Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to run virus scan


  • This topic is locked This topic is locked
7 replies to this topic

#1 woodfields

woodfields

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 02 June 2017 - 03:48 AM

Hi people

I am unable to run a virus scan as zone alarms keep switching off ,

I think my pc is infected.

 

I managed to run a HT log , wondered if someone could please take a look for me.

Regards

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 09:47:48, on 02/06/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18666)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Intel\AMT\atchk.exe
C:\Program Files (x86)\USBShare\USBShare.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\NETGEAR\WNA3100M\WNA3100M.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Users\User\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=chrf-iryus&type=ypi_znlrm_00_00_ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: True Key Helper - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O4 - HKLM\..\Run: [USBSHARE] C:\Program Files (x86)\USBShare\USBShare.exe
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [mailruhomesearch] "C:\Users\User\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: NETGEAR WNA3100M Genie.lnk = C:\Program Files (x86)\NETGEAR\WNA3100M\WNA3100M.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files (x86)\Intel\AMT\atchksrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Service Installer TrueKey (InstallerService) - Unknown owner - C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe (file missing)
O23 - Service: Intel® Biometric and Context Agent Service (IntelBCAsvc) - Intel® Corporation - C:\Program Files\Intel\BCA\pabeSvc64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files (x86)\Intel\AMT\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel Security True Key (TrueKey) - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
O23 - Service: Intel Security True Key Scheduler (TrueKeyScheduler) - McAfee, Inc. - C:\Program Files\TrueKey\McTkSchedulerService.exe
O23 - Service: TrueKeyServiceHelper - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files (x86)\Intel\AMT\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNA3100M - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
O23 - Service: ZoneAlarm ICM Service - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
 
--
End of file - 9360 bytes
 

 

 



BC AdBot (Login to Remove)

 


#2 woodfields

woodfields
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 02 June 2017 - 03:57 AM

it says 26 infections found , but im unable to place in vault or do a full scan as it keeps switching off ( zone alarms ) 



#3 woodfields

woodfields
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 02 June 2017 - 04:25 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-06-2017
Ran by User (administrator) on USER-PC (02-06-2017 10:20:57)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Intel® Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Intel) C:\Program Files (x86)\Intel\AMT\LMS.exe
() C:\Program Files (x86)\USBShare\USBShare.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\NETGEAR\WNA3100M\WNA3100M.exe
(Intel) C:\Program Files (x86)\Intel\AMT\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Trend Micro Inc.) C:\Users\User\Downloads\HijackThis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation)
HKLM-x32\...\Run: [USBSHARE] => C:\Program Files (x86)\USBShare\USBShare.exe [241664 2011-05-14] ()
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [145208 2017-04-14] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [kbdsprt] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\ DisallowedCertificates: 1916A2AF346D399F50313C393200F14140456616 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 2A83E9020591A55FC6DDAD3FB102794C52B24E70 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 2B84BFBB34EE2EF949FE1CBE30AA026416EB2216 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 3A850044D8A195CD401A680C012CB0A3B5F8DC08 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 40AA38731BD189F9CDB5B9DC35E2136F38777AF4 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 43D9BCB568E039D073A74A71D8511F7476089CC3 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 471C949A8143DB5AD5CDF1C972864A2504FA23C9 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 61793FCBFA4F9008309BBA5FF12D2CB29CD4151A (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 63FEAE960BAA91E343CE2BD8B71798C76BDB77D0 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 6431723036FD26DEA502792FA595922493030F97 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 7D7F4414CCEF168ADF6BF40753B5BECD78375931 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 80962AE4D6C5B442894E95A13E4A699E07D694CF (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 86E817C81A5CA672FE000F36F878C19518D6F844 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 8E5BD50D6AE686D65252F843A9D4B96D197730AB (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 9845A431D51959CAF225322B4A4FE9F223CE6D15 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: B533345D06F64516403C00DA03187D3BFEF59156 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: B86E791620F759F17B8D25E38CA8BE32E7D5EAC2 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: C060ED44CBD881BD0EF86C0BA287DDCF8167478C (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: CEA586B2CE593EC7D939898337C57814708AB2BE (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: D018B62DC518907247DF50925BB09ACF4A5CB3AD (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: F8A54E03AADC5692B850496A4C4630FFEAA29D83 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: FA6660A94AB45F6A88C0D7874D89A863D74DEE97 (Avast Antivirus/Software) <==== ATTENTION
HKU\S-1-5-21-1663768791-2782842726-3288799794-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-1663768791-2782842726-3288799794-1000\...\Run: [mailruhomesearch] => "C:\Users\User\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred
HKU\S-1-5-21-1663768791-2782842726-3288799794-1000\...\MountPoints2: {4b14d90c-5922-11e6-a5af-001e4ff3b06e} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1663768791-2782842726-3288799794-1000\...\MountPoints2: {4b14d922-5922-11e6-a5af-001e4ff3b06e} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100M Genie.lnk [2016-08-01]
ShortcutTarget: NETGEAR WNA3100M Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100M\WNA3100M.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C4B24444-1146-4732-928A-D0BB6BD33FDD}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1663768791-2782842726-3288799794-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=chrf-iryus&type=ypi_znlrm_00_00_ie
HKU\S-1-5-21-1663768791-2782842726-3288799794-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1663768791-2782842726-3288799794-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E7D382AF-2EE5-4988-A042-34461E098686}&mid=f89019423fd747cd95e1d1570917599d-7250f67f39db3ec4f582520f3cf20797ddead86d&lang=en&ds=AVG&coid=avgtbavg&cmpid=1116tb&pr=fr&d=2016-09-20 02:22:45&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1663768791-2782842726-3288799794-1000 -> {56B9633D-4042-4DFE-87C2-12D552715BD9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1663768791-2782842726-3288799794-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E7D382AF-2EE5-4988-A042-34461E098686}&mid=f89019423fd747cd95e1d1570917599d-7250f67f39db3ec4f582520f3cf20797ddead86d&lang=en&ds=AVG&coid=avgtbavg&cmpid=1116tb&pr=fr&d=2016-09-20 02:22:45&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1663768791-2782842726-3288799794-1000 -> {96C257DA-4382-47AE-BF69-C6F2C01324A1} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=chrf-iryus&type=ypi_znlrm_00_00_ie
SearchScopes: HKU\S-1-5-21-1663768791-2782842726-3288799794-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B21098F7B-ADDC-49A8-B0C8-0F32D7978B75%7D&gp=811041
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
 
