Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with heur:trojan.win32.generic & Trojan.multi.Gen AutorunReg.a


  • This topic is locked This topic is locked
15 replies to this topic

#1 vanbibber

vanbibber

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:03 PM

Posted 07 August 2017 - 03:10 PM

We are a 250+ Windows 7 Domain network (Server 2012) across 39 VPN'd locations. We run Sonicwall Enforced AV Client - Kasperski on all machines. We have a rash of virus's we can not seem to contain. Kasperski seems to be catching and blocks them, but it seems to keep replicating itself to no end. As well we run multiple Windows servers ( Win Server 2012 ) all are running the Sonciwall Enforced AV client and Malwarebytes Coporate edition. (fileserver, dns, dhcp, Hyper V hosts). Kasperski address the infection as "heur:trojan.win32.generic" & "Trojan.multi.Gen AutorunReg.a"

 

Any suggestion on a permanent solution to this infection would be appreciated. Below is the FRST logs on one of the particular machines running Win 7, this is a virtual machine as well running through Hyper V. Most machines we have are physical. I will use this virtual machine as my baseline for testing your cleanup procedures.

 

Tools we tried to eliminate the infections include, none completely fixed the infection: 

- Malwarebytes
- Kasperski AV

- CCleaner
- Rkill

- Hitman pro

- MBar (malwarebytes)

- JRT (malwarebytes)

- Combofix (last resort)

 

 

Thanks,

 

-Timothy

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-08-2017
Ran by vanbibber-t (administrator) on CAC (07-08-2017 15:03:19)
Running from C:\
Loaded Profiles: vanbibber-t (Available Profiles: vanbibber-t & salazar-m & mcgettes-t & CAC & HBC)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\vmicsvc.exe
(Microsoft Corporation) C:\Windows\System32\vmicsvc.exe
(Microsoft Corporation) C:\Windows\System32\vmicsvc.exe
(Microsoft Corporation) C:\Windows\System32\vmicsvc.exe
(Microsoft Corporation) C:\Windows\System32\vmicsvc.exe
(Epicor Software Corporation) C:\Program Files\Epicor\Analytics\Eagle\CompassSchedulerService.exe
(Epicor Software Corporation) C:\Program Files\Epicor\Analytics\Eagle\EagleClientProfilesService.exe
(SonicWall Inc.) C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWECLOG.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(SonicWall Inc.) C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWEC.exe
(SonicWall Inc.) C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWECAV.exe
(Epicor Software Corporation) C:\Program Files\Epicor\eConnect\eConnectTaskService.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Epicor Software Corporation) C:\Program Files\Epicor\eConnect\eConnectTray.exe
(SonicWall Inc.) C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWDash.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [1690096 2013-07-19] (GlavSoftLLC.)
HKLM\...\Run: [Eagle eConnect Tray Monitor] => C:\Program Files\Epicor\eConnect\eConnectTray.exe [28160 2016-10-12] (EpicorSoftwareCorporation)
HKLM\...\Run: [ECM Dashboard] => C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWDash.exe [10721280 2017-03-15] (SonicWallInc.)
HKU\S-1-5-21-3039522607-814947754-2739937932-1104\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7658200 2017-06-30] (PiriformLtd)
Startup: C:\Users\hbc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eagle Listener.lnk [2017-04-28]
ShortcutTarget: Eagle Listener.lnk -> C:\3apps\Catapult\3listen.exe (Epicor Software Corporation)
Startup: C:\Users\hbc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eagle Scheduler.lnk [2017-04-28]
ShortcutTarget: Eagle Scheduler.lnk -> C:\3apps\Catapult\Sched.exe (Epicor Software Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{BB852057-B039-47BF-8D0C-67FFD445374A}: [NameServer] 10.95.3.254,10.95.3.250,8.8.8.8
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3039522607-814947754-2739937932-1104\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
DPF: {CB7FBF9A-F0FE-4DF2-AFDD-4EA305116E3B} hxxp://software.sonicwall.com/applications/SEC/ClientSoftware/SWECMControlX.cab
 
FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\VanBibber-T\AppData\Local\Google\Chrome\User Data\Default [2017-05-26]
CHR Extension: (Docs) - C:\Users\VanBibber-T\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-26]
CHR Extension: (No Name) - C:\Users\VanBibber-T\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-26]
CHR Extension: (No Name) - C:\Users\VanBibber-T\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-26]
CHR Extension: (No Name) - C:\Users\VanBibber-T\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\VanBibber-T\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-26]
CHR Extension: (No Name) - C:\Users\VanBibber-T\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-26]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CompassScheduler; C:\Program Files\Epicor\Analytics\Eagle\CompassSchedulerService.exe [189952 2016-06-13] (EpicorSoftwareCorporation) [File not signed]
R2 EagleClientProfiles; C:\Program Files\Epicor\Analytics\Eagle\EagleClientProfilesService.exe [163840 2016-06-13] (EpicorSoftwareCorporation) [File not signed]
S3 eConnect.ListenerService; C:\Program Files\Epicor\eConnect\eConnectListenerService.exe [17920 2016-10-12] (EpicorSoftwareCorporation) [File not signed]
R2 eConnect.TaskService; C:\Program Files\Epicor\eConnect\eConnectTaskService.exe [18944 2016-10-12] (EpicorSoftwareCorporation) [File not signed]
S3 Norris Tasks; C:\Program Files\Epicor\Analytics\Eagle\NorrisTaskService.exe [103424 2016-06-13] (EpicorSoftwareCorporation) [File not signed]
R2 SEC; C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWEC.exe [970240 2017-03-15] (SonicWallInc.) [File not signed]
R2 SECAV; C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWECAV.exe [2078272 2017-03-14] (SonicWallInc.)
R2 SECLOG; C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWECLOG.exe [318392 2017-03-15] (SonicWallInc.)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [1690096 2013-07-19] (GlavSoftLLC.)
R2 vmicheartbeat; C:\Windows\system32\vmicsvc.exe [215552 2010-11-20] (MicrosoftCorporation)
R2 vmickvpexchange; C:\Windows\system32\vmicsvc.exe [215552 2010-11-20] (MicrosoftCorporation)
R2 vmicshutdown; C:\Windows\system32\vmicsvc.exe [215552 2010-11-20] (MicrosoftCorporation)
R2 vmictimesync; C:\Windows\system32\vmicsvc.exe [215552 2010-11-20] (MicrosoftCorporation)
R2 vmicvss; C:\Windows\system32\vmicsvc.exe [215552 2010-11-20] (MicrosoftCorporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (MicrosoftCorporation)
S2 1043912608; %SystemRoot%\17557976.exe [X]
S2 1095868546; %SystemRoot%\17164480.exe [X]
S2 1100468009; %SystemRoot%\18606552.exe [X]
S2 113468466; %SystemRoot%\11135448.exe [X]
S2 13536300; %SystemRoot%\37480920.exe [X]
S2 451453539; %SystemRoot%\23259608.exe [X]
S2 500480171; %SystemRoot%\25487536.exe [X]
S2 603153420; %SystemRoot%\20113880.exe [X]
S2 879951048; %SystemRoot%\25160152.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [15952 2009-07-13] (CMDTechnology,Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [165296 2016-08-25] (AOKasperskyLab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141136 2016-08-25] (AOKasperskyLab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [111440 2016-08-25] (AOKasperskyLab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [786256 2016-08-25] (AOKasperskyLab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [108888 2016-08-25] (AOKasperskyLab)
R3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (MicrosoftCorporation)
R3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (MicrosoftCorporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-07 15:00 - 2017-08-07 15:00 - 000000000 ____D C:\av utilities
2017-08-07 14:24 - 2017-08-07 15:03 - 000008977 _____ C:\FRST.txt
2017-08-07 14:24 - 2017-08-07 15:03 - 000000000 ____D C:\FRST
2017-08-07 14:23 - 2017-08-07 13:47 - 001778176 _____ (Farbar) C:\FRST.exe
2017-08-07 10:10 - 2017-08-07 11:31 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-07 10:10 - 2017-08-07 11:21 - 000170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-07 10:10 - 2017-08-07 10:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-07 10:09 - 2017-08-07 11:31 - 000000000 ____D C:\Users\mcgettes-t\Desktop\mbar
