Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with PClock


  • This topic is locked This topic is locked
5 replies to this topic

#1 WernSwan

WernSwan

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:24 AM

Posted 22 January 2015 - 01:32 PM

Been infected with v2 of PClock.  Used decryption tool on PClock thread and seem to have removed malware.  Not sure if anything remains.
 
Regards
WernSwan

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Werner (administrator) on STUDY on 22-01-2015 20:20:58
Running from C:\Users\Werner\Downloads
Loaded Profiles: Werner (Available profiles: Werner)
Platform: Windows 8.1 Pro (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\BrytonBridge2\BBService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\BrytonBridge2\BBDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Macrovision) C:\Program Files (x86)\MonitorSoftware\monitor.exe
(Oracle Corporation) C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe
() C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSUranusWatchDog.exe
(VIVOTEK) C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSWebServer.exe
() C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSConfigurationServer.exe
() C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSStreamingServer.exe
() C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSRecordingServer.exe
() C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSQueryServer.exe
() C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSEventServer.exe
() C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSBackupServer.exe
(Macrovision) C:\Program Files (x86)\MonitorSoftware\wpRMI.exe
(Oracle Corporation) C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Macrovision) C:\Program Files (x86)\MonitorSoftware\UPSMS.exe
() C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSServiceControl.exe
(Oracle Corporation) C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [UPSMS] => C:\Program Files (x86)\MonitorSoftware\UPSMS.exe [114688 2013-01-20] (Macrovision)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [VMS Service Control] => C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSServiceControl.exe [2509824 2012-11-06] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-4130170648-3986349948-401041113-1001\...\Run: [HP Officejet Pro 8500 A910 (NET)] => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4130170648-3986349948-401041113-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-4130170648-3986349948-401041113-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-4130170648-3986349948-401041113-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3886672 2014-12-16] (Tonec Inc.)
HKU\S-1-5-21-4130170648-3986349948-401041113-1001\...\Run: [Efction] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Werner\AppData\Local\Eldrtion\CoreText.dll
HKU\S-1-5-21-4130170648-3986349948-401041113-1001\...\MountPoints2: {43d456c9-307f-11e4-bede-00e04c692188} - "E:\dvdcheck.exe"
HKU\S-1-5-21-4130170648-3986349948-401041113-1001\...\MountPoints2: {9fb3e122-d2e6-11e3-becd-00e04c692188} - "E:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-4130170648-3986349948-401041113-1001\...\MountPoints2: {9fb3e457-d2e6-11e3-becd-00e04c692188} - "E:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-4130170648-3986349948-401041113-1001\...\MountPoints2: {a7047f7b-a0f9-11e3-bec3-00e04c692188} - "E:\AutoRun.exe"
HKU\S-1-5-21-4130170648-3986349948-401041113-1001\...\MountPoints2: {c6ef3a1d-d80f-11e3-bed0-00e04c692188} - "E:\setup_vmb_lite.exe" /checkApplicationPresence
AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BrytonBridge2.lnk
ShortcutTarget: BrytonBridge2.lnk -> C:\Program Files (x86)\BrytonBridge2\BrytonBridge2.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4130170648-3986349948-401041113-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
HKU\S-1-5-21-4130170648-3986349948-401041113-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-4130170648-3986349948-401041113-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=359
SearchScopes: HKU\S-1-5-21-4130170648-3986349948-401041113-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=359
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {64865E5A-E8D7-44C1-89E1-99A84F6E56D0} http://192.168.1.206/VVTK_Plugin_Installer.exe
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{57F421B3-6F37-4688-B37F-1A16656CAED8}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{F5E40C66-BCE2-4F36-B0D7-175D3FBD6625}: [NameServer] 8.8.8.8,8.8.8.8

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: WinLessPlugin -> C:\Program Files (x86)\Camera Stream Controller\npWinLessRtspCtrl.dll ()
FF HKU\S-1-5-21-4130170648-3986349948-401041113-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Werner\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Werner\AppData\Roaming\IDM\idmmzcc5 [2015-01-03]