FireFox:
========
FF DefaultProfile: 6pr1v856.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6pr1v856.default [2017-06-02]
FF Homepage: Mozilla\Firefox\Profiles\6pr1v856.default -> hxxps://mail.ru/cnt/11956636?fr=ffhp1.0.3&gp=800000
FF Extension: (Домашняя страница Mail.Ru) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6pr1v856.default\Extensions\homepage@mail.ru [2017-04-04]
FF Extension: (Поиск@Mail.Ru) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6pr1v856.default\Extensions\search@mail.ru [2017-04-04]
FF Extension: (Disable TLS Certificate Transparency) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6pr1v856.default\features\{9c03b41e-22e0-4ad0-abf0-d4313e344671}\disable-cert-transparency@mozilla.org.xpi [2017-04-19]
FF Extension: (Disable Prefetch) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6pr1v856.default\features\{9c03b41e-22e0-4ad0-abf0-d4313e344671}\disable-prefetch@mozilla.org.xpi [2017-04-19]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6pr1v856.default\searchplugins\mailru.xml [2017-04-04]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2017-02-24]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-06-02]
CHR Extension: (Google Cast) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-08-17]
CHR Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Yahoo Partner) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpacaholihkepnhgeeiipghhgonbhdfb [2017-04-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-04-25]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2017-04-25]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-01]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-01]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-01]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-01]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-08-01]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2016-08-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-01]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-01]
CHR HKU\S-1-5-21-1663768791-2782842726-3288799794-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hpacaholihkepnhgeeiipghhgonbhdfb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel® Corporation)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [908256 2016-07-22] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-07-22] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-07-22] (McAfee, Inc.)
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4107680 2017-04-14] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-16] (Microsoft Corporation)
R2 WSWNA3100M; C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe [316120 2014-08-18] ()
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1058616 2017-04-14] (Check Point Software Technologies Ltd.)
S2 HuaweiHiSuiteService64.exe; "C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [223232 2016-05-25] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554408 2017-03-22] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [188648 2017-03-22] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [305496 2017-03-22] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1026280 2017-03-22] (AO Kaspersky Lab)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3409096 2014-09-04] (Realtek Semiconductor Corporation                           )
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [461240 2017-04-01] (Check Point Software Technologies Ltd.)
U3 iswSvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-02 10:20 - 2017-06-02 10:21 - 00019474 _____ C:\Users\User\Downloads\FRST.txt
2017-06-02 10:20 - 2017-06-02 10:20 - 02433536 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2017-06-02 10:20 - 2017-06-02 10:20 - 00000000 ____D C:\FRST
2017-06-02 10:19 - 2017-06-02 10:20 - 01773568 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2017-06-02 09:03 - 2017-06-02 09:03 - 00119808 _____ (Atribune.org) C:\Users\User\Downloads\VundoFix.exe
2017-06-02 09:03 - 2017-06-02 09:03 - 00000000 ____D C:\VundoFix Backups
2017-06-02 08:56 - 2017-06-02 08:56 - 00003120 _____ C:\Windows\System32\Tasks\{A0E84703-3833-4252-A926-47650172D23F}
2017-06-02 08:49 - 2017-06-02 08:49 - 00388608 _____ (Trend Micro Inc.) C:\Users\User\Downloads\HijackThis.exe
2017-06-02 08:36 - 2017-03-22 08:06 - 00554408 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kl1.sys
2017-06-02 08:36 - 2017-03-22 08:06 - 00305496 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2017-06-02 08:35 - 2017-06-02 08:35 - 00000762 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2017-06-02 08:24 - 2017-06-02 08:24 - 05984928 _____ (Check Point Software Technologies Ltd.) C:\Users\User\Downloads\zaSetupWeb_151_504_17269.exe
2017-06-02 08:22 - 2017-06-02 08:22 - 00006144 _____ C:\Users\User\Downloads\sales (9).xls
2017-06-02 08:21 - 2017-06-02 08:21 - 00024576 _____ C:\Users\User\Downloads\sales (8).xls
2017-06-02 08:21 - 2017-06-02 08:21 - 00006656 _____ C:\Users\User\Downloads\sales (7).xls
2017-06-02 08:20 - 2017-06-02 08:20 - 00024064 _____ C:\Users\User\Downloads\customer (1).xls
2017-06-02 08:00 - 2017-06-02 08:00 - 00055984 _____ C:\Users\User\Downloads\MPD0115-9523.pdf
2017-06-01 16:02 - 2017-06-01 16:02 - 00029710 _____ C:\Users\User\Downloads\print (20).pdf