2017-08-07 10:09 - 2017-08-07 11:20 - 000094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-08-07 10:08 - 2017-08-07 09:50 - 016563352 _____ (Malwarebytes Corp.) C:\mbar-1.09.3.1001.exe
2017-08-03 08:41 - 2011-06-26 01:45 - 000256000 _____ C:\Windows\PEV.exe
2017-08-03 08:41 - 2010-11-07 12:20 - 000208896 _____ C:\Windows\MBR.exe
2017-08-03 08:41 - 2009-04-19 23:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-08-03 08:41 - 2000-08-30 19:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-08-03 08:41 - 2000-08-30 19:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-08-03 08:41 - 2000-08-30 19:00 - 000098816 _____ C:\Windows\sed.exe
2017-08-03 08:41 - 2000-08-30 19:00 - 000080412 _____ C:\Windows\grep.exe
2017-08-03 08:41 - 2000-08-30 19:00 - 000068096 _____ C:\Windows\zip.exe
2017-08-03 08:39 - 2017-08-03 10:52 - 000000000 ____D C:\Qoobox
2017-08-03 08:39 - 2017-08-03 10:50 - 000000000 ____D C:\Windows\erdnt
2017-08-03 08:38 - 2017-08-03 07:54 - 005659660 ____R (Swearware) C:\ComboFix.exe
2017-07-26 15:29 - 2017-07-26 15:35 - 000000000 ____D C:\ProgramData\HitmanPro
2017-07-26 15:28 - 2017-07-26 15:27 - 011007936 _____ (SurfRight B.V.) C:\HitmanPro.exe
2017-07-26 09:29 - 2017-08-04 12:52 - 000069272 _____ C:\Users\mcgettes-t\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-26 09:29 - 2017-07-29 16:09 - 000000000 ____D C:\Users\mcgettes-t\AppData\Local\Google
2017-07-26 09:29 - 2017-07-26 15:28 - 000002201 _____ C:\Users\mcgettes-t\Desktop\Google Chrome.lnk
2017-07-26 09:29 - 2017-07-26 09:29 - 000002178 __RSH C:\Users\mcgettes-t\ntuser.pol
2017-07-26 09:29 - 2017-07-26 09:29 - 000001413 _____ C:\Users\mcgettes-t\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-26 09:29 - 2017-07-26 09:29 - 000000020 ___SH C:\Users\mcgettes-t\ntuser.ini
2017-07-26 09:29 - 2017-07-26 09:29 - 000000000 ____D C:\Users\mcgettes-t\AppData\Roaming\Adobe
2017-07-26 09:29 - 2017-07-26 09:29 - 000000000 ____D C:\Users\mcgettes-t
2017-07-26 09:29 - 2011-04-11 21:24 - 000000000 ____D C:\Users\mcgettes-t\AppData\Roaming\Media Center Programs
2017-07-21 09:19 - 2017-07-21 09:19 - 000001606 _____ C:\Users\salazar-m\Desktop\Network Configuration.lnk
2017-07-20 09:15 - 2017-07-20 09:15 - 000069680 _____ C:\Users\salazar-m\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-20 09:15 - 2017-07-20 09:15 - 000002201 _____ C:\Users\salazar-m\Desktop\Google Chrome.lnk
2017-07-20 09:15 - 2017-07-20 09:15 - 000002178 __RSH C:\Users\salazar-m\ntuser.pol
2017-07-20 09:15 - 2017-07-20 09:15 - 000001413 _____ C:\Users\salazar-m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-20 09:15 - 2017-07-20 09:15 - 000000020 ___SH C:\Users\salazar-m\ntuser.ini
2017-07-20 09:15 - 2017-07-20 09:15 - 000000000 ____D C:\Users\salazar-m\AppData\Roaming\Adobe
2017-07-20 09:15 - 2017-07-20 09:15 - 000000000 ____D C:\Users\salazar-m\AppData\Local\Google
2017-07-20 09:15 - 2017-07-20 09:15 - 000000000 ____D C:\Users\salazar-m
2017-07-20 09:15 - 2011-04-11 21:24 - 000000000 ____D C:\Users\salazar-m\AppData\Roaming\Media Center Programs
2017-07-12 01:20 - 2017-06-29 22:32 - 000346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-12 01:20 - 2017-06-29 21:39 - 001549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-12 01:20 - 2017-06-29 21:38 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-12 01:20 - 2017-06-29 21:38 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-12 01:20 - 2017-06-29 21:38 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-12 01:20 - 2017-06-29 21:38 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-12 01:20 - 2017-06-29 21:38 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-12 01:20 - 2017-06-29 21:38 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-12 01:20 - 2017-06-29 21:38 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-12 01:20 - 2017-06-29 21:38 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-12 01:20 - 2017-06-29 21:27 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-12 01:20 - 2017-06-29 21:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-12 01:20 - 2017-06-29 21:26 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-12 01:20 - 2017-06-29 21:26 