Jump to content

Infected with Win32.Virus.Lamer.g and Trojan.Shelma.aca


Recommended Posts

Hello,

Ive been viewing Microsoft Process Explorer for a couple weeks now on a daily basis, 2 days ago Ive noticed some detections from Virustotal on Process explorer that have been flagged. i don't seem to worry about these since they would be a false positive and only no more than one detection for each Antivirus. until days later more system files started to appear to be flagged with the same virus (Win32.Virus.Lamer.g) and (HEUR.Win32.Virus.Lamer.g)

The following processes that infected are:
* Mbae.exe Malwarebytes Antiexploit, 
* procexp.exe Process Explorer, 
* nsbu.exe Norton Av, 
* mbamservice.exe, 
* dnsapi.dll, 
* Kernel32.dll, 
* Msvcrt.exe
* and about 30 of Symantec Norton files are infected

They all have the same detected threat (Win32.Virus.Lamer.g) from the same company called Baidu. 

I checked my other Laptop in the house and realised this might be an over the network infection, its has the same detected files as infected.

Should i be worried about these virustotal results?

used Malwarebytes to scan my Surface Pro and Nothing was detected. 
I used Norton with Fullscan: Nothing was Detected
I used Microsoft Safety Scanner: No malware detected


Before we begin i want to ask questions:

* Should i backup my Work before we begin or is it too risky to insert usb drives at this point.
* Should i use Safemode with no internet to scan with your suggested tools? My Surface Pro seems to be missing a network driver to connect wirelessly in SafeMode.
* Should i continue with my assignments with the required programs i need to use while this is in progress, depending on how long i can get this malware cleaned and removed.
* Im using the Forums on my phone right now, i will as well login to my surface to attach the logs

Thanks

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

QUOTE
If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Boot your sick PC to normal mode with an internet connection and run the following:

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.
 
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.


Let me see those logs in your next reply...

Thank you,

Kevin..
Link to post
Share on other sites

Here are the txt files :)
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/04/2016
Scan Time: 12:19 PM ★
Logfile:
Administrator: No
 
Version: 2.2.1.1043
Malware Database: v2016.04.05.01
Rootkit Database: v2016.04.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: lucas
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 244663
Time Elapsed: 2 min, 5 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 

(end)
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by lucas (2016-04-05 12:27:23)
Running from C:\Users\lucas\Downloads
Windows 10 Pro Version 1511 (X64) (2016-01-04 13:38:56)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Administrator (S-1-5-21-3501963414-2174363898-4230124818-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3501963414-2174363898-4230124818-503 - Limited - Disabled)
Guest (S-1-5-21-3501963414-2174363898-4230124818-501 - Limited - Disabled)
lucas (S-1-5-21-3501963414-2174363898-4230124818-1001 - Limited - Enabled) => C:\Users\lucas
Lucas Standard (S-1-5-21-3501963414-2174363898-4230124818-1002 - Administrator - Enabled) => C:\Users\Lucas Standard
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security with Backup (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security with Backup (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security with Backup (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Autodesk SketchBook (HKLM\...\{B50180B6-7676-4A54-9527-9C4FE2E5011A}) (Version: 8.00.0000 - Autodesk)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4364 - Intel Corporation)
Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6001.1068 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.6001.1068 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Norton Security with Backup (HKLM-x32\...\NSBU) (Version: 22.6.0.142 - Symantec Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7424 - Realtek Semiconductor Corp.)
VMware Workstation (HKLM\...\{0AD91785-F9BD-47FD-84F7-9E27B5A1853D}) (Version: 12.1.0 - VMware, Inc.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job =>
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-02 20:35 - 2016-02-23 21:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-03-02 20:35 - 2016-02-23 21:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-05 13:13 - 2015-12-07 14:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 20:35 - 2016-02-23 18:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-13 09:56 - 2016-01-05 11:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 09:56 - 2016-01-05 11:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-29 18:58 - 2016-01-16 15:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-29 18:58 - 2016-01-16 15:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 

==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 

==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 21:04 - 2015-07-10 21:02 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 

==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3501963414-2174363898-4230124818-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lucas\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{3cef7c7b-c5a1-4eef-a16d-32481575faf8}.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKU\S-1-5-21-3501963414-2174363898-4230124818-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3501963414-2174363898-4230124818-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{BE651E8D-AAF0-4796-9410-449D68C043C0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B4DDD485-949F-436B-B02A-650A738C47D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4934ED36-6598-4680-8B2B-E988B980DC6B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B8C1C8EA-9B45-44D5-9438-0E006D6D73CF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{772C918A-FF10-4DB6-A0A6-293F5FC60373}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{A54CCF97-CEB2-4003-A0FC-35F11E2B99ED}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{AEAAA947-B2C8-4A95-A279-842F1038B215}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{52E43FC6-1604-4B87-8F83-8291E69675B6}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{AEE2B46C-BE91-4E7F-9E12-FA1271A130B4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
 

==================== Faulty Device Manager Devices =============
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/04/2016 06:34:14 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (04/04/2016 12:46:47 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8
 
Error: (04/04/2016 12:44:09 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (04/04/2016 10:25:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: combase.dll, version: 10.0.10586.103, time stamp: 0x56a849ab
Exception code: 0xc0000602
Fault offset: 0x000000000018d8cb
Faulting process id: 0x12cc
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
 
Error: (04/03/2016 06:34:14 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (04/03/2016 04:34:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NSBU.exe, version: 13.1.0.74, time stamp: 0x56ba9bae
Faulting module name: SYMHTML.DLL, version: 10.1.0.91, time stamp: 0x56ce7f77
Exception code: 0xc000041d
Fault offset: 0x000ba323
Faulting process id: 0x1600
Faulting application start time: 0xNSBU.exe0
Faulting application path: NSBU.exe1
Faulting module path: NSBU.exe2
Report Id: NSBU.exe3
Faulting package full name: NSBU.exe4
Faulting package-relative application ID: NSBU.exe5
 
Error: (04/03/2016 04:34:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NSBU.exe, version: 13.1.0.74, time stamp: 0x56ba9bae
Faulting module name: SYMHTML.DLL, version: 10.1.0.91, time stamp: 0x56ce7f77
Exception code: 0xc0000005
Fault offset: 0x000ba323
Faulting process id: 0x1600
Faulting application start time: 0xNSBU.exe0
Faulting application path: NSBU.exe1
Faulting module path: NSBU.exe2
Report Id: NSBU.exe3
Faulting package full name: NSBU.exe4
Faulting package-relative application ID: NSBU.exe5
 
Error: (04/03/2016 04:33:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NSBU.exe, version: 13.1.0.74, time stamp: 0x56ba9bae
Faulting module name: SYMHTML.DLL, version: 10.1.0.91, time stamp: 0x56ce7f77
Exception code: 0xc0000005
Fault offset: 0x000ba323
Faulting process id: 0xde0
Faulting application start time: 0xNSBU.exe0
Faulting application path: NSBU.exe1
Faulting module path: NSBU.exe2
Report Id: NSBU.exe3
Faulting package full name: NSBU.exe4
Faulting package-relative application ID: NSBU.exe5
 
Error: (04/03/2016 11:58:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.10586.11, time stamp: 0x56457cb1
Faulting module name: DataSenseHandlers.dll, version: 10.0.10586.0, time stamp: 0x5632d62f
Exception code: 0xc0000005
Fault offset: 0x00000000000199c6
Faulting process id: 0x878
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5
 
Error: (04/02/2016 09:19:19 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 

System errors:
=============
Error: (04/04/2016 08:30:06 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (04/04/2016 08:30:06 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (04/04/2016 08:30:05 PM) (Source: DCOM) (EventID: 10010) (User: LUCAS-SURFACE)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (04/04/2016 08:30:05 PM) (Source: DCOM) (EventID: 10010) (User: LUCAS-SURFACE)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (04/04/2016 08:30:05 PM) (Source: DCOM) (EventID: 10010) (User: LUCAS-SURFACE)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (04/04/2016 08:30:05 PM) (Source: DCOM) (EventID: 10010) (User: LUCAS-SURFACE)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (04/04/2016 08:30:05 PM) (Source: DCOM) (EventID: 10010) (User: LUCAS-SURFACE)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (04/04/2016 08:30:05 PM) (Source: DCOM) (EventID: 10010) (User: LUCAS-SURFACE)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (04/04/2016 08:30:05 PM) (Source: DCOM) (EventID: 10010) (User: LUCAS-SURFACE)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (04/04/2016 08:30:05 PM) (Source: DCOM) (EventID: 10010) (User: LUCAS-SURFACE)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 