2017-06-01 14:06 - 2017-06-01 14:06 - 00194281 _____ C:\Users\User\Downloads\WF1 (1).pdf
2017-05-31 15:48 - 2017-06-02 08:52 - 01015227 _____ C:\Users\User\Desktop\PRICES2017.xlsx
2017-05-31 15:40 - 2017-05-31 15:41 - 00030337 _____ C:\Users\User\Downloads\print (19).pdf
2017-05-31 13:47 - 2017-05-31 13:47 - 00052833 _____ C:\Users\User\Downloads\price-list-printable.xlsx
2017-05-31 13:47 - 2017-05-31 13:47 - 00052833 _____ C:\Users\User\Downloads\price-list-printable (1).xlsx
2017-05-31 12:19 - 2017-05-31 12:19 - 00194334 _____ C:\Users\User\Downloads\WF1.pdf
2017-05-31 11:16 - 2017-05-31 11:16 - 00024007 _____ C:\Users\User\Downloads\feature-comparison.xlsx
2017-05-31 10:51 - 2017-05-31 10:51 - 00056894 _____ C:\Users\User\Downloads\MPD0115-8818.pdf
2017-05-31 09:01 - 2017-05-31 09:01 - 00006656 _____ C:\Users\User\Downloads\sales (6).xls
2017-05-31 09:00 - 2017-05-31 09:00 - 00006144 _____ C:\Users\User\Downloads\sales (5).xls
2017-05-31 08:59 - 2017-05-31 08:59 - 00024576 _____ C:\Users\User\Downloads\sales (4).xls
2017-05-31 08:57 - 2017-05-31 08:57 - 00090624 _____ C:\Users\User\Downloads\sales (3).xls
2017-05-31 08:57 - 2017-05-31 08:57 - 00082432 _____ C:\Users\User\Desktop\QB01-06-17.xls
2017-05-31 08:54 - 2017-05-31 08:54 - 00104920 _____ C:\Users\User\Downloads\54-manifest (1).pdf
2017-05-31 08:52 - 2017-05-31 08:52 - 01111261 _____ C:\Users\User\Desktop\MIDA.pdf
2017-05-31 08:45 - 2017-05-31 08:45 - 00077981 _____ C:\Users\User\Downloads\45-sent.pdf
2017-05-30 13:09 - 2017-05-30 13:09 - 00030322 _____ C:\Users\User\Downloads\print (18).pdf
2017-05-30 12:30 - 2017-05-30 12:30 - 00804348 _____ C:\Users\User\Downloads\News80SUM.pdf
2017-05-30 08:43 - 2017-05-30 08:43 - 00030161 _____ C:\Users\User\Downloads\print (17).pdf
2017-05-30 08:40 - 2017-05-30 08:40 - 00030161 _____ C:\Users\User\Downloads\print (16).pdf
2017-05-30 08:39 - 2017-05-30 08:39 - 00030100 _____ C:\Users\User\Downloads\print (15).pdf
2017-05-30 08:06 - 2017-05-30 08:06 - 00028383 _____ C:\Users\User\Downloads\show_pod (1).pdf
2017-05-26 10:35 - 2017-05-26 10:35 - 00778250 _____ C:\Users\User\Downloads\Technical_Information_Composite_UK_lowres.pdf
2017-05-26 10:35 - 2017-05-26 10:35 - 00778250 _____ C:\Users\User\Downloads\Technical_Information_Composite_UK_lowres (1).pdf
2017-05-26 10:30 - 2017-05-26 10:30 - 00190415 _____ C:\Users\User\Downloads\138537__5.PDF
2017-05-26 10:28 - 2017-05-26 10:28 - 00110634 _____ C:\Users\User\Downloads\138537__6.PDF
2017-05-26 10:22 - 2017-05-26 10:22 - 00113655 _____ C:\Users\User\Downloads\138537__7 (4).PDF
2017-05-26 10:00 - 2017-05-26 10:00 - 00056642 _____ C:\Users\User\Downloads\MPD0115-7570.pdf
2017-05-26 09:51 - 2017-05-26 09:51 - 00113655 _____ C:\Users\User\Downloads\138537__7 (3).PDF
2017-05-26 09:51 - 2017-05-26 09:51 - 00113655 _____ C:\Users\User\Downloads\138537__7 (2).PDF
2017-05-26 09:32 - 2017-05-26 09:32 - 00113655 _____ C:\Users\User\Downloads\138537__7 (1).PDF
2017-05-26 09:11 - 2017-05-26 09:11 - 00113655 _____ C:\Users\User\Downloads\138537__7.PDF
2017-05-26 09:05 - 2017-05-26 09:05 - 00029901 _____ C:\Users\User\Downloads\print (14).pdf
2017-05-26 08:44 - 2017-05-26 08:44 - 00419770 _____ C:\Users\User\Downloads\type25_med_teknikrum_UK_lowres(1).pdf
2017-05-26 08:41 - 2017-05-26 08:41 - 00284530 _____ C:\Users\User\Downloads\galleriblad_multibane_komposit_UK_lowres.pdf
2017-05-26 08:39 - 2017-05-26 08:39 - 00477302 _____ C:\Users\User\Downloads\Udskiftningsboks_UK_lowres.pdf
2017-05-26 08:25 - 2017-05-26 08:25 - 00029823 _____ C:\Users\User\Downloads\print (13).pdf
2017-05-26 08:06 - 2017-05-26 08:06 - 00115697 _____ C:\Users\User\Desktop\POD1.pdf
2017-05-26 08:05 - 2017-05-26 08:05 - 00112031 _____ C:\Users\User\Downloads\POD1.pdf
2017-05-25 16:18 - 2017-05-25 16:18 - 00029888 _____ C:\Users\User\Downloads\print (12).pdf
2017-05-25 15:14 - 2017-05-25 15:14 - 00035251 _____ C:\Users\User\Downloads\EGSP5_Drawings.pdf
2017-05-25 14:31 - 2017-05-25 14:31 - 00037085 _____ C:\Users\User\Downloads\SUPRA_flexible_pre-insulated_pipe_system_specification_-_5-01.pdf
2017-05-25 12:58 - 2017-05-25 12:58 - 00104945 _____ C:\Users\User\Downloads\58-manifest (1).pdf
2017-05-25 12:58 - 2017-05-25 12:58 - 00077980 _____ C:\Users\User\Downloads\58-sent (1).pdf
2017-05-25 11:26 - 2017-05-25 11:26 - 00080056 _____ C:\Users\User\Downloads\26-sent (1).pdf
2017-05-25 10:27 - 2017-05-25 10:27 - 00204111 _____ C:\Users\User\Desktop\DAk0Cl-XsAA2-w1.jpg-large
2017-05-25 10:23 - 2017-05-25 10:23 - 00145445 _____ C:\Users\User\Downloads\BSL255201710234.xlsx
2017-05-25 10:13 - 2017-05-25 10:13 - 00065514 _____ C:\Users\User\Desktop\purchase_order1 (1).pdf
2017-05-25 10:13 - 2017-05-25 10:13 - 00061895 _____ C:\Users\User\Downloads\purchase_order1 (1).pdf
2017-05-25 10:12 - 2017-05-25 10:12 - 00063344 _____ C:\Users\User\Downloads\purchase_order1.pdf
2017-05-25 10:11 - 2017-05-25 10:12 - 00049664 _____ C:\Users\User\Desktop\purchase_order1.xls
2017-05-25 07:56 - 2017-05-25 07:56 - 00121751 _____ C:\Users\User\Downloads\COGS Strategic Board Meeting 25.05.2017 Agenda.pdf
2017-05-25 07:56 - 2017-05-25 07:56 - 00121751 _____ C:\Users\User\Downloads\COGS Strategic Board Meeting 25.05.2017 Agenda (1).pdf
2017-05-24 15:55 - 2017-05-24 15:55 - 00029802 _____ C:\Users\User\Downloads\print (11).pdf
