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-10-14 14:54 - 2016-08-16 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-10-14 14:54 - 2016-08-16 13:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-10-14 14:54 - 2016-08-16 13:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-10-14 14:54 - 2016-08-16 13:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-10-14 14:54 - 2016-08-06 08:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-14 14:54 - 2016-08-06 08:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-14 14:54 - 2016-08-06 08:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-14 14:54 - 2016-08-06 08:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-14 14:54 - 2016-08-06 08:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-14 14:54 - 2016-08-06 08:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-14 14:54 - 2016-08-06 07:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-14 14:54 - 2016-08-06 07:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-14 14:54 - 2016-08-06 07:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-14 14:54 - 2016-08-05 08:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-10-14 14:54 - 2016-08-05 08:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-10-14 14:54 - 2016-06-14 10:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-14 14:54 - 2016-06-14 10:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-14 14:54 - 2016-06-14 10:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-14 14:54 - 2016-06-14 10:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-14 14:54 - 2016-06-14 10:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-14 14:54 - 2016-06-14 10:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-14 14:54 - 2016-06-14 10:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-14 14:54 - 2016-06-14 10:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-14 14:54 - 2016-06-14 10:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-14 14:54 - 2016-06-14 10:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-14 14:54 - 2016-06-14 10:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-14 14:54 - 2016-06-14 10:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-14 14:54 - 2016-06-14 10:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-14 14:54 - 2016-06-14 10:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-14 14:54 - 2016-06-14 10:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-14 14:54 - 2016-06-14 10:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-14 14:54 - 2016-06-14 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-14 14:54 - 2016-06-14 08:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-14 14:54 - 2016-06-14 08:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-14 14:54 - 2016-06-14 08:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-14 14:54 - 2016-06-14 08:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-14 14:54 - 2016-06-14 08:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-14 14:54 - 2016-06-14 08:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-14 14:54 - 2016-06-14 08:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-14 14:54 - 2016-06-14 08:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-14 14:54 - 2016-06-14 08:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-14 14:54 - 2016-06-14 08:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-14 14:54 - 2016-06-14 08:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-14 14:54 - 2016-06-14 08:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-14 14:54 - 2016-06-14 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-14 14:54 - 2016-06-14 08:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-14 14:54 - 2016-06-14 08:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-14 14:54 - 2016-06-14 08:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-14 14:54 - 2016-06-14 08:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-14 14:54 - 2016-06-14 08:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-14 14:54 - 2016-06-14 08:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-14 14:54 - 2016-06-14 08:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-14 14:50 - 2016-08-29 08:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-14 14:50 - 2016-08-29 08:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-14 14:50 - 2016-08-29 08:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-10-14 14:50 - 2016-08-29 08:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-14 14:50 - 2016-08-29 08:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-14 14:50 - 2016-08-29 08:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-10-14 14:50 - 2016-08-29 08:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-14 14:50 - 2016-08-29 07:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-10-14 09:15 - 2016-10-14 15:04 - 00015536 _____ C:\Users\jefft\Downloads\CDR_message_5308451869.csv
2016-10-13 14:45 - 2016-10-13 14:51 - 00164425 _____ C:\Users\jefft\Downloads\kpit_crah_wireless_rack_sensors.equipment
2016-10-13 12:43 - 2016-10-13 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-11 08:58 - 2016-10-11 08:58 - 00000000 ____D C:\Users\jefft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\proXPN
2016-10-10 11:30 - 2016-10-10 11:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-10-10 11:30 - 2016-10-10 11:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-10-10 11:30 - 2016-10-10 11:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-10-10 11:30 - 2016-10-10 11:30 - 00038000 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-10-10 08:15 - 2016-10-25 14:50 - 00000000 ____D C:\Users\jefft\AppData\Roaming\neubot
2016-10-10 08:15 - 2016-10-10 08:15 - 00001171 _____ C:\Users\jefft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Neubot.lnk
2016-10-10 08:15 - 2016-10-10 08:15 - 00000000 ____D C:\Users\jefft\AppData\Local\Neubot
2016-10-07 14:01 - 2016-10-07 14:01 - 00012174 __RSH C:\ProgramData\ntuser.pol
2016-10-07 08:46 - 2016-10-07 08:46 - 00001788 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-10-07 08:46 - 2016-10-07 08:46 - 00001597 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-10-06 10:15 - 2016-10-07 07:14 - 00000000 ____D C:\Users\jefft\AppData\Roaming\SoftPerfect Network Scanner
2016-10-06 10:15 - 2016-10-06 10:15 - 00000940 _____ C:\Users\Public\Desktop\Network Scanner.lnk
2016-10-06 10:15 - 2016-10-06 10:15 - 00000940 _____ C:\ProgramData\Desktop\Network Scanner.lnk
2016-10-06 10:15 - 2016-10-06 10:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftPerfect Network Scanner
2016-10-06 10:15 - 2016-10-06 10:15 - 00000000 ____D C:\Program Files\SoftPerfect Network Scanner
2016-10-06 10:13 - 2016-10-06 10:13 - 03634096 _____ (SoftPerfect ) C:\Users\jefft\Downloads\netscan_setup.exe
2016-10-05 13:12 - 2016-10-05 13:12 - 00000000 ____D C:\Users\jefft\Desktop\Faith No More
2016-10-05 07:49 - 2016-10-25 09:13 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-10-05 07:49 - 2016-10-25 09:13 - 00000000 ____D C:\ProgramData\Documents\AdobeGC
2016-10-04 16:33 - 2016-10-25 13:39 - 00000000 ____D C:\Users\jefft\Desktop\4450 Rosewood
2016-10-04 15:50 - 2016-10-04 15:50 - 00000000 ____D C:\Users\jefft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-10-04 15:50 - 2016-10-04 15:50 - 00000000 ____D C:\Users\jefft\AppData\Local\Deployment
2016-10-03 14:00 - 2016-10-10 14:35 - 00000000 ____D C:\Users\jefft\Desktop\Sonoma County
2016-09-29 09:43 - 2016-09-29 09:43 - 00000000 ____D C:\Users\jefft\AppData\Local\LogMeIn Rescue
2016-09-29 09:42 - 2016-09-29 09:42 - 00002224 _____ C:\Users\Public\Desktop\LogMeIn Rescue.lnk
2016-09-29 09:42 - 2016-09-29 09:42 - 00002224 _____ C:\ProgramData\Desktop\LogMeIn Rescue.lnk
2016-09-29 09:42 - 2016-09-29 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Rescue
2016-09-29 09:42 - 2016-09-29 09:42 - 00000000 ____D C:\Program Files (x86)\LogMeIn Rescue Technician Console
2016-09-26 12:18 - 2016-09-26 12:18 - 00001075 _____ C:\Users\jefft\Desktop\Smartwizard Discovery.lnk
2016-09-26 12:18 - 2016-09-26 12:18 - 00001075 _____ C:\Users\Administrator\Desktop\Smartwizard Discovery.lnk
2016-09-26 12:18 - 2016-09-26 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smartwizard Discovery
2016-09-26 12:18 - 2016-09-26 12:18 - 00000000 ____D C:\Program Files (x86)\Smartwizard Discovery