Chrome:
=======
CHR Profile: C:\Users\Werner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (CoMapMIMEToCLSID Class) - C:\Users\Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-01-04]
CHR Extension: (Google Docs) - C:\Users\Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-13]
CHR Extension: (Google Drive) - C:\Users\Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-13]
CHR Extension: (YouTube) - C:\Users\Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-13]
CHR Extension: (Google Search) - C:\Users\Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-13]
CHR Extension: (Google Wallet) - C:\Users\Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-13]
CHR Extension: (Gmail) - C:\Users\Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-13]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R2 BBService; C:\Program Files (x86)\BrytonBridge2\BBService.exe [68096 2013-11-19] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-21] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MSSQLSERVER; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation)
R2 ST7501 Uranus Watch Dog; C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSUranusWatchDog.exe [280304 2012-11-06] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 UPSmonitor; C:\Program Files (x86)\MonitorSoftware\monitor.exe [114688 2013-01-20] (Macrovision) [File not signed]
R3 UPSRMI; C:\Program Files (x86)\MonitorSoftware\wpRMI.exe [114688 2013-01-20] (Macrovision) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [311872 2011-11-10] ()
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [52832 2014-01-02] (http://libusb-win32.sourceforge.net)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-20] (Malwarebytes Corporation)
S3 RemoteControl-USBLAN; C:\Windows\system32\DRIVERS\rcblan.sys [46616 2007-01-24] (Belcarra Technologies)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2013-01-22] (WinISO.com)
S3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [268288 2013-11-01] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 20:20 - 2015-01-22 20:21 - 00021055 _____ () C:\Users\Werner\Downloads\FRST.txt
2015-01-22 20:20 - 2015-01-22 20:21 - 00000000 ____D () C:\FRST
2015-01-22 20:19 - 2015-01-22 20:19 - 02126848 _____ (Farbar) C:\Users\Werner\Downloads\FRST64.exe
2015-01-16 20:59 - 2015-01-16 20:59 - 01054520 _____ (Emsisoft Ltd) C:\Users\Werner\Desktop\decrypt_pclock2 (2).exe
2015-01-13 22:01 - 2014-12-19 08:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 22:01 - 2014-12-12 04:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 22:01 - 2014-12-12 02:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-13 22:01 - 2014-12-09 03:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 22:01 - 2014-12-08 21:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 22:01 - 2014-12-08 21:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-13 22:01 - 2014-12-08 21:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 22:01 - 2014-12-08 21:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 22:01 - 2014-12-08 21:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 22:01 - 2014-12-08 21:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 22:01 - 2014-12-08 21:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 22:01 - 2014-12-08 21:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 22:01 - 2014-12-06 05:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 22:01 - 2014-12-06 03:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 22:01 - 2014-12-06 03:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 22:01 - 2014-10-29 06:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-13 22:01 - 2014-10-29 06:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-13 22:01 - 2014-10-29 05:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-13 22:01 - 2014-10-29 05:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-13 22:01 - 2014-10-29 05:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-13 22:01 - 2014-10-29 05:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-13 22:01 - 2014-10-29 05:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-13 22:01 - 2014-10-29 05:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-13 22:01 - 2014-10-29 05:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-13 22:01 - 2014-10-29 05:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-13 22:01 - 2014-10-29 05:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-13 22:01 - 2014-10-29 04:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-13 22:01 - 2014-10-29 03:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-13 22:01 - 2014-10-29 03:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-13 22:01 - 2014-10-29 03:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-13 22:01 - 2014-10-29 03:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-11 09:35 - 2015-01-11 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility
2015-01-11 09:35 - 2015-01-11 09:35 - 00000000 ____D () C:\Program Files\Bulk Rename Utility
2015-01-11 09:34 - 2015-01-11 09:34 - 01095792 _____ (TGRMN Software ) C:\Users\Werner\Downloads\BRU_Setup_WinNTx64.exe
2015-01-10 22:44 - 2015-01-10 22:44 - 00965416 _____ (Emsisoft Ltd) C:\Users\Werner\Desktop\decrypt_pclock2 (1).exe
2015-01-10 14:30 - 2015-01-10 14:30 - 03848979 _____ () C:\Users\Werner\enc_files_backup.txt
2015-01-10 10:00 - 2015-01-10 10:00 - 43994359 _____ () C:\Users\Werner\Downloads\us_ba_Deloitte Analytics HIVE_Supply Chain_01092013.wmv
2015-01-10 10:00 - 2015-01-10 10:00 - 142398671 _____ () C:\Users\Werner\Downloads\win64_153322.zip
2015-01-10 10:00 - 2015-01-10 10:00 - 05743676 _____ () C:\Users\Werner\Downloads\Transnet Response GSM13070811 - 08Oct2013 - Circulation Draft One.docx.decbak
2015-01-10 10:00 - 2015-01-10 10:00 - 05719784 _____ () C:\Users\Werner\Downloads\Transnet Response GSM13070811 20131007 V3 AS.docx.decbak
2015-01-10 10:00 - 2015-01-10 10:00 - 05718373 _____ () C:\Users\Werner\Downloads\Transnet Response GSM13070811 20131006.docx.decbak
2015-01-10 10:00 - 2015-01-10 10:00 - 03972129 _____ () C:\Users\Werner\Downloads\TL-MR3420_V2_140319.zip
2015-01-10 10:00 - 2015-01-10 10:00 - 03709577 _____ () C:\Users\Werner\Downloads\TL-MR3420_V2_121206.zip
2015-01-10 10:00 - 2015-01-10 10:00 - 01100955 _____ () C:\Users\Werner\Downloads\Wip Management Pack - 10 December 2013.xlsx.decbak
2015-01-10 10:00 - 2015-01-10 10:00 - 01100955 _____ () C:\Users\Werner\Downloads\Wip Management Pack - 10 December 2013.xlsx
2015-01-10 10:00 - 2015-01-10 10:00 - 00531310 _____ () C:\Users\Werner\Downloads\usbasp.2011-05-28.tar.gz
2015-01-10 10:00 - 2015-01-10 10:00 - 00244412 _____ () C:\Users\Werner\Downloads\Telkom Mobile Phase 1b v3.docx.decbak
2015-01-10 10:00 - 2015-01-10 10:00 - 00234601 _____ () C:\Users\Werner\Downloads\Working Capital - 28 10 2014.xlsx.decbak
2015-01-10 10:00 - 2015-01-10 10:00 - 00234601 _____ () C:\Users\Werner\Downloads\Working Capital - 28 10 2014.xlsx
2015-01-10 10:00 - 2015-01-10 10:00 - 00129738 _____ () C:\Users\Werner\Downloads\ubnt-discovery-v2.3.zip
2015-01-10 10:00 - 2015-01-10 10:00 - 00121364 _____ () C:\Users\Werner\Downloads\UNTITLED.pptx.decbak
2015-01-10 10:00 - 2015-01-10 10:00 - 00121364 _____ () C:\Users\Werner\Downloads\UNTITLED.pptx
2015-01-10 10:00 - 2015-01-10 10:00 - 00086172 _____ () C:\Users\Werner\Downloads\ZA_DM _Data Migration Strategy Template_CRMv0.1.docx.decbak
2015-01-10 10:00 - 2015-01-10 10:00 - 00086172 _____ () C:\Users\Werner\Downloads\ZA_DM _Data Migration Strategy Template_CRMv0.1 (1).docx.decbak
2015-01-10 10:00 - 2015-01-10 10:00 - 00055726 _____ () C:\Users\Werner\Downloads\Yolanda Komen 2013.docx.decbak
2015-01-10 10:00 - 2015-01-10 10:00 - 00041546 _____ () C:\Users\Werner\Downloads\TPA Questionnaire.xlsx.decbak
2015-01-10 10:00 - 2015-01-10 10:00 - 00041546 _____ () C:\Users\Werner\Downloads\TPA Questionnaire.xlsx
2015-01-10 10:00 - 2015-01-10 10:00 - 00036801 _____ () C:\Users\Werner\Downloads\Werner Swanepoel E-Ticket.docx.decbak
2015-01-10 10:00 - 2015-01-10 10:00 - 00035496 _____ () C:\Users\Werner\Downloads\Transaction_Master_Data_List plus modules .xlsx.decbak
2015-01-10 10:00 - 2015-01-10 10:00 - 00035496 _____ () C:\Users\Werner\Downloads\Transaction_Master_Data_List plus modules .xlsx
2015-01-10 10:00 - 2015-01-10 10:00 - 00031006 _____ () C:\Users\Werner\Downloads\Workpackage desciptions - Data Management 20120831v1.docx.decbak
2015-01-10 10:00 - 2015-01-10 10:00 - 00024206 _____ () C:\Users\Werner\Downloads\Terms of reference database transition 040913 Final.docx.decbak
2015-01-10 10:00 - 2015-01-10 10:00 - 00024206 _____ () C:\Users\Werner\Downloads\Terms of reference database transition 040913 Final (1).docx.decbak
2015-01-10 10:00 - 2015-01-10 10:00 - 00011176 _____ () C:\Users\Werner\Downloads\van Wyk%2c R.xlsx.decbak
2015-01-10 10:00 - 2015-01-10 10:00 - 00011176 _____ () C:\Users\Werner\Downloads\van Wyk%2c R.xlsx