CodeIntegrity:
===================================
  Date: 2016-03-30 16:35:01.226
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-23 22:45:25.025
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-17 14:43:10.935
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-16 18:34:16.419
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-16 18:09:07.660
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-12 15:26:32.502
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-12 09:59:43.363
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-11 21:06:50.481
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-10 21:50:52.671
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-02 20:41:02.385
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 

==================== Memory info ===========================
 
Processor: Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz
Percentage of memory in use: 30%
Total physical RAM: 8115.96 MB
Available physical RAM: 5658.53 MB
Total Virtual: 9395.96 MB
Available Virtual: 7149.47 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:165.57 GB) (Free:122.6 GB) NTFS
Drive d: (My Files) (Fixed) (Total:30 GB) (Free:28.86 GB) NTFS
Drive v: (VM) (Fixed) (Total:40 GB) (Free:19.1 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by lucas (ATTENTION: The user is not administrator) on LUCAS-SURFACE (05-04-2016 12:27:03)
Running from C:\Users\lucas\Downloads
Loaded Profiles: lucas & Lucas Standard (Available Profiles: lucas & Lucas Standard)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> winlogon.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> IntelCpHeciSvc.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> OfficeClickToRun.exe
Failed to access process -> mbamscheduler.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> nsbu.exe
Failed to access process -> mbae-svc.exe
Failed to access process -> mbamservice.exe
Failed to access process -> dasHost.exe
Failed to access process -> mbae64.exe
Failed to access process -> conhost.exe
Failed to access process -> WmiPrvSE.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Failed to access process -> SearchIndexer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\nsbu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> taskeng.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-11-25] (VMware, Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2622432 2016-01-29] (Malwarebytes Corporation)
HKU\S-1-5-21-3501963414-2174363898-4230124818-1001\...\RunOnce: [Uninstall C:\Users\lucas\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\lucas\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64"
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-19] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-19] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-19] (Symantec Corporation)
Startup: C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-02-16]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{b9a7f973-c8d5-4975-a9dc-fa6a06e74918}: [DhcpNameServer] 10.0.0.138
 
Internet Explorer:
==================
HKU\S-1-5-21-3501963414-2174363898-4230124818-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com.au/
URLSearchHook: [S-1-5-21-3501963414-2174363898-4230124818-1002] ATTENTION => Default URLSearchHook is missing
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)
 
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3501963414-2174363898-4230124818-1001 -> hxxps://google.com.au/
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-02-28] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon [2016-03-16]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon
 