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-25 14:52 - 2016-03-03 11:47 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-10-25 14:49 - 2016-02-18 12:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-25 14:42 - 2016-03-21 07:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-25 14:17 - 2016-09-13 10:10 - 00000562 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1968492731-363172122-855795525-47339.job
2016-10-25 14:00 - 2016-04-05 09:33 - 00000000 ____D C:\Users\jefft\Documents\Outlook Files
2016-10-25 13:40 - 2016-03-03 08:41 - 00000000 ____D C:\Users\jefft\AppData\LocalLow\LastPass
2016-10-25 13:24 - 2016-09-13 10:10 - 00000658 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1968492731-363172122-855795525-47339.job
2016-10-25 12:49 - 2016-02-18 12:28 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-25 10:52 - 2016-03-03 11:47 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-10-25 08:38 - 2016-02-18 15:08 - 00000000 ____D C:\WebCTRL4.1SP1
2016-10-25 07:31 - 2009-07-13 21:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-25 07:31 - 2009-07-13 21:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-25 07:29 - 2016-02-28 17:50 - 00000000 ____D C:\Users\jefft\AppData\Local\Adobe
2016-10-25 07:25 - 2009-07-13 22:13 - 00823010 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-25 07:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-10-25 07:22 - 2016-04-12 13:49 - 00000000 ____D C:\LNMAPI
2016-10-25 07:21 - 2016-03-03 11:49 - 00000000 ___RD C:\Users\jefft\Dropbox
2016-10-25 07:20 - 2016-08-09 12:10 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-10-25 07:20 - 2016-02-28 17:49 - 00000000 __SHD C:\Users\jefft\IntelGraphicsProfiles
2016-10-25 07:19 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-25 07:18 - 2016-03-03 08:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-21 16:06 - 2016-02-28 17:49 - 00000000 ____D C:\Users\jefft\AppData\Local\Google
2016-10-21 16:00 - 2016-02-19 14:57 - 00698368 _____ (Trend Micro Inc.) C:\Windows\TSCCensus64.exe
2016-10-21 13:51 - 2016-02-18 12:28 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-21 12:47 - 2016-07-27 10:54 - 00000000 ____D C:\Users\jefft\AppData\LocalLow\LogMeIn Rescue
2016-10-21 07:57 - 2016-03-07 11:19 - 00002314 ____H C:\Users\jefft\Documents\Default.rdp
2016-10-19 21:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-10-19 14:27 - 2016-08-05 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-19 14:27 - 2016-08-05 08:21 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-19 14:26 - 2016-08-05 08:22 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-10-19 13:31 - 2016-02-13 14:05 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-10-19 13:30 - 2016-05-20 07:22 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-19 09:08 - 2016-03-04 07:42 - 00000000 ____D C:\Windows\System32\Tasks\Dell
2016-10-19 07:59 - 2016-03-03 16:08 - 00000000 ____D C:\Users\jefft\AppData\Local\CrashDumps
2016-10-19 06:57 - 2016-04-07 09:44 - 00001207 _____ C:\Users\jefft\sip-communicator.properties
2016-10-19 06:57 - 2016-02-28 17:49 - 00000000 ____D C:\Users\jefft
2016-10-18 13:50 - 2016-03-03 14:46 - 00009915 _____ C:\Users\jefft\proXPN.ovpn
2016-10-18 08:08 - 2016-03-08 12:22 - 00000049 _____ C:\Users\jefft\deletedRoute.txt