2015-01-10 10:00 - 2015-01-06 01:25 - 43994359 _____ () C:\Users\Werner\Downloads\us_ba_Deloitte Analytics HIVE_Supply Chain_01092013.wmv.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 142398671 _____ () C:\Users\Werner\Downloads\win64_153322.zip.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 09309380 _____ () C:\Users\Werner\Downloads\Tegan and Sara feat. The Lonely Island-Everything Is Awesome (The Lego Movie OST) [myfreemp3.eu].mp3.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 07129600 _____ () C:\Users\Werner\Downloads\Transnet Response GSM13070811 Final.doc.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 03972129 _____ () C:\Users\Werner\Downloads\TL-MR3420_V2_140319.zip.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 03709577 _____ () C:\Users\Werner\Downloads\TL-MR3420_V2_121206.zip.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 02616005 _____ () C:\Users\Werner\Downloads\The Lonely Island - Everything is Awesome (OST Lego movie) [myfreemp3.eu].mp3.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 02126336 _____ () C:\Users\Werner\Downloads\ZA_DM_FI _Data Migration Strategy Templatev0.doc.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 02003874 _____ () C:\Users\Werner\Downloads\usb-props.rtf.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 00624640 _____ () C:\Users\Werner\Downloads\ZA_DM _Data Migration Strategy_V0 4.doc.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 00531310 _____ () C:\Users\Werner\Downloads\usbasp.2011-05-28.tar.gz.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 00387584 _____ () C:\Users\Werner\Downloads\ZA_DM _Data Migration Strategy_V0.2.doc.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 00322048 _____ () C:\Users\Werner\Downloads\ZA_DM _Data Migration Strategy SD 20141202 %282%29.doc.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 00186880 _____ () C:\Users\Werner\Downloads\ZA_DM _CO_ Data Migration Strategy_V5.doc.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 00181248 _____ () C:\Users\Werner\Downloads\ZA_DM_PS_Data Migration Strategy_V3.doc.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 00179200 _____ () C:\Users\Werner\Downloads\ZA_DM _Data Migration Strategy MM 0.2.doc.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 00165888 _____ () C:\Users\Werner\Downloads\ZA_DM_PP_Data Migration Strategy_V3.doc.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 00154153 _____ () C:\Users\Werner\Downloads\Werner_Swanepoel_Schengen_Australia_Visa_Edited.jpg.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 00148480 _____ () C:\Users\Werner\Downloads\ZAABB_Data Migration Strategy_Master data V0 1.1.doc.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 00148004 _____ () C:\Users\Werner\Downloads\Wian_Swanepoel_Passport_Edited.jpg.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 00137383 _____ () C:\Users\Werner\Downloads\Werner_Passport_Last_Page_Edited.jpg.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 00136868 _____ () C:\Users\Werner\Downloads\Wian_Swanepoel_Australia_Visa_Edited.jpg.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 00129738 _____ () C:\Users\Werner\Downloads\ubnt-discovery-v2.3.zip.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 00123108 _____ () C:\Users\Werner\Downloads\Werner_Swanepoel_Passport_Edited.jpg.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 00065190 _____ () C:\Users\Werner\Downloads\Wian_Swanepoel_Passport_Edited (1).jpg.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 00058404 _____ () C:\Users\Werner\Downloads\Wian_Swanepoel_Australia_Visa_Edited (1).jpg.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 00035042 _____ () C:\Users\Werner\Downloads\W_Swanepoel_SA_Passport_and_ID_Photo.jpg.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 00034682 _____ () C:\Users\Werner\Downloads\W_Swanepoel_Passport_Photo_Edited.jpg.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 00033865 _____ () C:\Users\Werner\Downloads\Wian_Photo_Edited.jpg.decbak
2015-01-10 10:00 - 2015-01-06 01:25 - 00024112 _____ () C:\Users\Werner\Downloads\Wian_Photo_Edited (1).jpg.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 93287234 _____ () C:\Users\Werner\Downloads\Setup-10.3.405.45220_RC1-full.compressed.zip
2015-01-10 09:59 - 2015-01-10 09:59 - 38676113 _____ () C:\Users\Werner\Downloads\DOMBEYA F.zip
2015-01-10 09:59 - 2015-01-10 09:59 - 19725456 _____ () C:\Users\Werner\Downloads\Entertainment-System-User-manual.zip
2015-01-10 09:59 - 2015-01-10 09:59 - 140879751 _____ () C:\Users\Werner\Downloads\Miley Cyrus - We Can't Stop [Music Video] 1080p [Sbyky].mp4
2015-01-10 09:59 - 2015-01-10 09:59 - 13381736 _____ () C:\Users\Werner\Downloads\Comfigurator3.7.8.zip
2015-01-10 09:59 - 2015-01-10 09:59 - 07705880 _____ () C:\Users\Werner\Downloads\Deloitte SAP HANA Capabilities_Forrester_v4.zip
2015-01-10 09:59 - 2015-01-10 09:59 - 07278749 _____ () C:\Users\Werner\Downloads\kkmulticopterflashtool_0.76beta1.zip
2015-01-10 09:59 - 2015-01-10 09:59 - 04533149 _____ () C:\Users\Werner\Downloads\HANA Solutions - Reviewed.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 04533149 _____ () C:\Users\Werner\Downloads\HANA Solutions - Reviewed.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 04408031 _____ () C:\Users\Werner\Downloads\Deloitte BI & Analytics 4Ops2.0 proposal - v9.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 04408031 _____ () C:\Users\Werner\Downloads\Deloitte BI & Analytics 4Ops2.0 proposal - v9.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 03705536 _____ () C:\Users\Werner\Downloads\Lugfoto.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 03609835 _____ () C:\Users\Werner\Downloads\DM WIP report 20140407.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 03609835 _____ () C:\Users\Werner\Downloads\DM WIP report 20140407.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 03420272 _____ () C:\Users\Werner\Downloads\BOSCHHOEK - INFORMATION PACK.zip
2015-01-10 09:59 - 2015-01-10 09:59 - 03380069 _____ () C:\Users\Werner\Downloads\Layered Scalable Architecture.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 03348814 _____ () C:\Users\Werner\Downloads\Sasol EIM Strategy Response RN v1.2.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 03324387 _____ () C:\Users\Werner\Downloads\Sasol new SAP programme - BI Reporting - High level Approach - Draft V1 1.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 03324387 _____ () C:\Users\Werner\Downloads\Sasol new SAP programme - BI Reporting - High level Approach - Draft V1 1.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 03088737 _____ () C:\Users\Werner\Downloads\BCBS framework v0.2.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 03088737 _____ () C:\Users\Werner\Downloads\BCBS framework v0.2.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 02911398 _____ () C:\Users\Werner\Downloads\printable.zip
2015-01-10 09:59 - 2015-01-10 09:59 - 02383339 _____ () C:\Users\Werner\Downloads\BOSCHHOEK__erf_40_%28Dombeya_Krantz_A%29_.zip
2015-01-10 09:59 - 2015-01-10 09:59 - 02314529 _____ () C:\Users\Werner\Downloads\Master Data Management.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 02314529 _____ () C:\Users\Werner\Downloads\Master Data Management.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 02197721 _____ () C:\Users\Werner\Downloads\Kagiso Media Data Transformation v2.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 02197721 _____ () C:\Users\Werner\Downloads\Kagiso Media Data Transformation v2.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 02172804 _____ () C:\Users\Werner\Downloads\Nampak Proposal v10.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 02172804 _____ () C:\Users\Werner\Downloads\Nampak Proposal v10.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 01919517 _____ () C:\Users\Werner\Downloads\2014_06_27Team Meeting Weekly Status Reportv3.pptx.zip.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 01919517 _____ () C:\Users\Werner\Downloads\2014_06_27Team Meeting Weekly Status Reportv3.pptx.zip
2015-01-10 09:59 - 2015-01-10 09:59 - 01561538 _____ () C:\Users\Werner\Downloads\Deloitte - Standard Bank Data virtualisation.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 01561538 _____ () C:\Users\Werner\Downloads\Deloitte - Standard Bank Data virtualisation.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 01493812 _____ () C:\Users\Werner\Downloads\SASOL RFQ v1.3.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 01493812 _____ () C:\Users\Werner\Downloads\SASOL RFQ v1.3.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 01436267 _____ () C:\Users\Werner\Downloads\Eskom Master Data Quality Proactive Assurance Audit.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 01436267 _____ () C:\Users\Werner\Downloads\Eskom Master Data Quality Proactive Assurance Audit.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 01390597 _____ () C:\Users\Werner\Downloads\Rajat Saigal - LADC Portfolio of Evidence after WG Final Draft.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 01305787 _____ () C:\Users\Werner\Downloads\BI Instance Strategy day x slide.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 01305787 _____ () C:\Users\Werner\Downloads\BI Instance Strategy day x slide.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 01273898 _____ () C:\Users\Werner\Downloads\DA Belgium Feedback to SA 2013.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 01273898 _____ () C:\Users\Werner\Downloads\DA Belgium Feedback to SA 2013.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 01157470 _____ () C:\Users\Werner\Downloads\B. CPF Findings and Recommendations for Premlin 04 10 2013.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 01157470 _____ () C:\Users\Werner\Downloads\B. CPF Findings and Recommendations for Premlin 04 10 2013.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 01147622 _____ () C:\Users\Werner\Downloads\SAPO.zip