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.com.au/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll => No File
CHR Profile: C:\Users\lucas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-28]
CHR Extension: (Google Docs) - C:\Users\lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-28]
CHR Extension: (Google Drive) - C:\Users\lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-28]
CHR Extension: (YouTube) - C:\Users\lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-28]
CHR Extension: (Google Search) - C:\Users\lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-28]
CHR Extension: (Google Sheets) - C:\Users\lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-28]
CHR Extension: (Google Docs Offline) - C:\Users\lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-28]
CHR Extension: (Gmail) - C:\Users\lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-28]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-16]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-16]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2804976 2016-02-04] (Microsoft Corporation)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [614376 2016-02-04] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [365032 2016-02-04] (Intel Corporation)
R3 lmhosts; C:\Windows\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [740832 2016-01-29] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NlaSvc; C:\Windows\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R2 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 NSBU; C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\NSBU.exe [289080 2016-02-26] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\BASHDefs\20160401.001\BHDrvx64.sys [1766640 2016-03-10] (Symantec Corporation)
R1 ccSet_NSBU; C:\Windows\system32\drivers\NSBUx64\1606000.08E\ccSetx64.sys [173808 2015-09-24] (Symantec Corporation)
S3 CSI2HostControllerDriver; C:\Windows\System32\drivers\CSI2HostControllerDriver.sys [106792 2015-09-25] (Intel(R) Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-12] (Symantec Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-01-29] ()
S3 iacamera64; C:\Windows\system32\DRIVERS\iacamera64.sys [2055160 2015-09-25] (Intel(R) Corporation)
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [83768 2016-01-23] (Windows (R) Win 7 DDK provider)
R3 iaLPSS2_I2C; C:\Windows\System32\drivers\iaLPSS2_I2C.sys [185144 2016-01-23] (Intel Corporation)
S3 iaLPSS2_SPI; C:\Windows\System32\drivers\iaLPSS2_SPI.sys [152360 2015-09-25] (Intel Corporation)
S3 iaLPSS2_UART2; C:\Windows\System32\drivers\iaLPSS2_UART2.sys [281896 2015-09-25] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\IPSDefs\20160401.001\IDSvia64.sys [767224 2016-02-15] (Symantec Corporation)
R3 IntcAudioBus; C:\Windows\System32\drivers\IntcAudioBus.sys [201808 2016-02-11] (Intel(R) Corporation)
R3 IntcOED; C:\Windows\System32\drivers\IntcOED.sys [623184 2016-02-11] (Intel(R) Corporation)
R3 IntTouch; C:\Windows\System32\drivers\iaPreciseTouch.sys [260624 2015-11-24] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-04] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [194104 2015-12-30] (Intel Corporation)
R3 mrvlpcie8897; C:\Windows\System32\drivers\mrvlpcie8897.sys [1050120 2015-12-07] (Marvell Semiconductors Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\VirusDefs\20160403.008\ENG64.SYS [138488 2015-10-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\VirusDefs\20160403.008\EX64.SYS [2148080 2015-10-16] (Symantec Corporation)
S3 ov5693; C:\Windows\System32\drivers\ov5693.sys [135984 2015-09-25] (Intel(R) Corporation)
S3 ov7251; C:\Windows\System32\drivers\ov7251.sys [127224 2015-09-25] (Intel Corporation)
S3 ov8865; C:\Windows\System32\drivers\ov8865.sys [132912 2015-09-25] (Intel Corporation)
S3 SkcController; C:\Windows\System32\drivers\SkcController.sys [121064 2015-09-25] (Intel(R) Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NSBUx64\1606000.08E\SRTSP64.SYS [928504 2016-02-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSBUx64\1606000.08E\SRTSPX64.SYS [50936 2015-09-24] (Symantec Corporation)
S3 supportdriver; C:\Windows\System32\drivers\iaisp64.sys [24056 2015-09-25] (Intel(R) Corporation)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [70264 2015-09-25] (Microsoft Corporation)
R3 SurfaceButton; C:\Windows\System32\drivers\SurfaceButton.sys [85272 2015-09-25] (Microsoft Corporation)
R3 SurfaceCoSAR; C:\Windows\System32\drivers\SurfaceCoSAR.sys [52888 2015-09-25] (Microsoft Corporation)
R3 SurfaceDigitizerIntegration; C:\Windows\System32\drivers\SurfaceDigitizerIntegration.sys [58504 2015-09-25] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [51344 2015-11-20] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [73872 2015-10-27] (Microsoft Corporation)
S3 SurfacePenClickFilter; C:\Windows\System32\drivers\SurfacePenClickFilter.sys [56984 2015-09-25] (Microsoft Corporation)
R3 SurfacePenDriver; C:\Windows\System32\drivers\SurfacePenDriver.sys [104600 2015-10-30] (Microsoft Corporation)
S3 SurfacePenIntegration; C:\Windows\System32\drivers\SurfacePenIntegration.sys [61464 2015-09-25] (Microsoft Corporation)
R3 SurfacePro4TypeCoverIntegration; C:\Windows\System32\drivers\SurfacePro4TypeCoverIntegration.sys [59448 2015-09-25] (Microsoft Corporation)
R3 SurfaceStorageFwUpdate; C:\Windows\System32\drivers\SurfaceStorageFwUpdate.sys [2813592 2015-10-27] (Microsoft Corporation)
R3 SurfaceSystemTelemetryDriver; C:\Windows\System32\drivers\SurfaceSystemTelemetryDriver.sys [64000 2015-09-25] (Microsoft Corporation)
R3 SurfaceTouchServicingML; C:\Windows\System32\drivers\SurfaceTouchServicingML.sys [67744 2015-10-23] (Microsoft Corporation)
S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [58896 2015-09-25] (Microsoft Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSBUx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-24] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSBUx64\1606000.08E\SymELAM.sys [24192 2015-09-24] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-01-06] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSBUx64\1606000.08E\Ironx64.SYS [295664 2016-02-24] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSBUx64\1606000.08E\SYMNETS.SYS [577768 2016-02-24] (Symantec Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-05 12:27 - 2016-04-05 12:27 - 00018839 _____ C:\Users\lucas\Downloads\FRST.txt
2016-04-05 12:26 - 2016-04-05 12:27 - 00000000 ____D C:\FRST
2016-04-05 12:24 - 2016-04-05 12:26 - 02374144 _____ (Farbar) C:\Users\lucas\Downloads\FRST64.exe
2016-04-05 12:15 - 2016-04-05 12:16 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\lucas\Downloads\rkill.exe
2016-04-04 10:18 - 2016-04-04 10:18 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\lucas\Desktop\procexp.exe
2016-04-04 09:47 - 2016-04-04 09:47 - 01270466 _____ C:\Users\lucas\Downloads\ProcessExplorer.zip
2016-04-03 16:21 - 2016-04-04 20:09 - 00972028 _____ C:\WINDOWS\ntbtlog.txt
2016-04-03 12:20 - 2016-04-03 12:24 - 123614992 _____ (Microsoft Corporation) C:\Users\lucas\Downloads\msert.exe
2016-04-02 16:08 - 2016-04-03 17:16 - 00000000 ____D C:\Users\lucas\Desktop\Finished and Savedto USB
2016-04-02 13:18 - 2016-04-02 13:18 - 00000000 ____D C:\Users\lucas\.oracle_jre_usage
2016-04-01 13:45 - 2016-04-01 13:45 - 00477215 _____ C:\Users\lucas\Desktop\Diploma Team Case Study Template - Copy1.pdf
2016-03-31 12:13 - 2016-03-31 12:13 - 00000000 ____D C:\Users\lucas\Downloads\575 Wallpapers
2016-03-30 13:23 - 2016-03-30 13:23 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-03-29 12:20 - 2016-03-17 18:20 - 01059157 _____ C:\Users\lucas\Desktop\******** (Old Version).vsdx
2016-03-27 18:04 - 2016-03-27 20:49 - 119148544 _____ C:\Users\lucas\Downloads\Win10_1511_1_English_x64 (1).iso
2016-03-26 18:44 - 2016-03-26 18:44 - 00307200 _____ (Secure By Design Inc.) C:\Users\lucas\Downloads\Ninite Malwarebytes WinRAR Installer.exe
2016-03-22 21:51 - 2016-03-22 21:51 - 00000106 _____ C:\Users\lucas\Desktop\StartVMwareServices.bat
2016-03-20 13:49 - 2016-02-18 20:52 - 02529671 ____X C:\Users\lucas\Desktop\01-Intro2IOS.pptx
2016-03-19 13:08 - 2016-04-04 13:17 - 01051531 _____ C:\Users\lucas\Desktop\********.vsdx
2016-03-19 12:57 - 2016-03-19 13:01 - 00147197 _____ C:\WINDOWS\system32\sleepstudy-report.html
2016-03-19 12:55 - 2016-03-19 12:55 - 00062480 _____ C:\WINDOWS\system32\battery-report.html
2016-03-19 12:29 - 2016-04-01 14:48 - 00930449 _____ C:\Users\lucas\Desktop\FP Template.vsdx
2016-03-17 20:45 - 2016-03-17 20:45 - 00103815 _____ C:\Users\lucas\Desktop\Server Rack Diagram.vsdx
2016-03-17 17:57 - 2016-03-17 18:03 - 01014457 _____ C:\Users\lucas\Desktop\************ (old Version).vsdx
2016-03-17 17:53 - 2016-03-17 17:52 - 01026538 _____ C:\Users\lucas\Desktop\**************(Old Version).vsdx
2016-03-16 20:30 - 2016-03-17 18:14 - 00375953 _____ C:\Users\lucas\Desktop\Network Device Layout.vsdx
2016-03-16 20:30 - 2016-03-16 12:31 - 00164902 _____ C:\Users\lucas\Desktop\************.vsdx
2016-03-16 17:08 - 2016-03-16 17:08 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-12 10:00 - 2016-03-12 10:00 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-03-10 11:47 - 2016-03-01 15:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-10 11:47 - 2016-03-01 15:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-10 11:47 - 2016-02-24 19:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-10 11:47 - 2016-02-24 19:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-10 11:47 - 2016-02-24 19:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-10 11:47 - 2016-02-24 19:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-10 11:47 - 2016-02-24 19:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-10 11:47 - 2016-02-24 19:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-10 11:47 - 2016-02-24 19:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-10 11:47 - 2016-02-24 19:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-10 11:47 - 2016-02-24 18:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-10 11:47 - 2016-02-24 18:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-10 11:47 - 2016-02-24 18:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-10 11:47 - 2016-02-24 18:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-10 11:47 - 2016-02-24 18:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-10 11:47 - 2016-02-24 18:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-10 11:47 - 2016-02-24 18:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-10 11:47 - 2016-02-24 18:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-10 11:47 - 2016-02-24 18:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-10 11:47 - 2016-02-24 18:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-10 11:47 - 2016-02-24 18:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-10 11:47 - 2016-02-24 18:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-10 11:47 - 2016-02-24 18:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-10 11:47 - 2016-02-24 18:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-10 11:47 - 2016-02-24 18:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-10 11:47 - 2016-02-24 18:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-10 11:47 - 2016-02-24 18:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-10 11:47 - 2016-02-24 18:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-10 11:47 - 2016-02-24 18:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-10 11:47 - 2016-02-24 18:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-10 11:47 - 2016-02-24 18:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-10 11:47 - 2016-02-24 17:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-10 11:47 - 2016-02-24 17:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-10 11:47 - 2016-02-24 17:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-10 11:47 - 2016-02-24 17:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-10 11:47 - 2016-02-24 17:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-10 11:47 - 2016-02-24 17:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-10 11:47 - 2016-02-24 17:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-10 11:47 - 2016-02-24 17:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-10 11:47 - 2016-02-24 17:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-10 11:47 - 2016-02-24 17:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-10 11:47 - 2016-02-24 17:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-10 11:47 - 2016-02-24 17:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-10 11:47 - 2016-02-24 17:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-10 