2017-05-24 15:47 - 2017-05-24 15:47 - 00190443 _____ C:\Users\User\Downloads\Terms and Conditions 2016 (2).pdf
2017-05-24 14:59 - 2017-05-24 14:59 - 00030491 _____ C:\Users\User\Downloads\print (10).pdf
2017-05-24 14:56 - 2017-05-24 14:56 - 00030491 _____ C:\Users\User\Downloads\print (9).pdf
2017-05-24 14:23 - 2017-05-24 14:23 - 05441960 _____ C:\Users\User\Downloads\NEW_GOALS_FINAL_FINAL.pdf
2017-05-24 14:15 - 2017-05-24 14:15 - 00030102 _____ C:\Users\User\Downloads\print (8).pdf
2017-05-24 14:12 - 2017-05-24 14:12 - 00030102 _____ C:\Users\User\Downloads\print (7).pdf
2017-05-24 12:14 - 2017-05-24 12:14 - 00104931 _____ C:\Users\User\Downloads\14-manifest.pdf
2017-05-24 12:12 - 2017-05-24 12:12 - 00077974 _____ C:\Users\User\Downloads\12-sent.pdf
2017-05-24 12:09 - 2017-05-24 12:09 - 00030190 _____ C:\Users\User\Downloads\print (6).pdf
2017-05-24 12:09 - 2017-05-24 12:09 - 00030190 _____ C:\Users\User\Downloads\print (5).pdf
2017-05-23 13:03 - 2017-05-23 13:03 - 00030174 _____ C:\Users\User\Downloads\print (4).pdf
2017-05-23 09:54 - 2017-05-23 09:54 - 00658392 _____ C:\Users\User\Desktop\xxxxxxxxxxxxxxxxxx.pdf
2017-05-23 09:47 - 2017-05-23 09:47 - 00034017 _____ C:\Users\User\Desktop\WGM.pdf
2017-05-23 09:46 - 2017-05-23 09:46 - 00030171 _____ C:\Users\User\Downloads\print (3).pdf
2017-05-23 09:36 - 2017-05-23 09:36 - 00057379 _____ C:\Users\User\Downloads\MPD0115-6140.pdf
2017-05-23 08:56 - 2017-05-23 08:56 - 00105604 _____ C:\Users\User\Downloads\56-manifest.pdf
2017-05-23 08:55 - 2017-05-23 08:55 - 00105604 _____ C:\Users\User\Downloads\55-manifest.pdf
2017-05-23 08:36 - 2017-05-23 08:36 - 00079970 _____ C:\Users\User\Downloads\36-sent.pdf
2017-05-23 08:34 - 2017-05-23 08:34 - 00077990 _____ C:\Users\User\Downloads\34-sent.pdf
2017-05-23 08:28 - 2017-05-23 08:28 - 00078053 _____ C:\Users\User\Downloads\28-sent.pdf
2017-05-23 08:05 - 2017-05-23 08:05 - 00290926 _____ C:\Users\User\Downloads\UKMail-Delivery-Card-1113709.pdf
2017-05-22 15:01 - 2017-05-22 15:01 - 00077995 _____ C:\Users\User\Downloads\01-sent.pdf
2017-05-22 14:59 - 2017-05-22 14:59 - 00105174 _____ C:\Users\User\Downloads\59-manifest.pdf
2017-05-22 14:58 - 2017-05-22 14:58 - 00105173 _____ C:\Users\User\Downloads\58-manifest.pdf
2017-05-22 14:58 - 2017-05-22 14:58 - 00077966 _____ C:\Users\User\Downloads\58-sent.pdf
2017-05-22 14:57 - 2017-05-22 14:57 - 00077967 _____ C:\Users\User\Downloads\57-sent.pdf
2017-05-22 14:33 - 2017-05-22 14:33 - 00106911 _____ C:\Users\User\Downloads\33-manifest.pdf
2017-05-22 09:22 - 2017-05-22 09:22 - 00106907 _____ C:\Users\User\Downloads\22-manifest (1).pdf
2017-05-22 09:19 - 2017-05-22 09:19 - 00078014 _____ C:\Users\User\Downloads\19-sent.pdf
2017-05-22 09:17 - 2017-05-22 09:17 - 00078026 _____ C:\Users\User\Downloads\17-sent.pdf
2017-05-22 09:13 - 2017-05-22 09:13 - 00079971 _____ C:\Users\User\Downloads\13-sent.pdf
2017-05-22 09:09 - 2017-05-22 09:09 - 00077976 _____ C:\Users\User\Downloads\09-sent.pdf
2017-05-22 09:08 - 2017-05-22 09:08 - 00078051 _____ C:\Users\User\Downloads\08-sent.pdf
2017-05-22 07:59 - 2017-05-22 07:59 - 00056493 _____ C:\Users\User\Downloads\MPD0115-5565.pdf
2017-05-19 14:32 - 2017-05-19 14:32 - 00230122 _____ C:\Users\User\Downloads\ACFrOgDrIZcBc42ahJp6AJSWAik1F4Cn2-NTHzuSH_1FGl1pcMX-mVbtIvP8bfbu7UnevZqUoh6OZeoMqaiQQ6Nl34S12HEIQdV7EjCawi9hI8y1gXJiH-YVpQDxRRg=.pdf
2017-05-19 14:31 - 2017-05-19 14:32 - 00221883 _____ C:\Users\User\Downloads\Revision Timetable summer half-term 2017.pdf
2017-05-19 12:54 - 2017-05-19 12:54 - 00104954 _____ C:\Users\User\Downloads\54-manifest.pdf
2017-05-19 12:52 - 2017-05-19 12:52 - 00077976 _____ C:\Users\User\Downloads\52-sent.pdf
2017-05-19 12:52 - 2017-05-19 12:52 - 00077974 _____ C:\Users\User\Downloads\52-sent (1).pdf
2017-05-19 11:24 - 2017-05-19 11:25 - 14105788 _____ C:\Users\User\Downloads\BCG0001V14.pdf
2017-05-19 10:53 - 2017-05-19 10:53 - 00105000 _____ C:\Users\User\Downloads\53-manifest.pdf
2017-05-19 10:48 - 2017-05-19 10:48 - 00078068 _____ C:\Users\User\Downloads\48-sent.pdf
2017-05-19 10:22 - 2017-05-19 10:22 - 00105307 _____ C:\Users\User\Downloads\22-manifest.pdf
2017-05-19 09:32 - 2017-05-19 09:32 - 00115088 _____ C:\Users\User\Downloads\32-sent.pdf
2017-05-19 09:32 - 2017-05-19 09:32 - 00084374 _____ C:\Users\User\Downloads\32-sent (1).pdf
2017-05-19 09:26 - 2017-05-19 09:26 - 00077965 _____ C:\Users\User\Downloads\26-sent.pdf
2017-05-19 09:22 - 2017-05-19 09:22 - 00033947 _____ C:\Users\User\Downloads\print (2).pdf
2017-05-19 09:20 - 2017-05-19 09:20 - 00032981 _____ C:\Users\User\Downloads\print (1).pdf
2017-05-19 09:18 - 2017-05-19 09:18 - 00032981 _____ C:\Users\User\Downloads\print.pdf
2017-05-18 15:21 - 2017-05-18 15:21 - 00028683 _____ C:\Users\User\Downloads\show_pod.pdf
2017-05-18 09:34 - 2017-05-18 09:34 - 00056672 _____ C:\Users\User\Downloads\MPD0115-4549.pdf
2017-05-17 12:02 - 2017-05-17 12:02 - 05946693 _____ C:\Users\User\Downloads\uponor-pricelist-2017-final-web-version (2).pdf
2017-05-17 11:58 - 2017-05-17 11:58 - 05946693 _____ C:\Users\User\Downloads\uponor-pricelist-2017-final-web-version (1).pdf
2017-05-17 11:37 - 2017-05-24 15:38 - 00015360 _____ C:\Users\User\Desktop\Book1.xls
2017-05-17 10:05 - 2017-05-17 10:05 - 00108836 _____ C:\Users\User\Downloads\MPD0115-4125.pdf
2017-05-17 08:16 - 2017-05-17 08:16 - 00006656 _____ C:\Users\User\Downloads\sales (2).xls