2015-01-10 09:59 - 2015-01-10 09:59 - 01053184 _____ () C:\Users\Werner\Downloads\DA_IncreaseBonusSchedule YE 2014_ version 7.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 01053184 _____ () C:\Users\Werner\Downloads\DA_IncreaseBonusSchedule YE 2014_ version 7.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 01037546 _____ () C:\Users\Werner\Downloads\Sasol Phoenix BI Strategy v0 3 FB.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 01032020 _____ () C:\Users\Werner\Downloads\Sasol Phoenix BI Strategy v0 3 %282%29.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 01022278 _____ () C:\Users\Werner\Downloads\SASOL EIM RFW - EVD Overview.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 01011618 _____ () C:\Users\Werner\Downloads\SASOL OIL - BI Roadmap 20130410.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 01011618 _____ () C:\Users\Werner\Downloads\SASOL OIL - BI Roadmap 20130410.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 00944125 _____ () C:\Users\Werner\Downloads\201305 AngloGold Ashanti EXCO DCE session v2.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00944125 _____ () C:\Users\Werner\Downloads\201305 AngloGold Ashanti EXCO DCE session v2.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 00891271 _____ () C:\Users\Werner\Downloads\50_Portrait_Ideas_Posing_Guide_NEW.jpg.zip.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00891271 _____ () C:\Users\Werner\Downloads\50_Portrait_Ideas_Posing_Guide_NEW.jpg.zip
2015-01-10 09:59 - 2015-01-10 09:59 - 00863541 _____ () C:\Users\Werner\Downloads\SASOL RFQ v1.2.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00863541 _____ () C:\Users\Werner\Downloads\SASOL RFQ v1.2.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00830122 _____ () C:\Users\Werner\Downloads\Review of Student System Data Integrity 10052013 v1.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00830122 _____ () C:\Users\Werner\Downloads\Review of Student System Data Integrity 10052013 v1.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 00803471 _____ () C:\Users\Werner\Downloads\Siemens Energy Offer.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00803471 _____ () C:\Users\Werner\Downloads\Siemens Energy Offer.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 00768473 _____ () C:\Users\Werner\Downloads\HPACM8.dwg
2015-01-10 09:59 - 2015-01-10 09:59 - 00756786 _____ () C:\Users\Werner\Downloads\Images v1.1.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00756786 _____ () C:\Users\Werner\Downloads\Images v1.1.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 00739306 _____ () C:\Users\Werner\Downloads\Postbank-Specification V2 3.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00727040 _____ () C:\Users\Werner\Downloads\Nazeer Essop Public Sector Leads Activity Report From 1 Jan 2013 - 13 Feb 2014 and Other Proposals in Process.xls
2015-01-10 09:59 - 2015-01-10 09:59 - 00654033 _____ () C:\Users\Werner\Downloads\Sasol EIM RFQ Response Planning Kick-Off v1.2.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00654033 _____ () C:\Users\Werner\Downloads\Sasol EIM RFQ Response Planning Kick-Off v1.2.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 00645632 _____ () C:\Users\Werner\Downloads\Nazeer Essop Public Sector Weekly Leads Report from 1 Jan 2013 - 5 Dec 2013.xls
2015-01-10 09:59 - 2015-01-10 09:59 - 00516629 _____ () C:\Users\Werner\Downloads\HANA use cases Illustrative Examples.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00516629 _____ () C:\Users\Werner\Downloads\HANA use cases Illustrative Examples.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 00449109 _____ () C:\Users\Werner\Downloads\MTN timelines updated - 2010-10-18.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00449109 _____ () C:\Users\Werner\Downloads\MTN timelines updated - 2010-10-18.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 00416743 _____ () C:\Users\Werner\Downloads\Postbank-Specification V2.0.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00416743 _____ () C:\Users\Werner\Downloads\Postbank-Specification V2.0 (1).docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00400384 _____ () C:\Users\Werner\Downloads\Sasol Phoenix Reporting KPI Matrix - V2.3.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00400384 _____ () C:\Users\Werner\Downloads\Sasol Phoenix Reporting KPI Matrix - V2.3.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00391418 _____ () C:\Users\Werner\Downloads\Standard Bank CIB CEP Proposal 20130729_v0.01.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00391418 _____ () C:\Users\Werner\Downloads\Standard Bank CIB CEP Proposal 20130729_v0.01.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 00369650 _____ () C:\Users\Werner\Downloads\Sasol Phoenix BI Strategy Template v1.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00355506 _____ () C:\Users\Werner\Downloads\Sasol Phoenix Reporting Functional Design Specification Template v1.2.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00349515 _____ () C:\Users\Werner\Downloads\SASOL EIM RFQ - Our Understanding of your Requirements Version 1.00.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00343136 _____ () C:\Users\Werner\Downloads\Debtors Pack - 10 December 2013..xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00343136 _____ () C:\Users\Werner\Downloads\Debtors Pack - 10 December 2013..xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00338911 _____ () C:\Users\Werner\Downloads\OPEN SALES ORDERS.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00338911 _____ () C:\Users\Werner\Downloads\OPEN SALES ORDERS.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00335308 _____ () C:\Users\Werner\Downloads\Sasol proposal template KdP.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00320342 _____ () C:\Users\Werner\Downloads\Sasol Phoenix Reporting KPI Matrix Template - V2.3.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00320342 _____ () C:\Users\Werner\Downloads\Sasol Phoenix Reporting KPI Matrix Template - V2.3.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00319021 _____ () C:\Users\Werner\Downloads\Proposal_Finance_TCM_ScopeTheScope_Dec2013_V3.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00238393 _____ () C:\Users\Werner\Downloads\New Network template 2.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00235133 _____ () C:\Users\Werner\Downloads\DC Client Ac.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00235133 _____ () C:\Users\Werner\Downloads\DC Client Ac.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00232392 _____ () C:\Users\Werner\Downloads\Document1.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00232392 _____ () C:\Users\Werner\Downloads\Document1 (1).docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00226150 _____ () C:\Users\Werner\Downloads\EMEA DA BootCamp13_ASE_v1.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00226150 _____ () C:\Users\Werner\Downloads\EMEA DA BootCamp13_ASE_v1.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 00213062 _____ () C:\Users\Werner\Downloads\icons (1).zip
2015-01-10 09:59 - 2015-01-10 09:59 - 00209069 _____ () C:\Users\Werner\Downloads\Book1.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00209069 _____ () C:\Users\Werner\Downloads\Book1.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00198881 _____ () C:\Users\Werner\Downloads\Missing timesheets 31 May 2014.xlsb.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00198881 _____ () C:\Users\Werner\Downloads\Missing timesheets 31 May 2014.xlsb
2015-01-10 09:59 - 2015-01-10 09:59 - 00193198 _____ () C:\Users\Werner\Downloads\RDA&R engagement letter v 1.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00155172 _____ () C:\Users\Werner\Downloads\Book2.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00155172 _____ () C:\Users\Werner\Downloads\Book2.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00149557 _____ () C:\Users\Werner\Downloads\Rene_Passport_Edited.jpeg
2015-01-10 09:59 - 2015-01-10 09:59 - 00149557 _____ () C:\Users\Werner\Downloads\Rene_Passport_Edited (1).jpeg
2015-01-10 09:59 - 2015-01-10 09:59 - 00149557 _____ () C:\Users\Werner\Downloads\Rene_Passport.jpeg
2015-01-10 09:59 - 2015-01-10 09:59 - 00142913 _____ () C:\Users\Werner\Downloads\Rene_Swanepoel_Australia_Visa_Edited.jpeg
2015-01-10 09:59 - 2015-01-10 09:59 - 00133718 _____ () C:\Users\Werner\Downloads\Berenice Williams - Updated Excel CV.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00133718 _____ () C:\Users\Werner\Downloads\Berenice Williams - Updated Excel CV.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 00132832 _____ () C:\Users\Werner\Downloads\Engagement letter phase 2 - Data migration strategy and plan v2.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00127566 _____ () C:\Users\Werner\Downloads\System Outline.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00127566 _____ () C:\Users\Werner\Downloads\System Outline.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 00124912 _____ () C:\Users\Werner\Downloads\Engagement letter 2kp 180814.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00122868 _____ () C:\Users\Werner\Downloads\AGA RA expo.pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00122868 _____ () C:\Users\Werner\Downloads\AGA RA expo.pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 00122868 _____ () C:\Users\Werner\Downloads\AGA RA expo (1).pptx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00122868 _____ () C:\Users\Werner\Downloads\AGA RA expo (1).pptx
2015-01-10 09:59 - 2015-01-10 09:59 - 00120957 _____ () C:\Users\Werner\Downloads\Review transition arrangements - Engagement Letter final draft after WG.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00109862 _____ () C:\Users\Werner\Downloads\icons (2).zip
2015-01-10 09:59 - 2015-01-10 09:59 - 00102099 _____ () C:\Users\Werner\Downloads\Pricing text DTTL.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00100306 _____ () C:\Users\Werner\Downloads\IM in Public Sector v2 MV.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00088956 _____ () C:\Users\Werner\Downloads\Inform Alliance Partner Program rev 1L 04032014.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00088064 _____ () C:\Users\Werner\Downloads\Boschhoek Budget 2013-14.xls