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-12 01:20 - 2017-06-29 00:35 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-12 01:20 - 2017-06-29 00:35 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-12 01:20 - 2017-06-29 00:23 - 020270592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-12 01:20 - 2017-06-29 00:23 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-12 01:20 - 2017-06-29 00:23 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-12 01:20 - 2017-06-29 00:23 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-12 01:20 - 2017-06-29 00:22 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-12 01:20 - 2017-06-29 00:22 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-12 01:20 - 2017-06-29 00:19 - 002290176 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-12 01:20 - 2017-06-29 00:17 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-12 01:20 - 2017-06-29 00:16 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-12 01:20 - 2017-06-29 00:14 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-12 01:20 - 2017-06-29 00:13 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-12 01:20 - 2017-06-29 00:13 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-12 01:20 - 2017-06-29 00:13 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-12 01:20 - 2017-06-29 00:13 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-12 01:20 - 2017-06-29 00:08 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-12 01:20 - 2017-06-29 00:05 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-12 01:20 - 2017-06-29 00:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-12 01:20 - 2017-06-29 00:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-12 01:20 - 2017-06-29 00:00 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-12 01:20 - 2017-06-28 23:58 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-12 01:20 - 2017-06-28 23:56 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-12 01:20 - 2017-06-28 23:56 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-12 01:20 - 2017-06-28 23:54 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-12 01:20 - 2017-06-28 23:52 - 004549632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-12 01:20 - 2017-06-28 23:48 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-12 01:20 - 2017-06-28 23:47 - 000693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-12 01:20 - 2017-06-28 23:47 - 000689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-12 01:20 - 2017-06-28 23:46 - 002057216 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-12 01:20 - 2017-06-28 23:46 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-12 01:20 - 2017-06-28 23:43 - 013663744 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-12 01:20 - 2017-06-28 23:28 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-12 01:20 - 2017-06-28 23:24 - 001314816 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-12 01:20 - 2017-06-28 23:23 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-12 01:20 - 2017-06-22 09:50 - 002402304 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-12 01:20 - 2017-06-15 15:18 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-12 01:20 - 2017-06-12 17:32 - 000250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-12 01:20 - 2017-06-12 17:32 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-12 01:20 - 2017-06-12 17:32 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-12 01:20 - 2017-06-12 17:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-12 01:20 - 2017-06-12 17:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-12 01:20 - 2017-06-12 17:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-12 01:20 - 2017-06-12 17:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-12 01:20 - 2017-06-12 17:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-12 01:20 - 2017-06-12 17:29 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-12 01:20 - 2017-06-12 17:28 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-12 01:20 - 2017-06-12 17:28 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-12 01:20 - 2017-06-12 17:28 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-12 01:20 - 2017-06-12 17:28 