2017-05-17 08:16 - 2017-05-17 08:16 - 00006144 _____ C:\Users\User\Downloads\sales (1).xls
2017-05-17 08:15 - 2017-05-17 08:15 - 00028160 _____ C:\Users\User\Desktop\ISS17-5-17.xls
2017-05-17 08:15 - 2017-05-17 08:15 - 00023552 _____ C:\Users\User\Downloads\sales.xls
2017-05-17 08:14 - 2017-05-17 08:14 - 00023040 _____ C:\Users\User\Downloads\customer.xls
2017-05-16 15:04 - 2017-05-16 15:04 - 05946693 _____ C:\Users\User\Downloads\uponor-pricelist-2017-final-web-version.pdf
2017-05-15 09:21 - 2017-05-15 09:43 - 00000000 ____D C:\Users\User\Desktop\BACKUP
2017-05-12 13:35 - 2017-06-01 15:06 - 00000000 ____D C:\Users\User\Desktop\Finance Invoices
2017-05-12 12:50 - 2017-05-12 12:50 - 00162500 _____ C:\Users\User\Desktop\ShawPDF.pdf
2017-05-11 13:26 - 2017-05-11 13:26 - 00262144 _____ C:\Windows\system32\config\elam
2017-05-11 13:16 - 2017-05-11 13:16 - 00000000 _RSHD C:\ProgramData\{972DC8CA-126D-23FD-11AA-92876DD12AFD}
2017-05-11 13:15 - 2017-05-12 07:53 - 00000000 ____D C:\ProgramData\{827D21CC-A22D-45D6-23CA-451DDAC769BA}
2017-05-11 13:15 - 2017-05-11 13:15 - 00000000 ____D C:\ProgramData\Spyrix Free Keylogger
2017-05-11 13:15 - 2017-05-11 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyrix Free Keylogger
2017-05-11 12:13 - 2017-05-11 12:13 - 00811546 _____ C:\Users\User\Desktop\136051.pdf
2017-05-11 10:25 - 2017-05-11 10:25 - 00033391 _____ C:\Users\User\Desktop\OHLtd.pdf
2017-05-10 01:55 - 2017-04-28 02:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-10 01:55 - 2017-04-28 02:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-10 01:55 - 2017-04-28 02:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-10 01:55 - 2017-04-28 02:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-10 01:55 - 2017-04-28 02:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-10 01:55 - 2017-04-28 02:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-10 01:55 - 2017-04-28 02:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-10 01:55 - 2017-04-28 01:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-10 01:55 - 2017-04-28 01:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-10 01:55 - 2017-04-28 01:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-10 01:55 - 2017-04-28 01:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-10 01:55 - 2017-04-28 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-10 01:55 - 2017-04-28 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-10 01:55 - 2017-04-28 01:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-10 01:55 - 2017-04-28 01:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-10 01:55 - 2017-04-28 01:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-10 01:55 - 2017-04-28 01:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-10 01:55 - 2017-04-28 01:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-10 01:55 - 2017-04-28 01:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-10 01:55 - 2017-04-28 01:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-10 01:55 - 2017-04-28 01:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-10 01:55 - 2017-04-28 01:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-10 01:55 - 2017-04-28 01:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-10 01:55 - 2017-04-28 01:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-10 01:55 - 2017-04-28 01:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-10 01:55 - 2017-04-28 01:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 01:55 - 2017-04-28 01:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-10 01:55 - 2017-04-26 15:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-10 01:55 - 2017-04-21 16:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-10 01:55 - 2017-04-21 16:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-10 01:55 - 2017-04-20 01:00 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-10 01:55 - 2017-04-20 00:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-10 01:55 - 2017-04-17 16:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-10 01:55 - 2017-04-17 16:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-10 01:55 - 2017-04-17 16:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-10 01:55 - 2017-04-17 16:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-10 01:55 - 2017-04-17 16:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-10 01:55 - 2017-04-17 16:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-10 01:55 - 2017-04-17 16:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-10 01:55 - 2017-04-17 16:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-10 01:55 - 2017-04-17 15:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-10 01:55 - 2017-04-16 10:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-10 01:55 - 2017-04-16 10:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-10 01:55 - 2017-04-16 09:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-10 01:55 - 2017-04-16 09:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-10 01:55 - 2017-04-16 09:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-10 01:55 - 2017-04-16 09:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-10 01:55 - 2017-04-16 09:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-10 01:55 - 2017-04-16 09:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-10 