2015-01-10 09:59 - 2015-01-10 09:59 - 00070656 _____ () C:\Users\Werner\Downloads\Copy of Copy of Reconcilliation - stand 229 - interest calculated on 900.xls
2015-01-10 09:59 - 2015-01-10 09:59 - 00061464 _____ () C:\Users\Werner\Downloads\Barclays Sprint123.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00061464 _____ () C:\Users\Werner\Downloads\Barclays Sprint123.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00055650 _____ () C:\Users\Werner\Downloads\INFORM Partner Program Agmt Standard only referal Infa 29.04.2014.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00050081 _____ () C:\Users\Werner\Downloads\RADA Leaders Meeting September 13 2.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00048348 _____ () C:\Users\Werner\Downloads\Standard Bank CIB Customer MI.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00048348 _____ () C:\Users\Werner\Downloads\Standard Bank CIB Customer MI.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00045744 _____ () C:\Users\Werner\Downloads\All competencies proficiency.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00045744 _____ () C:\Users\Werner\Downloads\All competencies proficiency.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00045224 _____ () C:\Users\Werner\Downloads\CV Percy Gumede January 2014.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00039862 _____ () C:\Users\Werner\Downloads\Rene_Photo.jpeg
2015-01-10 09:59 - 2015-01-10 09:59 - 00039194 _____ () C:\Users\Werner\Downloads\Sasol Phoenix Reporting KPI Tree Template v1.2.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00039194 _____ () C:\Users\Werner\Downloads\Sasol Phoenix Reporting KPI Tree Template v1.2.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00038001 _____ () C:\Users\Werner\Downloads\Anton Feb 2014.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00037341 _____ () C:\Users\Werner\Downloads\CIB Time.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00037341 _____ () C:\Users\Werner\Downloads\CIB Time.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00033132 _____ () C:\Users\Werner\Downloads\Boschhoek Mountain Estate May 2013.zip
2015-01-10 09:59 - 2015-01-10 09:59 - 00028497 _____ () C:\Users\Werner\Downloads\Prioritised FSI Regulatory Landscape for South Africa.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00026673 _____ () C:\Users\Werner\Downloads\RA Management Review Meeting - DF Script - Devan Koen.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00024169 _____ () C:\Users\Werner\Downloads\Document1 (2).docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00023549 _____ () C:\Users\Werner\Downloads\Stellenbosch costing estimates.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00023549 _____ () C:\Users\Werner\Downloads\Stellenbosch costing estimates.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00023549 _____ () C:\Users\Werner\Downloads\Stellenbosch costing estimates (1).xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00023549 _____ () C:\Users\Werner\Downloads\Stellenbosch costing estimates (1).xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00022419 _____ () C:\Users\Werner\Downloads\PROACT Phase 1 & 2 List of Regulations and Acts.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00022419 _____ () C:\Users\Werner\Downloads\PROACT Phase 1 & 2 List of Regulations and Acts (1).docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00020425 _____ () C:\Users\Werner\Downloads\Phase 1 PROACT Regulations and Acts.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00019322 _____ () C:\Users\Werner\Downloads\Notes from MTN Interview Prep session.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00019322 _____ () C:\Users\Werner\Downloads\Notes from MTN Interview Prep session (2).docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00019322 _____ () C:\Users\Werner\Downloads\Notes from MTN Interview Prep session (1).docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00019134 _____ () C:\Users\Werner\Downloads\HANA research for HP study.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00018528 _____ () C:\Users\Werner\Downloads\CEP RA Pmts.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00018528 _____ () C:\Users\Werner\Downloads\CEP RA Pmts.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00017074 _____ () C:\Users\Werner\Downloads\Sasol WHY HOW WHAT.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00017047 _____ () C:\Users\Werner\Downloads\AGA Contractor PO%27s DS.XLSX.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00017047 _____ () C:\Users\Werner\Downloads\AGA Contractor PO%27s DS.XLSX
2015-01-10 09:59 - 2015-01-10 09:59 - 00016847 _____ () C:\Users\Werner\Downloads\EIM work plan.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00016847 _____ () C:\Users\Werner\Downloads\EIM work plan.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00016514 _____ () C:\Users\Werner\Downloads\Recruitment Summary.docx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00013869 _____ () C:\Users\Werner\Downloads\Huis lening recon.htm.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00013869 _____ () C:\Users\Werner\Downloads\Huis lening recon.htm.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00013830 _____ () C:\Users\Werner\Downloads\Irene Glen Estate.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00013830 _____ () C:\Users\Werner\Downloads\Irene Glen Estate.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00013307 _____ () C:\Users\Werner\Downloads\Copy of CIM Signature Solution Tracker.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00013307 _____ () C:\Users\Werner\Downloads\Copy of CIM Signature Solution Tracker.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00013201 _____ () C:\Users\Werner\Downloads\Breakfast 5 November 2014 JHB Delegate List.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00013201 _____ () C:\Users\Werner\Downloads\Breakfast 5 November 2014 JHB Delegate List.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00012739 _____ () C:\Users\Werner\Downloads\AGA December 2013 Timesheets_Michelle Da Costa.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00012739 _____ () C:\Users\Werner\Downloads\AGA December 2013 Timesheets_Michelle Da Costa.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00012588 _____ () C:\Users\Werner\Downloads\Home-Loan-Account.xls
2015-01-10 09:59 - 2015-01-10 09:59 - 00012277 _____ () C:\Users\Werner\Downloads\Copy of SA vs NZ 04 October 2014 - Standard Bank.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00012277 _____ () C:\Users\Werner\Downloads\Copy of SA vs NZ 04 October 2014 - Standard Bank.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00011084 _____ () C:\Users\Werner\Downloads\fees.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00011084 _____ () C:\Users\Werner\Downloads\fees.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00011056 _____ () C:\Users\Werner\Downloads\Matobole%2c Karabo Tohlang.xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00011056 _____ () C:\Users\Werner\Downloads\Matobole%2c Karabo Tohlang.xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00011056 _____ () C:\Users\Werner\Downloads\Matobole%2c Karabo Tohlang (2).xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00011056 _____ () C:\Users\Werner\Downloads\Matobole%2c Karabo Tohlang (2).xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00011056 _____ () C:\Users\Werner\Downloads\Matobole%2c Karabo Tohlang (1).xlsx.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00011056 _____ () C:\Users\Werner\Downloads\Matobole%2c Karabo Tohlang (1).xlsx
2015-01-10 09:59 - 2015-01-10 09:59 - 00010520 _____ () C:\Users\Werner\Downloads\Home-Loan-Account (1).xls
2015-01-10 09:59 - 2015-01-10 09:59 - 00009103 _____ () C:\Users\Werner\Downloads\icons.zip
2015-01-10 09:59 - 2015-01-10 09:59 - 00000390 _____ () C:\Users\Werner\Downloads\K3772.zip
2015-01-10 09:59 - 2015-01-10 09:59 - 00000000 _____ () C:\Users\Werner\Downloads\Irene Glen Estate (1).xlsx.crdownload.decbak
2015-01-10 09:59 - 2015-01-10 09:59 - 00000000 _____ () C:\Users\Werner\Downloads\Irene Glen Estate (1).xlsx.crdownload