11:47 - 2016-02-24 17:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-10 11:47 - 2016-02-24 17:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-10 11:47 - 2016-02-24 17:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-10 11:47 - 2016-02-24 17:23 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-03-10 11:47 - 2016-02-24 17:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-10 11:47 - 2016-02-24 17:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-10 11:47 - 2016-02-24 17:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-10 11:47 - 2016-02-24 17:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-10 11:47 - 2016-02-24 17:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-10 11:47 - 2016-02-24 17:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-10 11:47 - 2016-02-24 17:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-10 11:47 - 2016-02-24 17:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-10 11:47 - 2016-02-24 17:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-10 11:47 - 2016-02-24 17:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-10 11:47 - 2016-02-24 17:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-10 11:47 - 2016-02-24 17:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-10 11:47 - 2016-02-24 17:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-10 11:47 - 2016-02-24 17:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-10 11:47 - 2016-02-24 17:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-10 11:47 - 2016-02-24 17:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-10 11:47 - 2016-02-24 17:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-10 11:47 - 2016-02-24 17:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-10 11:47 - 2016-02-24 17:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-10 11:47 - 2016-02-24 17:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-10 11:47 - 2016-02-24 17:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-10 11:47 - 2016-02-24 17:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-10 11:47 - 2016-02-24 17:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-10 11:47 - 2016-02-24 17:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-10 11:47 - 2016-02-24 16:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-10 11:47 - 2016-02-24 16:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-10 11:47 - 2016-02-24 16:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-10 11:47 - 2016-02-24 16:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-10 11:47 - 2016-02-24 16:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-10 11:47 - 2016-02-24 16:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-10 11:47 - 2016-02-24 16:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-10 11:47 - 2016-02-24 16:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-10 11:47 - 2016-02-24 16:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-10 11:47 - 2016-02-24 16:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-10 11:47 - 2016-02-24 16:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-10 11:47 - 2016-02-24 16:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-10 11:47 - 2016-02-24 16:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-10 11:47 - 2016-02-24 16:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-10 11:47 - 2016-02-24 16:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-10 11:47 - 2016-02-24 16:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-10 11:47 - 2016-02-24 16:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-10 11:47 - 2016-02-24 16:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-10 11:47 - 2016-02-24 16:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-10 11:47 - 2016-02-24 16:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-10 11:47 - 2016-02-24 16:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-10 11:47 - 2016-02-24 16:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-10 11:47 - 2016-02-24 16:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-10 11:47 - 2016-02-24 16:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-10 11:47 - 2016-02-24 16:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-10 11:47 - 2016-02-24 16:42 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-03-10 11:47 - 2016-02-24 16:42 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-03-10 11:47 - 2016-02-24 16:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-10 11:47 - 2016-02-24 16:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-10 11:47 - 2016-02-24 16:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-10 11:47 - 2016-02-24 16:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-10 11:47 - 2016-02-24 16:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-10 11:47 - 2016-02-24 16:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-10 11:47 - 2016-02-24 16:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-10 11:47 - 2016-02-24 16:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-10 11:47 - 2016-02-24 16:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-10 11:47 - 2016-02-24 16:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-10 11:47 - 2016-02-24 16:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-10 11:47 - 2016-02-24 16:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-10 11:47 - 2016-02-24 16:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-10 11:47 - 2016-02-24 16:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-10 11:47 - 2016-02-24 16:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-10 11:47 - 2016-02-24 16:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-10 11:47 - 2016-02-24 16:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-10 11:47 - 2016-02-24 16:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-10 11:47 - 2016-02-24 16:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-10 11:47 - 2016-02-24 16:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-10 11:47 - 2016-02-24 16:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-10 11:47 - 2016-02-24 16:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-10 11:47 - 2016-02-24 16:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-10 11:47 - 2016-02-24 16:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-10 11:47 - 2016-02-24 16:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-10 11:47 - 2016-02-24 16:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-10 11:47 - 2016-02-24 16:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-10 11:47 - 2016-02-24 16:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-10 11:47 - 2016-02-24 16:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-10 11:47 - 2016-02-24 16:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-10 11:47 - 2016-02-24 16:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-10 11:47 - 2016-02-24 16:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-10 11:47 - 2016-02-24 16:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-10 11:47 - 2016-02-24 16:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-10 11:47 - 2016-02-24 16:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-10 11:47 - 2016-02-24 16:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-10 11:47 - 2016-02-24 16:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-10 11:47 - 2016-02-24 16:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-10 11:47 - 2016-02-24 16:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-10 11:47 - 2016-02-24 16:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-10 11:47 - 2016-02-24 16:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-10 11:47 - 2016-02-24 16:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-10 11:47 - 2016-02-24 15:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-10 11:47 - 2016-02-24 15:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-10 11:47 - 2016-02-24 15:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-10 11:47 - 2016-02-24 15:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-10 11:47 - 2016-02-24 15:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-10 11:47 - 2016-02-24 15:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-10 11:47 - 2016-02-24 15:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-10 11:47 - 2016-02-24 15:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-10 11:47 - 2016-02-24 15:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-10 11:47 - 2016-02-24 15:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-10 11:47 - 2016-02-24 15:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-10 11:47 - 2016-02-24 15:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-10 11:47 - 2016-02-24 15:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-10 11:47 - 2016-02-24 14:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-10 11:47 - 2016-02-24 14:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-05 12:17 - 2015-10-30 17:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-05 12:17 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-05 12:13 - 2015-10-31 16:59 - 00838508 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-05 12:13 - 2015-10-30 17:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-05 12:10 - 2016-02-28 21:13 - 00042168 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2016-04-05 12:10 - 2016-01-05 17:19 - 00000000 ____D C:\Users\Lucas Standard
2016-04-05 12:09 - 2016-01-04 23:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-05 12:09 - 2016-01-04 23:31 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-04-04 20:30 - 2016-01-04 23:32 - 00000000 ____D C:\Users\lucas
2016-04-04 19:37 - 2016-01-26 10:44 - 00001136 _____ C:\Users\lucas\Desktop\nativelog.txt
2016-04-04 19:36 - 2016-01-06 19:29 - 00000000 ____D C:\Users\lucas\AppData\Roaming\.minecraft
2016-04-04 18:46 - 2016-01-04 23:29 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-04-04 12:08 - 2016-01-06 18:40 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-04-04 10:24 - 2016-02-15 17:52 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-03 16:16 - 2015-10-30 17:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-03 11:58 - 2016-01-07 14:44 - 00000000 ____D C:\Users\lucas\AppData\Local\CrashDumps
2016-04-03 11:44 - 2016-01-08 19:04 - 00000000 ____D C:\Users\lucas\AppData\Roaming\VMware
2016-04-03 11:44 - 2016-01-08 19:04 - 00000000 ____D C:\Users\lucas\AppData\Local\VMware
2016-03-29 11:40 - 2016-01-04 18:49 - 00000000 ____D C:\Users\lucas\AppData\Local\Packages
2016-03-27 20:59 - 2015-10-30 17:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-24 13:07 - 2016-01-06 18:54 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-24 13:07 - 2016-01-06 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-24 13:07 - 2016-01-06 18:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-20 16:10 - 2016-01-08 19:01 - 00000000 ____D C:\ProgramData\VMware
2016-03-20 13:46 - 2016-01-06 18:46 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-17 14:29 - 2015-10-31 17:16 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-17 14:28 - 2015-10-30 17:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-16 17:06 - 2016-01-06 19:23 - 00002555 _____ C:\Users\Public\Desktop\Norton Security with Backup.LNK
2016-03-16 17:06 - 2016-01-06 19:23 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security with Backup
2016-03-16 17:06 - 2016-01-06 19:23 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSBUx64
2016-03-12 21:43 - 2015-10-31 16:52 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-12 10:00 - 2015-10-30 17:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-12 09:59 - 2016-02-16 18:58 - 00000000 ____D C:\Program Files\Microsoft Office
2016-03-10 21:50 - 2016-01-04 23:29 - 00332240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-10 21:49 - 2015-10-30 17:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-10 21:49 - 2015-10-30 17:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-10 21:49 - 2015-10-30 17:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-10 21:49 - 2015-10-30 17:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-10 14:09 - 2016-01-06 18:54 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-10 14:08 - 2016-01-06 18:54 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-10 14:08 - 2016-01-06 18:54 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-10 11:49 - 2016-01-04 19:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-10 11:48 - 2016-01-04 19:36 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-08 17:12 - 2015-10-30 17:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 17:12 - 2015-10-30 17:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