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-12 01:20 - 2017-06-12 17:28 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-12 01:20 - 2017-06-12 17:28 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-12 01:20 - 2017-06-12 17:28 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-12 01:20 - 2017-06-12 17:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-12 01:20 - 2017-06-12 17:28 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-12 01:20 - 2017-06-12 17:28 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-12 01:20 - 2017-06-12 17:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-12 01:20 - 2017-06-12 17:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-12 01:20 - 2017-06-12 17:28 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-12 01:20 - 2017-06-12 17:28 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-12 01:20 - 2017-06-12 17:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-12 01:20 - 2017-06-12 17:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-12 01:20 - 2017-06-12 17:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-12 01:20 - 2017-06-12 17:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-12 01:20 - 2017-06-12 17:05 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-12 01:20 - 2017-06-12 17:05 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-12 01:20 - 2017-06-12 17:05 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-12 01:20 - 2017-06-12 17:05 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-12 01:20 - 2017-06-12 17:05 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-12 01:20 - 2017-06-12 17:05 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-12 01:20 - 2017-06-10 10:39 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-12 01:20 - 2017-06-09 10:17 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-12 01:20 - 2017-06-06 10:12 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-12 01:20 - 2017-05-29 23:39 - 001309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-12 01:20 - 2017-05-29 23:39 - 000240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-12 01:20 - 2017-05-29 23:39 - 000187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-12 01:20 - 2017-05-20 23:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-12 01:20 - 2017-05-16 10:16 - 000730856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-12 01:20 - 2017-05-16 10:16 - 000218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-12 01:20 - 2017-05-16 10:12 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-11 23:31 - 2017-05-03 10:15 - 000081640 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-11 23:31 - 2017-05-03 10:10 - 000987648 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-11 23:31 - 2017-05-03 08:05 - 001327616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-11 23:31 - 2017-05-03 08:05 - 000505856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-11 23:31 - 2017-05-03 08:05 - 000446464 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-11 23:31 - 2017-05-03 08:05 - 000275456 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-11 23:31 - 2017-05-03 08:05 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-11 23:31 - 2017-05-03 08:05 - 000182784 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-11 23:31 - 2017-05-03 08:05 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-11 23:31 - 2017-03-22 21:06 - 001602048 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-07 14:28 - 2009-07-13 23:34 - 000039680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-07 14:28 - 2009-07-13 23:34 - 000039680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-07 14:04 - 2017-04-28 15:22 - 000000152 _____ C:\Windows\system32\config\netlogon.ftl
2017-08-07 11:43 - 2010-11-20 16:01 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-07 11:43 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\inf
2017-08-07 11:39 - 2009-07-13 23:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-03 19:27 - 2017-04-28 15:48 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-03 12:42 - 2017-05-26 13:46 - 000069272 _____ C:\Users\VanBibber-T\AppData\Local\GDIPFONTCACHEV1.DAT