2015-01-10 09:59 - 2015-01-06 01:25 - 93287234 _____ () C:\Users\Werner\Downloads\Setup-10.3.405.45220_RC1-full.compressed.zip.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 140879751 _____ () C:\Users\Werner\Downloads\Miley Cyrus - We Can't Stop [Music Video] 1080p [Sbyky].mp4.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 02911398 _____ () C:\Users\Werner\Downloads\printable.zip.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 02679808 _____ () C:\Users\Werner\Downloads\NBPL Credit policy review v16.doc.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 02592256 _____ () C:\Users\Werner\Downloads\NBPL Credit policy review v11b.doc.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 01147622 _____ () C:\Users\Werner\Downloads\SAPO.zip.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 00727040 _____ () C:\Users\Werner\Downloads\Nazeer Essop Public Sector Leads Activity Report From 1 Jan 2013 - 13 Feb 2014 and Other Proposals in Process.xls.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 00654881 _____ () C:\Users\Werner\Downloads\photo (3).JPG.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 00654881 _____ () C:\Users\Werner\Downloads\photo (2).JPG.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 00645632 _____ () C:\Users\Werner\Downloads\Nazeer Essop Public Sector Weekly Leads Report from 1 Jan 2013 - 5 Dec 2013.xls.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 00437760 _____ () C:\Users\Werner\Downloads\Service Level Agreement Final V2.doc.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 00210432 _____ () C:\Users\Werner\Downloads\Refferal letter 2013.doc.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 00149557 _____ () C:\Users\Werner\Downloads\Rene_Passport_Edited.jpeg.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 00149557 _____ () C:\Users\Werner\Downloads\Rene_Passport_Edited (1).jpeg.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 00149557 _____ () C:\Users\Werner\Downloads\Rene_Passport.jpeg.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 00142913 _____ () C:\Users\Werner\Downloads\Rene_Swanepoel_Australia_Visa_Edited.jpeg.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 00115919 _____ () C:\Users\Werner\Downloads\photo.JPG.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 00107520 _____ () C:\Users\Werner\Downloads\Provident Preservation Fund Recommendation Sheet.doc.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 00101509 _____ () C:\Users\Werner\Downloads\photo 2.JPG.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 00101509 _____ () C:\Users\Werner\Downloads\photo 2 (1).JPG.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 00098225 _____ () C:\Users\Werner\Downloads\photo (1).JPG.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 00081927 _____ () C:\Users\Werner\Downloads\photo 1.JPG.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 00081927 _____ () C:\Users\Werner\Downloads\photo 1 (2).JPG.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 00081927 _____ () C:\Users\Werner\Downloads\photo 1 (1).JPG.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 00043942 _____ () C:\Users\Werner\Downloads\Proof_of_residence_Edited.jpg.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 00039862 _____ () C:\Users\Werner\Downloads\Rene_Photo.jpeg.decbak
2015-01-10 09:59 - 2015-01-06 01:25 - 00037637 _____ () C:\Users\Werner\Downloads\Rene_Photo_Edited.jpg.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 38676113 _____ () C:\Users\Werner\Downloads\DOMBEYA F.zip.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 19725456 _____ () C:\Users\Werner\Downloads\Entertainment-System-User-manual.zip.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 13381736 _____ () C:\Users\Werner\Downloads\Comfigurator3.7.8.zip.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 07705880 _____ () C:\Users\Werner\Downloads\Deloitte SAP HANA Capabilities_Forrester_v4.zip.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 07278749 _____ () C:\Users\Werner\Downloads\kkmulticopterflashtool_0.76beta1.zip.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 03420272 _____ () C:\Users\Werner\Downloads\BOSCHHOEK - INFORMATION PACK.zip.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 02383339 _____ () C:\Users\Werner\Downloads\BOSCHHOEK__erf_40_%28Dombeya_Krantz_A%29_.zip.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00768473 _____ () C:\Users\Werner\Downloads\HPACM8.dwg.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00623616 _____ () C:\Users\Werner\Downloads\Inverter-Specs-1-5kw4.doc.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00249344 _____ () C:\Users\Werner\Downloads\Curriculum Vitae Khotso.doc.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00213062 _____ () C:\Users\Werner\Downloads\icons (1).zip.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00196628 _____ () C:\Users\Werner\Downloads\IMG_0335.JPG.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00145920 _____ () C:\Users\Werner\Downloads\Business Intelligence baseline assessment and recomendation.doc.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00123005 _____ () C:\Users\Werner\Downloads\BOSCHHOEK STAMP.jpg.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00117760 _____ () C:\Users\Werner\Downloads\Investec Provident Preservation Letter.doc.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00109862 _____ () C:\Users\Werner\Downloads\icons (2).zip.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00103424 _____ () C:\Users\Werner\Downloads\FAIS General Code 28 Sept.doc.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00100352 _____ () C:\Users\Werner\Downloads\brownbuilt_preambles.doc.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00088064 _____ () C:\Users\Werner\Downloads\Boschhoek Budget 2013-14.xls.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00075264 _____ () C:\Users\Werner\Downloads\CAROLS ALPHABETICALLY.doc.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00070656 _____ () C:\Users\Werner\Downloads\Copy of Copy of Reconcilliation - stand 229 - interest calculated on 900.xls.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00065641 _____ () C:\Users\Werner\Downloads\DataVisualisationCartoon.jpg.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00052239 ___SH () C:\Users\Werner\Downloads\Folder.jpg.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00035416 _____ () C:\Users\Werner\Downloads\concept 3D 02 homestead.jpg.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00035223 _____ () C:\Users\Werner\Downloads\concept 3D 02 pavilions.jpg.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00034918 _____ () C:\Users\Werner\Downloads\concept 3D 03 homestead.jpg.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00034816 _____ () C:\Users\Werner\Downloads\IGCEOA %281%29.doc.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00033132 _____ () C:\Users\Werner\Downloads\Boschhoek Mountain Estate May 2013.zip.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00012588 _____ () C:\Users\Werner\Downloads\Home-Loan-Account.xls.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00010520 _____ () C:\Users\Werner\Downloads\Home-Loan-Account (1).xls.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00009348 ___SH () C:\Users\Werner\Downloads\AlbumArtSmall.jpg.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00009103 _____ () C:\Users\Werner\Downloads\icons.zip.decbak
2015-01-10 09:59 - 2015-01-06 01:24 - 00000390 _____ () C:\Users\Werner\Downloads\K3772.zip.decbak
2015-01-10 09:48 - 2015-01-10 09:48 - 02110636 _____ () C:\Users\Werner\Documents\Nampak Proposal v11.pptx.decbak
2015-01-10 09:48 - 2015-01-10 09:48 - 02110636 _____ () C:\Users\Werner\Documents\Nampak Proposal v11.pptx
2015-01-10 09:48 - 2015-01-10 09:48 - 00675153 _____ () C:\Users\Werner\Documents\When the consumer is not king.docx.decbak
2015-01-10 09:48 - 2015-01-10 09:48 - 00376401 _____ () C:\Users\Werner\Documents\BMW Tyre claim pictures.docx.decbak
2015-01-10 09:48 - 2015-01-10 09:48 - 00225520 _____ () C:\Users\Werner\Documents\Nicole doop gebed.docx.decbak
2015-01-10 09:48 - 2015-01-10 09:48 - 00145488 _____ () C:\Users\Werner\Documents\UJ BI proposal.pptx.decbak
2015-01-10 09:48 - 2015-01-10 09:48 - 00145488 _____ () C:\Users\Werner\Documents\UJ BI proposal.pptx
2015-01-10 09:48 - 2015-01-10 09:48 - 00016300 _____ () C:\Users\Werner\Documents\Sasol WHY, HOW, WHAT.docx.decbak
2015-01-10 09:48 - 2015-01-10 09:48 - 00015428 _____ () C:\Users\Werner\Documents\Background.docx.decbak
2015-01-10 09:48 - 2015-01-10 09:48 - 00013957 _____ () C:\Users\Werner\Documents\Huislening recon.xlsx.decbak
2015-01-10 09:48 - 2015-01-10 09:48 - 00013957 _____ () C:\Users\Werner\Documents\Huislening recon.xlsx
2015-01-10 09:48 - 2015-01-10 09:48 - 00013729 _____ () C:\Users\Werner\Documents\DA KPCs.xlsx.decbak
2015-01-10 09:48 - 2015-01-10 09:48 - 00013729 _____ () C:\Users\Werner\Documents\DA KPCs.xlsx
2015-01-10 09:48 - 2015-01-10 09:48 - 00011431 _____ () C:\Users\Werner\Documents\UJ fees.xlsx.decbak
2015-01-10 09:48 - 2015-01-10 09:48 - 00011431 _____ () C:\Users\Werner\Documents\UJ fees.xlsx
2015-01-10 09:48 - 2015-01-10 09:48 - 00000165 ____H () C:\Users\Werner\Documents\~$Nampak Proposal v11.pptx.decbak
2015-01-10 09:48 - 2015-01-10 09:48 - 00000165 ____H () C:\Users\Werner\Documents\~$Nampak Proposal v11.pptx
2015-01-10 09:48 - 2015-01-06 01:18 - 02554268 _____ () C:\Users\Werner\Documents\IMG_5784.JPG.decbak
2015-01-10 09:48 - 2015-01-06 01:18 - 02553546 _____ () C:\Users\Werner\Documents\IMG_5783.JPG.decbak
2015-01-10 09:48 - 2015-01-06 01:18 - 00559764 _____ () C:\Users\Werner\Documents\wind_energy.JPG.decbak
2015-01-10 09:48 - 2015-01-06 01:18 - 00328873 _____ () C:\Users\Werner\Documents\ID Scan.jpg.decbak
2015-01-10 08:29 - 2015-01-10 08:29 - 00960272 _____ (Emsisoft Ltd) C:\Users\Werner\Desktop\decrypt_pclock2.exe
2015-01-09 18:10 - 2015-01-19 21:39 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-09 18:10 - 2015-01-09 18:10 - 00001055 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-01-09 18:10 - 2015-01-09 18:10 - 00001043 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-01-09 18:09 - 2015-01-09 18:09 - 08986784 _____ (TeamViewer GmbH) C:\Users\Werner\Downloads\TeamViewer_Setup.exe
2015-01-09 13:14 - 2015-01-09 13:14 - 00431616 _____ () C:\Users\Werner\Downloads\sectionsplate-2014-11-01-gauteng-rev-customer-copy.xls
2015-01-08 20:30 - 2015-01-08 20:30 - 06434816 _____ () C:\Users\Werner\Downloads\UPD03007.bin
2015-01-08 19:15 - 2015-01-08 19:15 - 04168090 _____ () C:\Users\Werner\Downloads\56b1dad3-895f-4b59-ade7-9e8d4d8a6e25
2015-01-08 12:21 - 2015-01-08 12:21 - 00000000 ____D () C:\WINDOWS\SysWOW64\C2MP
2015-01-08 11:10 - 2015-01-08 11:10 - 00380928 _____ (NathanScott Apps.) C:\Users\Werner\Desktop\CryptolockerVB6_Patcher.exe
2015-01-08 08:27 - 2015-01-08 08:27 - 00736224 _____ (Emsisoft Ltd) C:\Users\Werner\Desktop\decrypt_pclock.exe