2016-10-17 09:16 - 2009-07-13 21:45 - 05100608 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-17 09:15 - 2016-02-22 13:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-17 09:15 - 2016-02-22 13:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-14 15:14 - 2016-02-21 15:16 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-14 15:14 - 2016-02-21 15:16 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-14 15:14 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-14 15:14 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-14 15:11 - 2011-02-10 07:33 - 00817624 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-10-14 15:08 - 2016-02-18 13:34 - 00000000 ____D C:\Windows\system32\MRT
2016-10-14 14:59 - 2016-02-18 13:34 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-14 14:58 - 2016-02-22 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-13 12:44 - 2016-03-03 11:47 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-10-13 08:58 - 2016-02-13 13:57 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2016-10-11 09:42 - 2015-03-29 11:41 - 00000000 ____D C:\VM Shared
2016-10-11 09:41 - 2016-02-28 18:33 - 00000000 ____D C:\Users\jefft\AppData\Roaming\VMware
2016-10-11 09:41 - 2016-02-28 18:33 - 00000000 ____D C:\Users\jefft\AppData\Local\VMware
2016-10-11 08:58 - 2016-03-03 14:46 - 00001063 _____ C:\Users\jefft\Desktop\proXPN.lnk
2016-10-11 08:58 - 2016-03-03 14:46 - 00000000 ____D C:\Program Files (x86)\proXPN
2016-10-11 08:42 - 2016-03-21 07:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-11 08:42 - 2016-03-08 08:29 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-11 08:42 - 2016-03-08 08:29 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-11 08:42 - 2016-02-13 13:32 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-11 08:42 - 2016-02-13 13:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-11 08:25 - 2016-05-10 13:39 - 00000000 ____D C:\WebCTRL6.5
2016-10-10 14:33 - 2016-06-13 08:24 - 00001100 _____ C:\Users\jefft\Desktop\Sac Team.lnk
2016-10-07 14:07 - 2016-02-18 13:23 - 00015924 _____ C:\Windows\cfgall.ini
2016-10-07 14:00 - 2016-02-28 19:21 - 00001120 _____ C:\Windows\system32\config\netlogon.ftl
2016-10-07 08:46 - 2016-03-03 12:52 - 00000000 ____D C:\Program Files\Wireshark
2016-10-05 14:57 - 2016-09-21 08:22 - 00000917 _____ C:\Users\jefft\Desktop\Work.lnk
2016-10-05 09:12 - 2016-09-13 10:10 - 00003674 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1968492731-363172122-855795525-47339
2016-10-05 09:12 - 2016-09-13 10:10 - 00003578 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1968492731-363172122-855795525-47339
2016-10-04 16:42 - 2016-03-03 14:52 - 00000000 ____D C:\Users\jefft\AppData\Local\Stardock
2016-10-04 16:42 - 2016-03-03 14:52 - 00000000 ____D C:\ProgramData\Stardock
2016-10-04 16:42 - 2016-03-03 14:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2016-10-04 16:42 - 2016-02-13 14:06 - 00000000 ____D C:\Temp
2016-10-04 15:50 - 2016-03-14 09:56 - 00000000 ____D C:\Users\jefft\AppData\Local\Apps\2.0
2016-10-04 13:41 - 2016-03-03 14:32 - 00000000 ____D C:\Program Files (x86)\Spark
2016-10-04 13:40 - 2016-03-03 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spark
2016-09-30 14:32 - 2016-03-04 14:41 - 00000000 ____D C:\WebCTRL6.1
2016-09-30 12:30 - 2016-03-03 11:47 - 00000000 ____D C:\Users\jefft\AppData\Local\Dropbox
2016-09-27 08:42 - 2016-03-03 13:39 - 00000000 ____D C:\Program Files\NetWorx
2016-09-26 12:55 - 2016-03-03 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx

==================== Files in the root of some directories =======

2016-03-03 08:42 - 2016-03-03 08:42 - 21405208 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-03-03 11:35 - 2016-08-04 10:30 - 0000288 _____ () C:\Users\jefft\AppData\Local\DCB-4DAN-VETT-05356F67CD.dat
2016-04-11 16:48 - 2016-04-11 16:48 - 0007629 _____ () C:\Users\jefft\AppData\Local\Resmon.ResmonCfg
2016-08-03 12:32 - 2016-08-03 12:32 - 0000090 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
C:\Users\jefft\AppData\Local\temp\AcronisProductUpdateUtility.exe
C:\Users\jefft\AppData\Local\temp\jre-8u111-windows-au.exe
C:\Users\jefft\AppData\Local\temp\proXPN-4.3.6.5-install.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-19 21:18

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:58 AM

Posted 29 October 2016 - 09:08 AM

hi,

 

Dont see anything in the logs that looks out of place.

Usually only here once or twice per day so you may not get a reply back from me until the following day.


How Can I Reduce My Risk to Malware?


#3 Lerxst23

Lerxst23
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:02:58 AM

Posted 30 October 2016 - 12:46 PM

Shelf Life--

 

I completely understand and realize this will take time. Thank you for taking the time to look over my logs. I've scanned my computer with rootkit scanners, MalwareBytes, etc., and they all come up empty--but I can assure you something is not right. For now, I seem to be able to keep it at bay with firewall rules and I use OpenDNS as my primary/alternate DNS.



#4 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:58 AM

Posted 30 October 2016 - 03:27 PM

Are you suggesting your machine is part of a botnet? For this to be true you would have malware present on your machine right now. Everything you ran is clean.


How Can I Reduce My Risk to Malware?


#5 Lerxst23

Lerxst23
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:02:58 AM

Posted 30 October 2016 - 04:29 PM

I'm not suggesting anything other than what I know to be true at this point: something on my machine is sending and receiving traffic to the address space I mentioned. It most certainly is affecting Outlook's ability to sync.



#6 Lerxst23

Lerxst23
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:02:58 AM

Posted 28 November 2016 - 04:53 PM

I think I have finally uncovered how traffic from 195.22.28.210 is being generated. My machine is setup to append DNS suffixes to queries and the very first suffix resolves to 195.22.28.210 (host file was modified as well) . Once I cleared the suffix list and set the host file back to default, I have not seen any more traffic from the 195.22.25.128 - 195.22.31.255 range. Please close this topic and thank you for the assistance!



#7 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:58 AM

Posted 28 November 2016 - 07:07 PM

Ok good. Glad you got it straightened out.


How Can I Reduce My Risk to Malware?





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users