2017-08-03 10:54 - 2009-07-13 23:33 - 000286296 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-03 10:49 - 2009-07-13 21:04 - 000000215 _____ C:\Windows\system.ini
2017-08-03 10:31 - 2009-07-13 21:03 - 045088768 _____ C:\Windows\system32\config\SOFTWARE.bak
2017-08-03 10:31 - 2009-07-13 21:03 - 011534336 _____ C:\Windows\system32\config\SYSTEM.bak
2017-08-03 10:31 - 2009-07-13 21:03 - 000262144 _____ C:\Windows\system32\config\SECURITY.bak
2017-08-03 10:31 - 2009-07-13 21:03 - 000262144 _____ C:\Windows\system32\config\SAM.bak
2017-08-03 10:31 - 2009-07-13 21:03 - 000262144 _____ C:\Windows\system32\config\DEFAULT.bak
2017-08-03 08:40 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\Registration
2017-08-01 09:08 - 2017-04-28 15:36 - 000008296 __RSH C:\ProgramData\ntuser.pol
2017-07-31 09:24 - 2017-06-27 09:54 - 000000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-07-26 09:29 - 2009-07-13 23:46 - 000001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-07-21 09:18 - 2017-04-28 15:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eagle
2017-07-13 08:17 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\rescache
2017-07-13 01:02 - 2017-05-02 06:26 - 000000000 ____D C:\Windows\system32\MRT
2017-07-13 01:00 - 2017-05-02 06:26 - 132532600 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-12 01:15 - 2017-05-02 03:18 - 000000000 ____D C:\Windows\system32\appraiser
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-01 00:57
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-08-2017
Ran by vanbibber-t (07-08-2017 15:04:01)
Running from C:\
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2017-04-28 20:16:03)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3795392686-1027691241-4019915128-500 - Administrator - Disabled)
BeakService (S-1-5-21-3795392686-1027691241-4019915128-1001 - Limited - Enabled)
CAC (S-1-5-21-3795392686-1027691241-4019915128-1000 - Limited - Enabled) => C:\Users\hbc
Guest (S-1-5-21-3795392686-1027691241-4019915128-501 - Limited - Disabled)
HBC (S-1-5-21-3795392686-1027691241-4019915128-1002 - Limited - Enabled) => C:\Users\HBC.CAC
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: SonicWall Enforced Client-AntiVirus (Enabled - Up to date) {8F284F92-0627-4F3F-515B-CFCC0C1DF38D}
AS: SonicWall Enforced Client-AntiSpyware (Enabled - Up to date) {3449AE76-201D-40B1-6BEB-F4BE779AB930}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
.NET Framework 4.0 Bootstrapper  26.0856.110 (HKLM\...\{1ad37d0d-4c57-4926-b20b-6059b2c6f0f0}) (Version: 15.140.22830 - Epicor Software Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Eagle e4wDrivers 26.0856.110 (HKLM\...\{27C00D87-C36C-4C8D-8E41-7D6677DE2582}) (Version: 15.140.22830 - Epicor Software Corporation) Hidden
Eagle e4wVB6AppsReg 26.0856.110 (HKLM\...\{C6395AD8-1564-4C7D-926A-94791A80AA17}) (Version: 15.140.22830 - Epicor Software Corporation) Hidden
Eagle eConnect 03.0367.001 (HKLM\...\{D06149A4-52CF-4B01-BFD0-3A7F7A904E89}) (Version: 1.207.23833 - Epicor Software Corporation)
Eagle for Windows (HKLM\...\Eagle for Windows) (Version:  - Epicor Software Corporation)
Eagle MasterInstall 26.0856.110 (HKLM\...\{CD61F48C-4432-4E3F-B919-18B2A5E2EE87}) (Version: 15.140.22830 - Epicor Software Corporation) Hidden
Epicor Compass (HKLM\...\{5E86BDAE-BEAB-4E26-BC3D-05EB5D053EC0}) (Version: 14.0.1880 - Epicor Software Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
LaserCat 3 (HKLM\...\{A97D30A2-E40D-4DFF-B9B8-AB7C25B25BE9}) (Version: 3.4.1.2B - CCITriad)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
SonicWALL Enforced Client (HKLM\...\{5A5187B5-5F34-4A32-8CAB-86E232E45E4D}) (Version: 1.9.52 - SonicWALL)
SonicWALL Enforced Client Kaspersky AV (HKLM\...\{A04119BF-4709-41EA-9947-4F5A999B332D}) (Version: 2.0.2 - SonicWALL)
TightVNC (HKLM\...\{D903B276-81AE-4AED-AEF9-45DACFBF16CE}) (Version: 2.7.10.0 - GlavSoft LLC.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\system32\EhStorShell.dll [2009-07-13] (MicrosoftCorporation)
ShellIconOverlayIdentifiers: [Offline Files] -> {4E77131D-3629-431c-9818-C5679DC83E81} => C:\Windows\System32\cscui.dll [2010-11-20] (MicrosoftCorporation)
ShellIconOverlayIdentifiers: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => C:\Windows\system32\ntshrui.dll [2012-01-04] (MicrosoftCorporation)