2015-01-08 08:20 - 2015-01-08 08:20 - 00736224 _____ (Emsisoft Ltd) C:\Users\Werner\Downloads\decrypt_pclock (1).exe
2015-01-08 08:19 - 2015-01-08 08:20 - 00736224 _____ (Emsisoft Ltd) C:\Users\Werner\Downloads\decrypt_pclock.exe
2015-01-06 23:53 - 2015-01-08 08:03 - 00001144 _____ () C:\Users\Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk
2015-01-06 23:20 - 2015-01-06 23:20 - 00880784 _____ (Google Inc.) C:\Users\Werner\Downloads\ChromeSetup.exe
2015-01-06 22:53 - 2015-01-06 22:53 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-06 22:33 - 2015-01-08 08:22 - 00077312 _____ (Emsisoft GmbH) C:\WINDOWS\system32\eamclean.exe
2015-01-06 22:33 - 2015-01-08 08:22 - 00000126 _____ () C:\WINDOWS\system32\eamclean.dat
2015-01-06 22:07 - 2015-01-22 20:14 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-06 22:07 - 2015-01-06 22:07 - 00001103 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-01-06 22:07 - 2015-01-06 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-01-06 22:03 - 2015-01-06 22:07 - 171776888 _____ (Emsisoft Ltd. ) C:\Users\Werner\Downloads\EmsisoftAntiMalwareSetup.exe
2015-01-06 11:50 - 2015-01-06 11:51 - 00000000 ____D () C:\Users\Werner\Downloads\Photorec
2015-01-06 11:48 - 2015-01-06 11:49 - 00000000 ____D () C:\Users\Werner\Downloads\testdisk-6.14.win
2015-01-06 11:06 - 2015-01-06 11:07 - 03736125 _____ () C:\Users\Werner\Downloads\testdisk-6.14.win.zip
2015-01-06 11:04 - 2015-01-06 11:04 - 12283989 _____ () C:\Users\Werner\Downloads\testdisk-7.0-WIP.win.zip
2015-01-06 08:38 - 2015-01-06 08:38 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Werner\Downloads\ShadowExplorer-0.9-setup.exe
2015-01-06 08:38 - 2015-01-06 08:38 - 00000000 ____D () C:\Users\Werner\AppData\Roaming\www.shadowexplorer.com
2015-01-06 03:50 - 2015-01-06 03:50 - 00001034 _____ () C:\Users\Werner\Desktop\CryptoLocker.lnk
2015-01-06 00:46 - 2015-01-16 21:11 - 02206721 _____ () C:\Users\Werner\enc_files.txt
2015-01-06 00:33 - 2015-01-08 20:12 - 00000000 ____D () C:\Users\Werner\AppData\Roaming\WinCL
2015-01-04 22:18 - 2015-01-04 22:18 - 34608712 _____ (Media Player - Codec Pack) C:\Users\Werner\Downloads\media.player.codec.pack.v4.3.5.setup.exe
2015-01-04 22:09 - 2015-01-04 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-01-04 22:09 - 2015-01-04 22:09 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-01-04 21:57 - 2015-01-04 21:57 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2015-01-04 21:42 - 2015-01-18 12:32 - 00000000 ____D () C:\Users\Werner\AppData\Local\Eldrtion
2015-01-04 21:42 - 2015-01-06 22:54 - 00000000 ____D () C:\Users\Werner\AppData\Local\YkzPack
2015-01-04 21:09 - 2015-01-04 22:15 - 00000000 ____D () C:\Users\Werner\Downloads\The Secret Life of Walter Mitty 2013
2015-01-04 21:09 - 2015-01-04 21:09 - 00033109 _____ () C:\Users\Werner\Downloads\The Secret Life of Walter Mitty 2013.torrent
2015-01-03 18:02 - 2015-01-19 19:17 - 00000000 ____D () C:\Users\Werner\AppData\Roaming\DMCache
2015-01-03 18:02 - 2015-01-10 10:02 - 00000000 ____D () C:\Users\Werner\Downloads\Video
2015-01-03 18:02 - 2015-01-03 18:05 - 00000000 ____D () C:\Users\Werner\AppData\Roaming\IDM
2015-01-03 18:02 - 2015-01-03 18:02 - 00001021 _____ () C:\Users\Werner\Desktop\Internet Download Manager.lnk
2015-01-03 18:02 - 2015-01-03 18:02 - 00000000 ____D () C:\Users\Werner\Downloads\Compressed
2015-01-03 18:02 - 2015-01-03 18:02 - 00000000 ____D () C:\Users\Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-01-03 18:02 - 2015-01-03 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-01-03 18:02 - 2015-01-03 18:02 - 00000000 ____D () C:\ProgramData\IDM
2015-01-03 18:02 - 2015-01-03 18:02 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-01-03 18:01 - 2015-01-03 18:01 - 06354256 _____ (Tonec Inc.) C:\Users\Werner\Downloads\idman621build17.exe
2014-12-29 10:00 - 2014-12-29 10:00 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 20:13 - 2013-01-07 21:06 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-22 19:36 - 2013-12-24 10:30 - 01766323 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-22 18:27 - 2012-12-30 08:53 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4130170648-3986349948-401041113-1001
2015-01-22 18:21 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-22 18:14 - 2013-11-14 14:43 - 00928970 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-22 18:11 - 2013-08-22 16:46 - 00317054 _____ () C:\WINDOWS\setupact.log
2015-01-22 14:31 - 2014-03-19 21:31 - 00004966 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for STUDY-Werner STUDY
2015-01-22 00:13 - 2013-01-07 21:06 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-20 22:09 - 2014-07-27 15:30 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-19 05:27 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-01-18 22:10 - 2013-12-24 10:41 - 00000000 ___DO () C:\Users\Werner\SkyDrive
2015-01-17 21:05 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-17 21:05 - 2013-08-22 16:44 - 00417104 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-17 21:02 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-16 22:45 - 2012-12-30 08:45 - 00000000 ____D () C:\Users\Werner\AppData\Local\Packages
2015-01-16 21:18 - 2013-09-13 21:22 - 00000000 ____D () C:\Users\Werner\Documents\Boschhoek
2015-01-16 21:13 - 2014-12-07 21:35 - 00000000 ____D () C:\Users\Werner\Documents\ABB
2015-01-14 03:29 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-14 03:28 - 2013-07-17 03:03 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 03:22 - 2012-12-31 13:12 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-10 14:42 - 2014-09-14 19:42 - 00000000 ____D () C:\Users\Werner\Documents\Wian skool
2015-01-10 14:42 - 2013-08-04 20:31 - 00000000 ____D () C:\Users\Werner\Documents\Woodshop
2015-01-10 14:35 - 2013-05-19 21:06 - 01169920 ___SH () C:\Users\Werner\Downloads\Thumbs.db
2015-01-10 14:30 - 2013-12-24 10:11 - 00000000 ____D () C:\Users\Werner
2015-01-10 10:02 - 2013-05-20 23:02 - 00000000 ____D () C:\Users\Werner\Downloads\Visa applications
2015-01-10 10:01 - 2014-08-17 15:06 - 00000000 ____D () C:\Users\Werner\Downloads\Logitech
2015-01-10 10:01 - 2013-12-18 08:37 - 00000000 ____D () C:\Users\Werner\Downloads\Iron Man 2 [MULTI5][PSP][FIX][WwW.GamesTorrents.CoM]
2015-01-10 10:00 - 2014-04-04 17:10 - 00000000 ____D () C:\Users\Werner\Downloads\DOMBEYA F
2015-01-10 09:59 - 2014-05-10 19:45 - 00000000 ____D () C:\Users\Werner\Documents\Studio
2015-01-10 09:59 - 2013-05-19 19:29 - 00000000 ____D () C:\Users\Werner\Documents\Visa applications
2015-01-10 09:58 - 2014-01-07 21:56 - 00000000 ____D () C:\Users\Werner\Documents\Sasol EIM
2015-01-10 09:48 - 2014-03-01 08:20 - 00000000 ____D () C:\Users\Werner\Documents\DSC alarm
2015-01-10 09:48 - 2013-12-13 07:15 - 00000000 ____D () C:\Users\Werner\Documents\Nedbank PL
2015-01-10 09:48 - 2013-11-06 06:08 - 00000000 ____D () C:\Users\Werner\Documents\Rene backup
2015-01-10 09:48 - 2013-06-17 23:23 - 00000000 ____D () C:\Users\Werner\Documents\EMEA bootcamp
2015-01-10 09:48 - 2013-06-12 13:35 - 00000000 ____D () C:\Users\Werner\Documents\Deloitte affairs
2015-01-06 23:23 - 2013-03-23 16:36 - 00026672 _____ () C:\WINDOWS\DPINST.LOG
2015-01-06 23:23 - 2013-03-23 16:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-06 22:56 - 2013-11-14 06:34 - 00198604 _____ () C:\WINDOWS\PFRO.log
2015-01-06 22:56 - 2013-01-07 21:07 - 00000000 ____D () C:\Program Files\Google
2015-01-06 22:56 - 2012-12-30 10:44 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-06 22:46 - 2014-12-22 19:18 - 00000000 ____D () C:\Users\Werner\AppData\Roaming\Skype
2015-01-06 22:46 - 2014-12-22 19:18 - 00000000 ____D () C:\ProgramData\Skype
2015-01-06 22:45 - 2012-12-30 10:44 - 00000000 ____D () C:\Users\Werner\AppData\Local\Google
2015-01-06 22:39 - 2013-03-23 20:58 - 00000000 ____D () C:\Program Files\DivX
2015-01-06 22:39 - 2013-03-23 20:53 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-01-06 22:39 - 2013-03-23 20:51 - 00000000 ____D () C:\ProgramData\DivX
2015-01-06 21:48 - 2014-07-27 15:29 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-06 21:34 - 2014-07-27 15:30 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-06 21:34 - 2014-07-27 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-06 21:34 - 2014-07-27 15:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-06 02:08 - 2014-11-14 20:25 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-06 02:08 - 2014-11-14 20:25 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-04 22:09 - 2013-05-12 19:37 - 00001947 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-01-04 22:09 - 2013-05-12 19:37 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-24 17:14 - 2013-05-08 07:02 - 00000000 ____D () C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======
2013-12-23 09:00 - 2014-03-23 07:20 - 0006144 _____ () C:\Users\Werner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-25 20:27 - 2014-05-25 20:27 - 0000869 _____ () C:\Users\Werner\AppData\Local\recently-used.xbel
2013-04-04 09:16 - 2013-09-14 17:38 - 0000040 ___SH () C:\ProgramData\.zreglib
2012-12-30 10:38 - 2012-12-30 10:38 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Werner\AppData\Local\Temp\1381228536_Cloud_Backup_Setup.exe
C:\Users\Werner\AppData\Local\Temp\DivXSetup.exe
C:\Users\Werner\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Werner\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Werner\AppData\Local\Temp\Quarantine.exe
C:\Users\Werner\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Werner\AppData\Local\Temp\SDShelEx-x64.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-17 21:17