01:55 - 2017-04-16 09:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-10 01:55 - 2017-04-16 09:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-10 01:55 - 2017-04-16 09:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-10 01:55 - 2017-04-16 09:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-10 01:55 - 2017-04-16 09:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-10 01:55 - 2017-04-16 09:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-10 01:55 - 2017-04-16 09:36 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-10 01:55 - 2017-04-16 09:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-10 01:55 - 2017-04-16 09:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-10 01:55 - 2017-04-16 09:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-10 01:55 - 2017-04-16 09:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-05-10 01:55 - 2017-04-16 09:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-10 01:55 - 2017-04-16 09:11 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-10 01:55 - 2017-04-16 09:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-10 01:55 - 2017-04-16 09:09 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-10 01:55 - 2017-04-16 09:04 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-10 01:55 - 2017-04-16 09:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-10 01:55 - 2017-04-16 09:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-05-10 01:55 - 2017-04-16 09:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-10 01:55 - 2017-04-16 09:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-05-10 01:55 - 2017-04-16 09:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-05-10 01:55 - 2017-04-16 09:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-10 01:55 - 2017-04-16 09:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-10 01:55 - 2017-04-16 08:57 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-10 01:55 - 2017-04-16 08:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-10 01:55 - 2017-04-16 08:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-05-10 01:55 - 2017-04-16 08:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-05-10 01:55 - 2017-04-16 08:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-10 01:55 - 2017-04-16 08:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-05-10 01:55 - 2017-04-16 08:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-10 01:55 - 2017-04-16 08:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-05-10 01:55 - 2017-04-16 08:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-05-10 01:55 - 2017-04-16 08:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-10 01:55 - 2017-04-16 08:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-10 01:55 - 2017-04-16 08:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-10 01:55 - 2017-04-16 08:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-10 01:55 - 2017-04-16 08:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-10 01:55 - 2017-04-16 08:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-05-10 01:55 - 2017-04-16 08:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-05-10 01:55 - 2017-04-16 08:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-10 01:55 - 2017-04-16 08:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-05-10 01:55 - 2017-04-16 08:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-05-10 01:55 - 2017-04-16 08:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-10 01:55 - 2017-04-16 08:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-10 01:55 - 2017-04-16 08:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-05-10 01:55 - 2017-04-16 08:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-10 01:55 - 2017-04-16 08:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-10 01:55 - 2017-04-16 08:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-10 01:55 - 2017-04-16 08:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-10 01:55 - 2017-04-16 08:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-10 01:55 - 2017-04-16 08:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-05-10 01:55 - 2017-04-16 08:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-10 01:55 - 2017-04-16 07:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-10 01:55 - 2017-04-16 07:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-10 01:55 - 2017-04-16 07:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-10 01:55 - 2017-04-16 07:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-10 01:55 - 2017-04-16 07:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-10 01:55 - 2017-04-16 07:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-10 01:55 - 2017-04-12 16:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-10 01:55 - 2017-04-12 16:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-10 01:55 - 2017-04-12 16:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-10 01:55 - 2017-04-12 16:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-10 01:55 - 2017-04-12 16:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-10 01:55 - 2017-04-12 16:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-10 01:55 - 2017-04-12 16:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-10 01:55 - 2017-04-12 16:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-10 01:55 - 2017-04-07 16:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-10 01:55 - 2017-04-07 16:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-10 01:55 - 2017-04-07 16:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-10 01:55 - 2017-04-07 16:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-10 01:55 - 2017-04-07 16:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-10 01:55 - 2017-04-05 15:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-10 01:55 - 2017-04-05 15:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-10 01:55 - 2017-04-05 15:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-10 01:55 - 2017-04-04 16:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-10 01:55 - 2017-04-04 16:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-10 01:55 - 2017-04-04 16:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-10 01:55 - 2017-04-04 15:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-10 01:55 - 2017-04-04 15:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-10 01:55 - 2017-03-10 17:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-05-10 01:55 - 2017-03-10 17:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-05-10 01:55 - 2017-03-10 17:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-05-10 01:55 - 2017-03-10 17:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-05-10 01:55 - 2017-03-10 16:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-05-10 01:55 - 2017-03-10 16:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-05-10 01:55 - 2017-03-10 16:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-05-10 01:55 - 2017-03-09 17:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-05-10 01:55 - 2017-03-09 17:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-05-08 09:55 - 2017-05-08 09:56 - 00000000 ____D C:\Users\User\Desktop\PDF
2017-05-06 04:43 - 2017-05-08 09:52 - 33741824 _____ C:\Users\User\Desktop\FACI  FFS390 ASSEMBLEY.ppt
2017-05-03 12:31 - 2017-05-03 12:33 - 00000000 ____D C:\Users\User\Desktop\plug2
2017-05-03 10:52 - 2017-05-03 10:53 - 00000000 ____D C:\Users\User\Desktop\plug
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-02 09:35 - 2009-07-14 05:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-02 09:35 - 2009-07-14 05:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-02 09:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-02 09:03 - 2014-11-17 12:29 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore
2017-06-02 08:52 - 2016-11-14 09:19 - 00353280 _____ C:\Users\User\Desktop\buffertanksprices.xls
2017-06-02 08:51 - 2015-06-03 09:47 - 00000000 ____D C:\Users\User\AppData\Roaming\WinPatrol
2017-06-02 08:51 - 2015-06-03 09:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2017-06-02 08:47 - 2014-11-20 16:37 - 00001945 _____ C:\Windows\epplauncher.mif
2017-06-02 08:37 - 2017-04-01 16:39 - 00441208 _____ C:\Windows\system32\Drivers\vsconfig.xml
2017-05-31 08:57 - 2009-07-14 06:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-31 08:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-05-30 21:45 - 2010-11-21 04:27 - 00565416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-05-30 09:11 - 2017-04-18 09:11 - 00015872 _____ C:\Users\User\Desktop\ISS-APRIL.xls
2017-05-30 08:29 - 2015-06-04 15:48 - 00000000 ___RD C:\Users\User\Documents\Scanned Documents
2017-05-29 13:53 - 2016-08-25 16:57 - 00000000 ____D C:\Windows\system32\appmgmt
2017-05-24 15:41 - 2017-04-03 09:20 - 00000000 ____D C:\Users\User\Desktop\FACI390
2017-05-24 15:37 - 2016-11-14 09:20 - 01046343 _____ C:\Users\User\Desktop\bulklist.xlsx
2017-05-24 03:04 - 2014-11-17 12:54 - 00000000 ____D C:\Windows\system32\MRT
2017-05-24 03:01 - 2014-11-17 12:54 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-23 09:53 - 2016-08-19 10:17 - 00000000 ____D C:\Users\User\Desktop\gasification
2017-05-19 14:59 - 2016-08-03 14:26 - 00000000 ____D C:\Users\User\AppData\Local\Hisuite
2017-05-19 09:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-05-18 14:54 - 2016-08-19 10:19 - 00000000 ____D C:\Users\User\Desktop\Excel
2017-05-15 15:48 - 2016-08-19 10:36 - 00000853 ____H C:\Users\User\Downloads\.picasa.ini
2017-05-12 07:56 - 2015-06-02 14:57 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-10 07:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2017-05-10 03:28 - 2009-07-14 05:45 - 00401240 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-10 03:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-10 03:08 - 2014-11-17 13:14 - 00765656 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-05-09 14:07 - 2016-08-01 11:13 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-09 14:07 - 2016-08-01 11:13 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-09 14:07 - 2016-08-01 11:13 - 00004446 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-05-09 14:07 - 2016-08-01 11:13 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-09 14:07 - 2016-08-01 11:13 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-09 14:07 - 2016-08-01 11:13 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-09 14:07 - 2016-08-01 11:12 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2017-05-05 08:03 - 2016-08-15 08:07 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-03 12:18 - 2017-02-02 09:27 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-02 00:38
 