ATTENTION: ==> Could not access BCD. The user is not administrator
 
==================== End of FRST.txt ============================
Link to post
Share on other sites

Did you run RKILL before Malwarebytes and FRST, can I see that log. FRST has been from an ordinary account, it must be run from an Account with Admin status.....

Can you start over please, boot to account with Admin status, re-run RKILL, Malwarebytes, FRST, post those logs....

Link to post
Share on other sites

Sorry about that, I forgot to attach the RKILL log here it is, scanned from my Admin account :)

 

Rkill 2.8.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/05/2016 07:01:54 PM in x64 mode.
Windows Version: Windows 10 Pro

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Browser [Missing Service]
 * fcvsc [Missing Service]
 * HdAudAddService [Missing Service]
 * HyperVideo [Missing Service]
 * mrxsmb10 [Missing Service]
 * netvsc [Missing Service]
 * srv [Missing Service]
 * wfpcapture [Missing Service]
 * workfolderssvc [Missing Service]

 * CompositeBus => \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys [Incorrect ImagePath]
 * NgcSvc => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted [Incorrect ImagePath]
 * swenum => \SystemRoot\System32\drivers\swenum.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 04/05/2016 07:01:59 PM
Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/04/2016
Scan Time: 7:06 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.05.02
Rootkit Database: v2016.04.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Lucas Standard