Attached Files


Edited by nasdaq, 24 January 2015 - 10:09 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:24 AM

Posted 24 January 2015 - 10:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-4130170648-3986349948-401041113-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=359
SearchScopes: HKU\S-1-5-21-4130170648-3986349948-401041113-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=359
CHR Extension: (Google Wallet) - C:\Users\Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-13]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
Task: {1848E213-8C2D-415F-B9E1-556950832A60} - \03091666-40b5-44af-b8b1-7438214ece0b-1 No Task File <==== ATTENTION
Task: {22037D63-E9E3-469A-A9B5-0494113BDC5B} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {5B055673-777E-4B1E-A48B-4EEB150F21C9} - \03091666-40b5-44af-b8b1-7438214ece0b-6 No Task File <==== ATTENTION
Task: {5EC54CD3-14DB-4D82-8441-00051E28CA8B} - \03091666-40b5-44af-b8b1-7438214ece0b-2 No Task File <==== ATTENTION
Task: {A4A02010-72B3-44FB-8AEB-A07396614AB8} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {ABB4559F-65F7-4971-A776-D11459AFD59C} - \03091666-40b5-44af-b8b1-7438214ece0b-4 No Task File <==== ATTENTION
Task: {B3249FA7-42B3-4F82-8A42-5954A1FDD044} - \03091666-40b5-44af-b8b1-7438214ece0b-5 No Task File <==== ATTENTION
Task: {BDDC65AC-0C96-4566-833C-1E1722F214BD} - \03091666-40b5-44af-b8b1-7438214ece0b-7 No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:3F30E778
AlternateDataStreams: C:\ProgramData\TEMP:69E87FA2
AlternateDataStreams: C:\ProgramData\TEMP:838D4792
AlternateDataStreams: C:\ProgramData\TEMP:DEDD192D

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#3 WernSwan

WernSwan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:24 AM

Posted 24 January 2015 - 04:00 PM

Hi nasdaq
 
Thanks for the quick response.  Attached the files as requested.
 
 
WernSwan

Results of screen317's Security Check version 0.99.95
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Emsisoft Anti-Malware
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 51
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Reader XI
Google Chrome 35.0.1916.153 Google Chrome out of date!
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
Emsisoft Anti-Malware a2service.exe
Emsisoft Anti-Malware a2guard.exe
Ruiware WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Attached Files


Edited by nasdaq, 25 January 2015 - 08:22 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:24 AM

Posted 25 January 2015 - 08:23 AM

Looking good. Just delete this old version of Java 7 Update 51 using the Add/Remove programs applet.

---

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 WernSwan

WernSwan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:24 AM

Posted 25 January 2015 - 12:55 PM

Thanks nasdaq

 

All seems well.

 

 

WernSwan



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:24 AM

Posted 26 January 2015 - 08:48 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users