==================== End of FRST.txt ============================


#4 woodfields

woodfields
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 02 June 2017 - 04:26 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2017
Ran by User (02-06-2017 10:21:51)
Running from C:\Users\User\Downloads
Windows 7 Professional Service Pack 1 (X64) (2014-11-17 11:28:49)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1663768791-2782842726-3288799794-500 - Administrator - Disabled)
Guest (S-1-5-21-1663768791-2782842726-3288799794-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1663768791-2782842726-3288799794-1002 - Limited - Enabled)
User (S-1-5-21-1663768791-2782842726-3288799794-1000 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ZoneAlarm Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Aurora 3D Text & Logo Maker version 16.01.07 (HKLM-x32\...\{4F6B6582-B9F6-42B2-AAFC-48E097D07837}_is1) (Version: 16.01.07 - Aurora3D Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 1.0.2.0 - Digital Wave Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.135.1 - Intel Security)
Intel® Chipset Device Software (x32 Version: 10.0.24 - Intel® Corporation) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 19.3 - Intel)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kernel Bulk Image Resizer version 12.07.01 (HKLM-x32\...\Kernel Bulk Image Resizer version 12.07.01_is1) (Version:  - Lepide Software Pvt. Ltd.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91E30409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1663768791-2782842726-3288799794-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NETGEAR WNA3100M N300 Wireless USB Adapter (HKLM-x32\...\{D3580358-0F78-402A-BE53-2E9D06383E04}) (Version: 1.2.0.4 - NETGEAR)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Spyrix Free Keylogger 10.5.0 (HKLM-x32\...\Spyrix Free Keylogger_is1) (Version: 10.5.0 - Spyrix Security Inc.)
USBShare 1.0.0 (HKLM-x32\...\{AD101627-B261-40F2-A3A6-836E3E1F5B6A}_is1) (Version:  - Nanjing Qinheng)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinX HD Video Converter Deluxe 5.9.8 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software, Inc.)
Yodot MOV Repair (HKLM-x32\...\{DA12623E-713B-43BF-A33B-2071594805F5}_is1) (Version: 1.0.0.23 - Yodot Software)
Zebra Setup Utilities (HKLM-x32\...\Zebra Setup Utilities) (Version: 1.1.9.1148 - Zebra Technologies)
Zebra Setup Utilities (x32 Version: 1.1.9.1148 - Zebra Technologies) Hidden
ZoneAlarm Antivirus (x32 Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 15.1.504.17269 - Check Point)
ZoneAlarm Security (x32 Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1663768791-2782842726-3288799794-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1663768791-2782842726-3288799794-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1663768791-2782842726-3288799794-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1663768791-2782842726-3288799794-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1663768791-2782842726-3288799794-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0AD53361-7148-49A8-9BC9-150D620CAB3F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-02] (Google Inc.)
Task: {0FB43482-4AA6-4E2E-A25F-F0890E051CF4} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe 
Task: {1424D82C-01B9-4E9A-86ED-403B7DDBF766} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-02] (Google Inc.)
Task: {16AF123B-EA35-42A4-B4AF-63490E4FB143} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe [2017-05-09] (Adobe Systems Incorporated)
Task: {2A094F37-E6BD-48D8-9304-C90FB2361C43} - \journal-allnetgtechs -> No File <==== ATTENTION
Task: {45DFC7C1-4114-44F0-89FF-F312DED0422E} - System32\Tasks\{A0E84703-3833-4252-A926-47650172D23F} => pcalua.exe -a C:\Users\User\Downloads\HijackThis.exe -d C:\Users\User\Downloads
Task: {5B8454E3-9B09-40E6-9BC6-248C1A1532F1} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe  <==== ATTENTION
Task: {5C5BC2B6-17F1-44DA-8956-423948446A4B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {7EC4D43B-4668-409D-B01C-805856BABC00} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {A57BC925-2FB4-4DDB-B755-0E129D741C57} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated)
Task: {D67CA98C-8815-4F80-AEB8-8D3F1B09A78D} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-01] (McAfee, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-02 15:00 - 2011-05-14 00:00 - 00241664 _____ () C:\Program Files (x86)\USBShare\USBShare.exe
2016-08-01 09:40 - 2014-08-18 17:49 - 08274648 _____ () C:\Program Files (x86)\NETGEAR\WNA3100M\WNA3100M.exe
2016-08-01 09:40 - 2014-08-18 17:50 - 00316120 _____ () C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe
2016-08-01 09:40 - 2014-07-22 10:18 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvcLib.dll
2016-08-01 09:40 - 2014-09-03 15:16 - 00450560 _____ () C:\Program Files (x86)\NETGEAR\WNA3100M\WifiLib.dll
2009-08-05 10:45 - 2009-08-05 10:45 - 00106312 _____ () C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLCTL.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2016-12-06 12:19 - 00000830 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1663768791-2782842726-3288799794-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{3BA97D09-2E6D-4982-BAB7-996DA4C7E5B8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{78B3BFF8-2F0F-4F3E-AF58-804DE4E9E4C9}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{49D6E1D1-8DC4-48CB-9F3A-0234A31C64B4}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{8BB46AC3-5B91-427B-97F1-CF436CB45B94}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{CEF91C17-09C9-4405-9219-4579F365D9C8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{531822E4-73C8-457B-8CA9-9E8BBFF8A6F8}] => (Allow) LPort=2869
FirewallRules: [{DE3F20C6-BB0B-4586-BC06-AEE52751BA8D}] => (Allow) LPort=1900
FirewallRules: [{147C2C25-385E-448E-95D2-D2E9E312E1DD}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{0FEEA289-2EAA-4A9F-84E3-B64B40806173}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{926C475E-1FE5-4BBB-B627-208F17C6E8BD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{42C18AAC-EB7C-455E-A5C5-D287527D69D5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5E9B2F92-0389-40EB-847D-9054A35ED6B6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C3BADF9E-5524-469E-A10F-E9E11BCDA13C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{BFE13D11-A20C-446E-AFFF-8D8263A500A6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{145B22DE-456B-4BB6-81C1-E5DDCE1A4DCA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3187F1E5-270F-4BF7-BE39-5D99760B09F8}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{804ADC1B-84E7-423A-9934-BC0D987F070F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{5E71B981-56D3-4E40-B547-ACCF97197998}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{91160421-C4EF-4A28-ADDF-3D58E77DC121}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/02/2017 10:06:28 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (06/02/2017 09:28:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/02/2017 08:36:09 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: User-PC)
Description: Application or service 'TrueVector Internet Monitor' could not be shut down.
 
Error: (06/02/2017 08:36:09 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: User-PC)
Description: Application or service 'TrueVector Internet Monitor' could not be shut down.
 
Error: (06/02/2017 08:35:40 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: User-PC)
Description: Application or service 'TrueVector Internet Monitor' could not be shut down.
 
Error: (06/02/2017 08:35:40 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: User-PC)
Description: Application or service 'TrueVector Internet Monitor' could not be shut down.
 
Error: (06/02/2017 08:35:10 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: User-PC)
Description: Application or service 'TrueVector Internet Monitor' could not be shut down.
 
Error: (06/02/2017 08:35:09 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: User-PC)
Description: Application or service 'TrueVector Internet Monitor' could not be shut down.
 
Error: (06/01/2017 04:23:14 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 90080108).
 
Error: (06/01/2017 09:57:51 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver
 
 
System errors:
=============
Error: (06/02/2017 09:28:58 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Biometric and Context Agent Service service hung on starting.
 
Error: (06/02/2017 09:27:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (06/02/2017 09:27:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HuaweiHiSuiteService64.exe service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (06/02/2017 08:29:55 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (05/31/2017 04:17:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WSWNA3100M service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (05/31/2017 04:15:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WSWNA3100M service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (05/31/2017 04:14:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WSWNA3100M service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (05/31/2017 04:13:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WSWNA3100M service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (05/31/2017 04:12:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Biometric and Context Agent Service service hung on starting.
 
Error: (05/31/2017 04:11:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error: 
The system cannot find the file specified.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 49%
Total physical RAM: 3956.61 MB
Available physical RAM: 1985.16 MB
Total Virtual: 7911.41 MB
Available Virtual: 5818.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:57.87 GB) (Free:20.96 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:16.54 GB) (Free:0.39 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 01678A0A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=57.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:42 PM

Posted 03 June 2017 - 09:10 AM

Hi woodfields :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Please give me a few hours to read your logs and get back at you.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:42 PM

Posted 03 June 2017 - 01:06 PM

Alright, let's start with a simple FRST fix.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:42 PM

Posted 07 June 2017 - 11:59 AM

Hi woodfields,

Are you still with me?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:42 PM

Posted 09 June 2017 - 11:29 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users