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 386531
Time Elapsed: 4 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Lucas Standard (administrator) on LUCAS-SURFACE (05-04-2016 19:26:09)
Running from C:\Users\lucas\Downloads
Loaded Profiles: Lucas Standard (Available Profiles: lucas & Lucas Standard)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\nsbu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\nsbu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-11-25] (VMware, Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2622432 2016-01-29] (Malwarebytes Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-19] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-19] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-19] (Symantec Corporation)
Startup: C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-02-16]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{b9a7f973-c8d5-4975-a9dc-fa6a06e74918}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-02-28] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon [2016-03-16]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-16]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-16]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2804976 2016-02-04] (Microsoft Corporation)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [614376 2016-02-04] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [365032 2016-02-04] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [740832 2016-01-29] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NSBU; C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\NSBU.exe [289080 2016-02-26] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\BASHDefs\20160401.001\BHDrvx64.sys [1766640 2016-03-10] (Symantec Corporation)
R1 ccSet_NSBU; C:\Windows\system32\drivers\NSBUx64\1606000.08E\ccSetx64.sys [173808 2015-09-24] (Symantec Corporation)
S3 CSI2HostControllerDriver; C:\Windows\System32\drivers\CSI2HostControllerDriver.sys [106792 2015-09-25] (Intel(R) Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-12] (Symantec Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-01-29] ()
S3 iacamera64; C:\Windows\system32\DRIVERS\iacamera64.sys [2055160 2015-09-25] (Intel(R) Corporation)
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [83768 2016-01-23] (Windows (R) Win 7 DDK provider)
R3 iaLPSS2_I2C; C:\Windows\System32\drivers\iaLPSS2_I2C.sys [185144 2016-01-23] (Intel Corporation)
S3 iaLPSS2_SPI; C:\Windows\System32\drivers\iaLPSS2_SPI.sys [152360 2015-09-25] (Intel Corporation)
S3 iaLPSS2_UART2; C:\Windows\System32\drivers\iaLPSS2_UART2.sys [281896 2015-09-25] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\IPSDefs\20160404.001\IDSvia64.sys [767224 2016-02-15] (Symantec Corporation)
R3 IntcAudioBus; C:\Windows\System32\drivers\IntcAudioBus.sys [201808 2016-02-11] (Intel(R) Corporation)
R3 IntcOED; C:\Windows\System32\drivers\IntcOED.sys [623184 2016-02-11] (Intel(R) Corporation)
R3 IntTouch; C:\Windows\System32\drivers\iaPreciseTouch.sys [260624 2015-11-24] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-05] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [194104 2015-12-30] (Intel Corporation)
R3 mrvlpcie8897; C:\Windows\System32\drivers\mrvlpcie8897.sys [1050120 2015-12-07] (Marvell Semiconductors Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\VirusDefs\20160404.021\ENG64.SYS [138488 2015-10-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\VirusDefs\20160404.021\EX64.SYS [2148080 2015-10-16] (Symantec Corporation)
S3 ov5693; C:\Windows\System32\drivers\ov5693.sys [135984 2015-09-25] (Intel(R) Corporation)
S3 ov7251; C:\Windows\System32\drivers\ov7251.sys [127224 2015-09-25] (Intel Corporation)
S3 ov8865; C:\Windows\System32\drivers\ov8865.sys [132912 2015-09-25] (Intel Corporation)
S3 SkcController; C:\Windows\System32\drivers\SkcController.sys [121064 2015-09-25] (Intel(R) Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NSBUx64\1606000.08E\SRTSP64.SYS [928504 2016-02-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSBUx64\1606000.08E\SRTSPX64.SYS [50936 2015-09-24] (Symantec Corporation)
S3 supportdriver; C:\Windows\System32\drivers\iaisp64.sys [24056 2015-09-25] (Intel(R) Corporation)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [70264 2015-09-25] (Microsoft Corporation)
R3 SurfaceButton; C:\Windows\System32\drivers\SurfaceButton.sys [85272 2015-09-25] (Microsoft Corporation)
R3 SurfaceCoSAR; C:\Windows\System32\drivers\SurfaceCoSAR.sys [52888 2015-09-25] (Microsoft Corporation)
R3 SurfaceDigitizerIntegration; C:\Windows\System32\drivers\SurfaceDigitizerIntegration.sys [58504 2015-09-25] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [51344 2015-11-20] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [73872 2015-10-27] (Microsoft Corporation)
S3 SurfacePenClickFilter; C:\Windows\System32\drivers\SurfacePenClickFilter.sys [56984 2015-09-25] (Microsoft Corporation)
R3 SurfacePenDriver; C:\Windows\System32\drivers\SurfacePenDriver.sys [104600 2015-10-30] (Microsoft Corporation)
S3 SurfacePenIntegration; C:\Windows\System32\drivers\SurfacePenIntegration.sys [61464 2015-09-25] (Microsoft Corporation)
R3 SurfacePro4TypeCoverIntegration; C:\Windows\System32\drivers\SurfacePro4TypeCoverIntegration.sys [59448 2015-09-25] (Microsoft Corporation)
R3 SurfaceStorageFwUpdate; C:\Windows\System32\drivers\SurfaceStorageFwUpdate.sys [2813592 2015-10-27] (Microsoft Corporation)
R3 SurfaceSystemTelemetryDriver; C:\Windows\System32\drivers\SurfaceSystemTelemetryDriver.sys [64000 2015-09-25] (Microsoft Corporation)
R3 SurfaceTouchServicingML; C:\Windows\System32\drivers\SurfaceTouchServicingML.sys [67744 2015-10-23] (Microsoft Corporation)
S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [58896 2015-09-25] (Microsoft Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSBUx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-24] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSBUx64\1606000.08E\SymELAM.sys [24192 2015-09-24] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-01-06] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSBUx64\1606000.08E\Ironx64.SYS [295664 2016-02-24] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSBUx64\1606000.08E\SYMNETS.SYS [577768 2016-02-24] (Symantec Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-05 16:57 - 2016-04-05 16:40 - 01083502 _____ C:\Users\lucas\Desktop\*********Copy.vsdx
2016-04-05 12:27 - 2016-04-05 19:26 - 00014860 _____ C:\Users\lucas\Downloads\FRST.txt
2016-04-05 12:26 - 2016-04-05 19:26 - 00000000 ____D C:\FRST
2016-04-05 12:24 - 2016-04-05 12:26 - 02374144 _____ (Farbar) C:\Users\lucas\Downloads\FRST64.exe
2016-04-05 12:16 - 2016-04-05 19:01 - 00003376 _____ C:\Users\Lucas Standard\Desktop\Rkill.txt
2016-04-05 12:15 - 2016-04-05 12:16 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\lucas\Downloads\rkill.exe
2016-04-04 10:18 - 2016-04-04 10:18 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\lucas\Desktop\procexp.exe
2016-04-04 09:47 - 2016-04-04 09:47 - 01270466 _____ C:\Users\lucas\Downloads\ProcessExplorer.zip
2016-04-03 16:21 - 2016-04-04 20:09 - 00972028 _____ C:\WINDOWS\ntbtlog.txt
2016-04-03 12:20 - 2016-04-03 12:24 - 123614992 _____ (Microsoft Corporation) C:\Users\lucas\Downloads\msert.exe
2016-04-03 12:13 - 2016-04-03 12:13 - 00002154 _____ C:\Users\Lucas Standard\Desktop\norton.txt
2016-04-02 16:08 - 2016-04-05 18:51 - 00000000 ____D C:\Users\lucas\Desktop\Finished and Savedto USB
2016-04-02 13:18 - 2016-04-02 13:18 - 00000000 ____D C:\Users\lucas\.oracle_jre_usage
2016-04-01 13:45 - 2016-04-01 13:45 - 00477215 _____ C:\Users\lucas\Desktop\Diploma Team Case Study Template - Copy1.pdf
2016-03-31 12:13 - 2016-03-31 12:13 - 00000000 ____D C:\Users\lucas\Downloads\575 Wallpapers
2016-03-30 13:23 - 2016-03-30 13:23 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-03-29 12:20 - 2016-03-17 18:20 - 01059157 _____ C:\Users\lucas\Desktop\********* (Old Version).vsdx
2016-03-27 18:04 - 2016-03-27 20:49 - 119148544 _____ C:\Users\lucas\Downloads\Win10_1511_1_English_x64 (1).iso
2016-03-26 18:44 - 2016-03-26 18:44 - 00307200 _____ (Secure By Design Inc.) C:\Users\lucas\Downloads\Ninite Malwarebytes WinRAR Installer.exe
2016-03-22 21:51 - 2016-03-22 21:51 - 00000106 _____ C:\Users\lucas\Desktop\StartVMwareServices.bat
2016-03-20 13:49 - 2016-02-18 20:52 - 02529671 ____X C:\Users\lucas\Desktop\01-Intro2IOS.pptx
2016-03-19 12:57 - 2016-03-19 13:01 - 00147197 _____ C:\WINDOWS\system32\sleepstudy-report.html
2016-03-19 12:55 - 2016-03-19 12:55 - 00062480 _____ C:\WINDOWS\system32\battery-report.html
2016-03-19 12:29 - 2016-04-01 14:48 - 00930449 _____ C:\Users\lucas\Desktop\FP Template.vsdx
2016-03-17 20:45 - 2016-03-17 20:45 - 00103815 _____ C:\Users\lucas\Desktop\Server Rack Diagram.vsdx
2016-03-17 17:57 - 2016-03-17 18:03 - 01014457 _____ C:\Users\lucas\Desktop\********* (old Version).vsdx
2016-03-17 17:53 - 2016-03-17 17:52 - 01026538 _____ C:\Users\lucas\Desktop\********* (Old Version).vsdx
2016-03-16 20:30 - 2016-03-17 18:14 - 00375953 _____ C:\Users\lucas\Desktop\Network Device Layout.vsdx
2016-03-16 20:30 - 2016-03-16 12:31 - 00164902 _____ C:\Users\lucas\Desktop\*********.vsdx
2016-03-16 17:22 - 2016-03-16 17:22 - 00001058 _____ C:\Users\Lucas Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2016-03-16 17:11 - 2016-04-05 16:33 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2016-03-16 17:08 - 2016-03-16 17:08 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-03-16 17:08 - 2016-03-16 17:08 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-16 17:06 - 2016-03-16 17:06 - 00003412 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-03-12 21:46 - 2016-03-12 21:46 - 00001145 _____ C:\Users\Lucas Standard\Desktop\nativelog.txt
2016-03-12 21:46 - 2016-03-12 21:46 - 00000000 ____D C:\Users\Lucas Standard\AppData\Roaming\java
2016-03-12 21:46 - 2016-03-12 21:46 - 00000000 ____D C:\Users\Lucas Standard\AppData\Roaming\.minecraft
2016-03-12 10:00 - 2016-03-12 10:00 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-03-10 11:47 - 2016-03-01 15:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-10 11:47 - 2016-03-01 15:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-10 11:47 - 2016-02-24 19:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-10 11:47 - 2016-02-24 19:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-10 11:47 - 2016-02-24 19:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-10 11:47 - 2016-02-24 19:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-10 11:47 - 2016-02-24 19:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-10 11:47 - 2016-02-24 19:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-10 11:47 - 2016-02-24 19:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-10 11:47 - 2016-02-24 19:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-10 11:47 - 2016-02-24 18:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-10 11:47 - 2016-02-24 18:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-10 11:47 - 2016-02-24 18:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-10 11:47 - 2016-02-24 18:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-10 11:47 - 2016-02-24 18:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-10 11:47 - 2016-02-24 18:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-10 11:47 - 2016-02-24 18:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-10 11:47 - 2016-02-24 18:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-10 11:47 - 2016-02-24 18:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-10 11:47 - 2016-02-24 18:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-10 11:47 - 2016-02-24 18:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-10 11:47 - 2016-02-24 18:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-10 11:47 - 2016-02-24 18:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-10 11:47 - 2016-02-24 18:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-10 11:47 - 2016-02-24 18:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-10 11:47 - 2016-02-24 18:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-10 11:47 - 2016-02-24 18:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-10 11:47 - 2016-02-24 18:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-10 11:47 - 2016-02-24 18:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-10 11:47 - 2016-02-24 18:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-10 11:47 - 2016-02-24 18:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-10 11:47 - 2016-02-24 17:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-10 11:47 - 2016-02-24 17:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-10 11:47 - 2016-02-24 17:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-10 11:47 - 2016-02-24 17:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-10 11:47 - 2016-02-24 17:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-10 11:47 - 2016-02-24 17:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-10 11:47 - 2016-02-24 17:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-10 11:47 - 2016-02-24 17:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-10 11:47 - 2016-02-24 17:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-10 11:47 - 2016-02-24 17:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-10 11:47 - 2016-02-24 17:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-10 11:47 - 2016-02-24 17:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-10 11:47 - 2016-02-24 17:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-10 11:47 - 2016-02-24 17:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-10 11:47 - 2016-02-24 17:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-10 11:47 - 2016-02-24 17:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-10 11:47 - 2016-02-24 17:23 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-03-10 11:47 - 2016-02-24 17:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-10 11:47 - 2016-02-24 17:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-10 11:47 - 2016-02-24 17:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-10 11:47 - 2016-02-24 17:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-10 11:47 - 2016-02-24 17:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-10 11:47 - 2016-02-24 17:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-10 11:47 - 2016-02-24 17:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-10 11:47 - 2016-02-24 17:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-10 11:47 - 2016-02-24 17:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-10 11:47 - 2016-02-24 17:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-10 11:47 - 2016-02-24 17:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-10 11:47 - 2016-02-24 17:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-10 11:47 - 2016-02-24 17:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-10 11:47 - 2016-02-24 17:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-10 11:47 - 2016-02-24 17:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-10 11:47 - 2016-02-24 17:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-10 11:47 - 2016-02-24 17:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-10 11:47 - 2016-02-24 17:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-10 11:47 - 2016-02-24 17:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-10 11:47 - 2016-02-24 17:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-10 11:47 - 2016-02-24 17:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-10 11:47 - 2016-02-24 17:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-10 11:47 - 2016-02-24 17:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-10 11:47 - 2016-02-24 17:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-10 11:47 - 2016-02-24 16:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-10 11:47 - 2016-02-24 16:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-10 11:47 - 2016-02-24 16:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-10 11:47 - 2016-02-24 16:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-10 11:47 - 2016-02-24 16:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-10 11:47 - 2016-02-24 16:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-10 11:47 - 2016-02-24 16:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-10 11:47 - 2016-02-24 16:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-10 11:47 - 2016-02-24 16:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-10 11:47 - 2016-02-24 16:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-10 11:47 - 2016-02-24 16:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-10 11:47 - 2016-02-24 16:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-10 11:47 - 2016-02-24 16:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-10 11:47 - 2016-02-24 16:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-10 11:47 - 2016-02-24 16:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-10 11:47 - 2016-02-24 16:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-10 11:47 - 2016-02-24 16:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-10 11:47 - 2016-02-24 16:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-10 11:47 - 2016-02-24 16:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-10 11:47 - 2016-02-24 16:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-10 11:47 - 2016-02-24 16:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-10 11:47 - 2016-02-24 16:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-10 11:47 - 2016-02-24 16:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-10 11:47 - 2016-02-24 16:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-10 11:47 - 2016-02-24 16:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-10 11:47 - 2016-02-24 16:42 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-03-10 11:47 - 2016-02-24 16:42 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-03-10 11:47 - 2016-02-24 16:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-10 11:47 - 2016-02-24 16:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-10 11:47 - 2016-02-24 16:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-10 11:47 - 2016-02-24 16:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-10 11:47 - 2016-02-24 16:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-10 11:47 - 2016-02-24 16:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-10 11:47 - 2016-02-24 16:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-10 11:47 - 2016-02-24 16:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-10 11:47 - 2016-02-24 16:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-10 11:47 - 2016-02-24 16:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-10 11:47 - 2016-02-24 16:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-10 11:47 - 2016-02-24 16:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-10 11:47 - 2016-02-24 16:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-10 11:47 - 2016-02-24 16:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-10 11:47 - 2016-02-24 16:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-10 11:47 - 2016-02-24 16:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-10 11:47 - 2016-02-24 16:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-10 11:47 - 2016-02-24 16:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-10 11:47 - 2016-02-24 16:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-10 11:47 - 2016-02-24 16:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-10 11:47 - 2016-02-24 16:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-10 11:47 - 2016-02-24 16:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-10 11:47 - 2016-02-24 16:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-10 11:47 - 2016-02-24 16:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-10 11:47 - 2016-02-24 16:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-10 11:47 - 2016-02-24 16:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-10 11:47 - 2016-02-24 16:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-10 11:47 - 2016-02-24 16:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-10 11:47 - 2016-02-24 16:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-10 11:47 - 2016-02-24 16:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-10 11:47 - 2016-02-24 16:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-10 11:47 - 2016-02-24 16:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-10 11:47 - 2016-02-24 16:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-10 11:47 - 2016-02-24 16:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-10 11:47 - 2016-02-24 16:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-10 11:47 - 2016-02-24 16:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-10 11:47 - 2016-02-24 16:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-10 11:47 - 2016-02-24 16:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-10 11:47 - 2016-02-24 16:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-10 11:47 - 2016-02-24 16:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-10 11:47 - 2016-02-24 16:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-10 11:47 - 2016-02-24 16:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-10 11:47 - 2016-02-24 15:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-10 11:47 - 2016-02-24 15:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-10 11:47 - 2016-02-24 15:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-10 11:47 - 2016-02-24 15:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-10 11:47 - 2016-02-24 15:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-10 11:47 - 2016-02-24 15:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-10 11:47 - 2016-02-24 15:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-10 11:47 - 2016-02-24 15:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-10 11:47 - 2016-02-24 15:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-10 11:47 - 2016-02-24 15:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-10 11:47 - 2016-02-24 15:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-10 11:47 - 2016-02-24 15:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-10 11:47 - 2016-02-24 15:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-10 11:47 - 2016-02-24 14:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-10 11:47 - 2016-02-24 14:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-05 18:59 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-05 18:58 - 2015-10-30 17:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-05 18:52 - 2016-02-15 17:52 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-05 18:11 - 2016-01-06 18:40 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-04-05 14:51 - 2016-01-04 23:29 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-04-05 14:10 - 2016-01-26 10:44 - 00001136 _____ C:\Users\lucas\Desktop\nativelog.txt
2016-04-05 14:10 - 2016-01-06 19:29 - 00000000 ____D C:\Users\lucas\AppData\Roaming\.minecraft
2016-04-05 12:13 - 2015-10-31 16:59 - 00838508 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-05 12:13 - 2015-10-30 17:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-05 12:10 - 2016-02-28 21:13 - 00042168 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2016-04-05 12:10 - 2016-01-05 17:19 - 00000000 ____D C:\Users\Lucas Standard
2016-04-05 12:09 - 2016-01-04 23:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-05 12:09 - 2016-01-04 23:31 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-04-04 20:30 - 2016-01-04 23:32 - 00000000 ____D C:\Users\lucas
2016-04-04 20:30 - 2015-10-30 16:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-04 10:25 - 2016-01-20 09:10 - 00000000 ____D C:\Users\Lucas Standard\AppData\Local\CrashDumps
2016-04-04 10:24 - 2016-01-05 17:19 - 00000000 ____D C:\Users\Lucas Standard\AppData\Local\Packages
2016-04-03 16:23 - 2016-02-15 16:49 - 00000000 ____D C:\Users\Lucas Standard\AppData\Local\NPE
2016-04-03 16:18 - 2015-10-30 16:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-03 16:16 - 2015-10-30 17:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-03 11:58 - 2016-01-07 14:44 - 00000000 ____D C:\Users\lucas\AppData\Local\CrashDumps
2016-04-03 11:44 - 2016-01-08 19:04 - 00000000 ____D C:\Users\lucas\AppData\Roaming\VMware
2016-04-03 11:44 - 2016-01-08 19:04 - 00000000 ____D C:\Users\lucas\AppData\Local\VMware
2016-04-02 13:17 - 2016-01-12 15:52 - 00000000 ____D C:\Users\Lucas Standard\.oracle_jre_usage
2016-04-01 20:44 - 2016-01-20 12:56 - 00000000 ____D C:\Users\Lucas Standard\AppData\Local\ElevatedDiagnostics
2016-03-29 11:40 - 2016-01-04 18:49 - 00000000 ____D C:\Users\lucas\AppData\Local\Packages
2016-03-27 20:59 - 2015-10-30 17:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-24 13:07 - 2016-01-06 18:54 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-24 13:07 - 2016-01-06 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-24 13:07 - 2016-01-06 18:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-20 16:10 - 2016-01-08 19:01 - 00000000 ____D C:\ProgramData\VMware
2016-03-20 13:46 - 2016-01-06 18:46 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-17 14:29 - 2015-10-31 17:16 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-17 14:28 - 2015-10-30 17:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-16 17:06 - 2016-01-06 19:23 - 00002555 _____ C:\Users\Public\Desktop\Norton Security with Backup.LNK
2016-03-16 17:06 - 2016-01-06 19:23 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security with Backup
2016-03-16 17:06 - 2016-01-06 19:23 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSBUx64
2016-03-12 21:43 - 2015-10-31 16:52 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-12 10:00 - 2015-10-30 17:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-12 09:59 - 2016-02-16 18:58 - 00000000 ____D C:\Program Files\Microsoft Office
2016-03-10 21:50 - 2016-01-04 23:29 - 00332240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-10 21:49 - 2015-10-30 17:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-10 21:49 - 2015-10-30 17:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-10 21:49 - 2015-10-30 17:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-10 21:49 - 2015-10-30 17:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-10 14:09 - 2016-01-06 18:54 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-10 14:08 - 2016-01-06 18:54 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-10 14:08 - 2016-01-06 18:54 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-10 11:49 - 2016-01-04 19:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-10 11:48 - 2016-01-04 19:36 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-08 17:12 - 2015-10-30 17:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 17:12 - 2015-10-30 17:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-02-21 16:46 - 2016-02-22 14:13 - 0007606 _____ () C:\Users\Lucas Standard\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-05 16:21