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => C:\Windows\system32\syncui.dll [2010-11-20] (MicrosoftCorporation)
ContextMenuHandlers1: [Open With] -> {09799AFB-AD67-11d1-ABCD-00C04FC30936} => C:\Windows\system32\shell32.dll [2017-05-10] (MicrosoftCorporation)
ContextMenuHandlers1: [Open With EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} => C:\Windows\system32\shell32.dll [2017-05-10] (MicrosoftCorporation)
ContextMenuHandlers1: [SECShellExt] -> {10232C27-DE8B-41fd-8F9D-F27DF4928393} => C:\Program Files\SonicWALL\SonicWALL Enforced Client\SECShellExt.dll [2017-03-15] (SonicWallInc.)
ContextMenuHandlers1: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\Windows\system32\ntshrui.dll [2012-01-04] (MicrosoftCorporation)
ContextMenuHandlers2: [EnhancedStorageShell] -> {2854F705-3548-414C-A113-93E27C808C85} => C:\Windows\system32\EhStorShell.dll [2009-07-13] (MicrosoftCorporation)
ContextMenuHandlers2: [SECShellExt] -> {10232C27-DE8B-41fd-8F9D-F27DF4928393} => C:\Program Files\SonicWALL\SonicWALL Enforced Client\SECShellExt.dll [2017-03-15] (SonicWallInc.)
ContextMenuHandlers2: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\Windows\system32\ntshrui.dll [2012-01-04] (MicrosoftCorporation)
ContextMenuHandlers3: [CopyAsPathMenu] -> {f3d06e7c-1e45-4a26-847e-f9fcdee59be0} => C:\Windows\system32\shell32.dll [2017-05-10] (MicrosoftCorporation)
ContextMenuHandlers3: [SECShellExt] -> {10232C27-DE8B-41fd-8F9D-F27DF4928393} => C:\Program Files\SonicWALL\SonicWALL Enforced Client\SECShellExt.dll [2017-03-15] (SonicWallInc.)
ContextMenuHandlers3: [SendTo] -> {7BA4C740-9E81-11CF-99D3-00AA004AE837} => C:\Windows\system32\shell32.dll [2017-05-10] (MicrosoftCorporation)
ContextMenuHandlers4: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} => C:\Windows\system32\shell32.dll [2017-05-10] (MicrosoftCorporation)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => C:\Windows\System32\cscui.dll [2010-11-20] (MicrosoftCorporation)
ContextMenuHandlers4: [SECShellExt] -> {10232C27-DE8B-41fd-8F9D-F27DF4928393} => C:\Program Files\SonicWALL\SonicWALL Enforced Client\SECShellExt.dll [2017-03-15] (SonicWallInc.)
ContextMenuHandlers4: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\Windows\system32\ntshrui.dll [2012-01-04] (MicrosoftCorporation)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => C:\Program Files\Windows Sidebar\sbdrop.dll [2009-07-13] (MicrosoftCorporation)
ContextMenuHandlers5: [New] -> {D969A300-E7FF-11d0-A93B-00A0C90F2719} => C:\Windows\system32\shell32.dll [2017-05-10] (MicrosoftCorporation)
ContextMenuHandlers5: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\Windows\system32\ntshrui.dll [2012-01-04] (MicrosoftCorporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => C:\Windows\system32\syncui.dll [2010-11-20] (MicrosoftCorporation)
ContextMenuHandlers6: [Library Location] -> {3dad6c5d-2167-4cae-9914-f99e41c12cfa} => C:\Windows\system32\shell32.dll [2017-05-10] (MicrosoftCorporation)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => C:\Windows\System32\cscui.dll [2010-11-20] (MicrosoftCorporation)
ContextMenuHandlers6: [SECShellExt] -> {10232C27-DE8B-41fd-8F9D-F27DF4928393} => C:\Program Files\SonicWALL\SonicWALL Enforced Client\SECShellExt.dll [2017-03-15] (SonicWallInc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1219F7F2-3093-48F7-920E-9D7EBFA9C29E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {2375F586-1009-41FB-B54E-30D8AF2B781D} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe [2009-07-13] (MicrosoftCorporation)
Task: {2890A467-F43F-4AEE-85A3-AE703AF50989} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (MicrosoftCorporation)
Task: {29064243-6313-4F35-9BD1-E65267AB7D4A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-04-28] (GoogleInc.)
Task: {2C59ECAF-3A27-4640-9F4B-519B05BDD70F} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\Windows\system32\lpremove.exe [2010-11-20] (MicrosoftCorporation)
Task: {32FBCD9D-CC9D-45A3-9821-09C59BEFCA4C} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2017-05-03] (MicrosoftCorporation)
Task: {35AC60CC-DD20-4F56-9DC1-FBC0B82B4C84} - \{7A547248-872D-4534-AE65-06196D847B9E} -> No File <==== ATTENTION