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Lucas Standard (2016-04-05 19:26:29)
Running from C:\Users\lucas\Downloads
Windows 10 Pro Version 1511 (X64) (2016-01-04 13:38:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3501963414-2174363898-4230124818-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3501963414-2174363898-4230124818-503 - Limited - Disabled)
Guest (S-1-5-21-3501963414-2174363898-4230124818-501 - Limited - Disabled)
lucas (S-1-5-21-3501963414-2174363898-4230124818-1001 - Limited - Enabled) => C:\Users\lucas
Lucas Standard (S-1-5-21-3501963414-2174363898-4230124818-1002 - Administrator - Enabled) => C:\Users\Lucas Standard

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security with Backup (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security with Backup (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security with Backup (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Autodesk SketchBook (HKLM\...\{B50180B6-7676-4A54-9527-9C4FE2E5011A}) (Version: 8.00.0000 - Autodesk)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4364 - Intel Corporation)
Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6001.1068 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.6001.1068 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Norton Security with Backup (HKLM-x32\...\NSBU) (Version: 22.6.0.142 - Symantec Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7424 - Realtek Semiconductor Corp.)
VMware Workstation (HKLM\...\{0AD91785-F9BD-47FD-84F7-9E27B5A1853D}) (Version: 12.1.0 - VMware, Inc.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3501963414-2174363898-4230124818-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Lucas Standard\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {24C504C1-E2B0-41BB-AFC7-73B71DCAB53A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-02-28] (Microsoft Corporation)
Task: {30C4484B-C57F-449B-88CE-DB3CD893C4BB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-02-28] (Microsoft Corporation)
Task: {8D5005A3-F0D5-4E15-A91D-5008FC2E0C17} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security with Backup\Upgrade.exe [2016-02-26] (Symantec Corporation)
Task: {99AAFF57-3B69-40EE-AA66-4146E8D18BDE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {9D2A81B8-FC7F-4F83-80F9-B25DD80C63EC} - System32\Tasks\Norton Security with Backup\Norton Error Analyzer => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\SymErr.exe [2016-02-11] (Symantec Corporation)
Task: {A7132530-847B-4528-8BD6-367D208F75FD} - System32\Tasks\Norton Security with Backup\Norton Error Processor => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\SymErr.exe [2016-02-11] (Symantec Corporation)
Task: {C63F1F65-0A77-49F6-B844-2A07C1B58A89} - System32\Tasks\Norton Security with Backup\Norton Autofix => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\SymErr.exe [2016-02-11] (Symantec Corporation)
Task: {C8379291-2423-4F88-9890-9FAD4414CD7A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)
Task: {D03B2F25-22F7-4308-9A1A-89B61CD112C7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {DD7C9455-DE79-44D1-B713-47035D560257} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-02-28] (Microsoft Corporation)
Task: {F6E5BC9A-5B63-49C1-BEE2-E228E016DF40} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-10] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 17:17 - 2015-10-30 17:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2016-02-17 11:20 - 2016-02-04 05:51 - 00173256 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-10-30 17:18 - 2015-10-30 17:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-02 20:35 - 2016-02-23 21:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-03-02 20:35 - 2016-02-23 21:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-05 13:13 - 2015-12-07 14:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 20:35 - 2016-02-23 18:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-13 09:56 - 2016-01-05 11:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 09:56 - 2016-01-05 11:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-29 18:58 - 2016-01-16 15:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-29 18:58 - 2016-01-16 15:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 21:04 - 2015-07-10 21:02 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3501963414-2174363898-4230124818-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKU\S-1-5-21-3501963414-2174363898-4230124818-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3501963414-2174363898-4230124818-1002\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{BE651E8D-AAF0-4796-9410-449D68C043C0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B4DDD485-949F-436B-B02A-650A738C47D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4934ED36-6598-4680-8B2B-E988B980DC6B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B8C1C8EA-9B45-44D5-9438-0E006D6D73CF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{772C918A-FF10-4DB6-A0A6-293F5FC60373}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{A54CCF97-CEB2-4003-A0FC-35F11E2B99ED}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{AEAAA947-B2C8-4A95-A279-842F1038B215}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{52E43FC6-1604-4B87-8F83-8291E69675B6}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{AEE2B46C-BE91-4E7F-9E12-FA1271A130B4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe

==================== Restore Points =========================

20-03-2016 13:41:39 Removed Google Chrome
23-03-2016 22:45:02 Windows Update
30-03-2016 17:37:15 Windows Update
02-04-2016 13:19:00 Removed Java 8 Update 77

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/05/2016 07:20:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/05/2016 06:34:14 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (04/04/2016 06:34:14 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (04/04/2016 12:46:47 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8

Error: (04/04/2016 12:44:09 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/04/2016 10:25:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: combase.dll, version: 10.0.10586.103, time stamp: 0x56a849ab
Exception code: 0xc0000602
Fault offset: 0x000000000018d8cb
Faulting process id: 0x12cc
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (04/03/2016 06:34:14 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (04/03/2016 04:34:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NSBU.exe, version: 13.1.0.74, time stamp: 0x56ba9bae
Faulting module name: SYMHTML.DLL, version: 10.1.0.91, time stamp: 0x56ce7f77
Exception code: 0xc000041d
Fault offset: 0x000ba323
Faulting process id: 0x1600
Faulting application start time: 0xNSBU.exe0
Faulting application path: NSBU.exe1
Faulting module path: NSBU.exe2
Report Id: NSBU.exe3
Faulting package full name: NSBU.exe4
Faulting package-relative application ID: NSBU.exe5

Error: (04/03/2016 04:34:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NSBU.exe, version: 13.1.0.74, time stamp: 0x56ba9bae
Faulting module name: SYMHTML.DLL, version: 10.1.0.91, time stamp: 0x56ce7f77
Exception code: 0xc0000005
Fault offset: 0x000ba323
Faulting process id: 0x1600
Faulting application start time: 0xNSBU.exe0
Faulting application path: NSBU.exe1
Faulting module path: NSBU.exe2
Report Id: NSBU.exe3
Faulting package full name: NSBU.exe4
Faulting package-relative application ID: NSBU.exe5

Error: (04/03/2016 04:33:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NSBU.exe, version: 13.1.0.74, time stamp: 0x56ba9bae
Faulting module name: SYMHTML.DLL, version: 10.1.0.91, time stamp: 0x56ce7f77
Exception code: 0xc0000005
Fault offset: 0x000ba323
Faulting process id: 0xde0
Faulting application start time: 0xNSBU.exe0
Faulting application path: NSBU.exe1
Faulting module path: NSBU.exe2
Report Id: NSBU.exe3
Faulting package full name: NSBU.exe4
Faulting package-relative application ID: NSBU.exe5


System errors:
=============
Error: (04/05/2016 06:52:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_60e80 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/05/2016 06:52:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_60e80 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/05/2016 06:52:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_60e80 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/05/2016 06:52:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_60e80 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/05/2016 06:52:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/05/2016 03:28:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/05/2016 02:40:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/04/2016 08:30:06 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (04/04/2016 08:30:06 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (04/04/2016 08:30:05 PM) (Source: DCOM) (EventID: 10010) (User: LUCAS-SURFACE)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}


CodeIntegrity:
===================================
  Date: 2016-03-30 16:35:01.226
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-23 22:45:25.025
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-17 14:43:10.935
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-16 18:34:16.419
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-16 18:09:07.660
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-12 15:26:32.502
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-12 09:59:43.363
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-11 21:06:50.481
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-10 21:50:52.671
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-02 20:41:02.385
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz
Percentage of memory in use: 31%
Total physical RAM: 8115.96 MB
Available physical RAM: 5545.54 MB
Total Virtual: 9395.96 MB
Available Virtual: 6956.53 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:165.57 GB) (Free:122.45 GB) NTFS
Drive d: (My Files) (Fixed) (Total:30 GB) (Free:28.86 GB) NTFS
Drive v: (VM) (Fixed) (Total:40 GB) (Free:19.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 671D6473)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

Link to post
Share on other sites

Thanks for those log and extra information... Run the following online AV scan:

user posted imageScan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:
 
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.


To perform the scan:
 
  • Select "Enable detection of potentially unwanted applications"
  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Under “Enable Stealth Technology select “Change” select any extra drives in that window.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.



Please include this logfile in your next reply.

Don't forget to re-enable protection software!

Let me see that log...

Thank you,

Kevin.....

Link to post
Share on other sites

I do not believe the files you listed previously are malicious or infected, ESET online AV scan would certainly have looked at each one of them and flagged malicious/infected if warranted....

Run one more scan:

user posted image
Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)
 
  • The file will be randomly named
  • Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning

    user posted image

     
  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats

    user posted image

     
  • Press start scan
  • The scan will now commence

    user posted image

     
  • Once the scan has finished click open report <<<--- Do not miss this step

    user posted image

     
  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop



This log will be excessive, Please attach it to your next reply…

Thank you Kevin..

 

 

 

Link to post
Share on other sites

All the files are pretty much false positives.. I shouldn't take these seriously and wait a couple days for those companies to cleanup their errors... I'm just someone that worries too much when numbers turn red :P

Anyway my other concern which I would possibly know its a false positive but its been awhile since the detection hasn't changed. - SurfaceStorageFwUpdate.sys
https://www.virustotal.com/en/file/b2f4c25ae663794ac9f012a2632ee170819b8fe5e6ecf1e4a0a8350fcb0d770c/analysis/

Should I contact the company to report false positives?

Would you recommend me to keep the tools and use them as secondary scanners or remove them?

Thanks for the help :)

Link to post
Share on other sites

Yes that would seem to be another FP, regarding the tools is better to clean up and remove them...

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.