Task: {46F2DE15-FF0E-434A-A382-DA1624B00759} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (MicrosoftCorporation)
Task: {523CEA57-701E-43C1-8350-675042D50C1B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {526F7BEE-33F0-4ED5-A612-ADDC42BD9307} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe [2010-11-20] (MicrosoftCorporation)
Task: {53E481B3-B4E7-48DC-AFC6-31C017551960} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {5A2F7011-F511-4541-A9A4-109CED3CF3F3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification => C:\Windows\System32\sdclt.exe [2010-11-20] (MicrosoftCorporation)
Task: {5DF43977-6A6B-4B7E-A146-59B0357D0334} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (PiriformLtd)
Task: {60158C7A-6808-42CD-95EE-AFD9A57925DB} - System32\Tasks\Microsoft\Windows\AppID\PolicyConverter => C:\Windows\system32\appidpolicyconverter.exe [2017-05-12] (MicrosoftCorporation)
Task: {60B15620-FEEB-41F7-9862-73C39E3A32A7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {645D309C-D299-419B-88EB-063DB2C581D2} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (MicrosoftCorporation)
Task: {6B7AC694-8D6D-481B-9DD8-2A3A741ADA6D} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem => C:\Windows\System32\powercfg.exe [2009-07-13] (MicrosoftCorporation)
Task: {70A8956F-3F87-41BB-B6D5-ACE8199C9EAE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe [2010-11-20] (MicrosoftCorporation)
Task: {731E9C62-95B5-4C8C-AB64-4CC591C9FF5B} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2009-07-13] (MicrosoftCorporation)
Task: {7D3C7871-A917-4EF0-82E8-5F0A96423051} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\system32\BthUdTask.exe [2009-07-13] (MicrosoftCorporation)
Task: {83C003BE-83B4-4A85-9ED2-98E59FE2FB0E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {882053AD-06B6-440F-B5B2-64F2C951CF6D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {89DD175C-99B3-4CC0-BD70-8C8FC268DE59} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {8A5AB1C8-8CCB-4957-97D7-A8006FDB2D5E} - \{BB363C98-1C20-4DE6-AD4A-D9F32CE82BE0} -> No File <==== ATTENTION
Task: {99D72257-F664-4C13-A819-FD0CA9B1CEDF} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {A2B1D23E-E467-4B95-B024-2618FC00AD0C} - System32\Tasks\{FB103ADA-6BB9-40E3-ACB2-682B31767B87} => C:\Users\HBC.CAC\AppData\Roaming\Microsoft\Bzezaridz\bzezarid.exe
Task: {A6394592-54CE-4E93-8D64-1A068F462632} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\Windows\System32\wsqmcons.exe [2010-11-20] (MicrosoftCorporation)
Task: {A927C4C6-8D3B-44D0-BBDE-28D85E513D6A} - \{8AAFD274-4A3C-4500-98DF-0108964C45C9} -> No File <==== ATTENTION
Task: {AC1552F3-D94C-4693-8EFA-D6FEEF2094D9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {B3CC9132-D346-44DD-A44E-12C1FC72F3C0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {B71A9623-E2C7-4E84-B0BA-222FF13162A2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {B9BEE219-C29E-4310-819C-147A5A0E045E} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\Windows\system32\defrag.exe [2009-07-13] (MicrosoftCorp.)
Task: {BC298592-3399-4C1F-BDC2-B4DB9AB5163B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (MicrosoftCorporation)
Task: {C90440A0-6D8F-423F-8F42-83EEF05CE708} - System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck => C:\Windows\system32\appidcertstorecheck.exe [2017-05-12] (MicrosoftCorporation)
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\system32\aitagent.exe [2010-11-20] (MicrosoftCorporation)
Task: {D50E00EA-3FA8-4718-9005-A2873E71C9C4} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {DA584D85-54EC-4E99-9E84-CAE593EBD0EA} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2016-03-23] (MicrosoftCorporation)
Task: {DE8699D2-8A05-42F7-8A85-5162AF47D26A} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\Windows\system32\wermgr.exe [2009-07-13] (MicrosoftCorporation)
Task: {E4F5CA62-93C0-40A9-B677-1EB527C6F1F8} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\Windows\system32\DFDWiz.exe [2009-07-13] (MicrosoftCorporation)
Task: {EFD15602-1256-41C7-A55D-6B231086653C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-04-28] (GoogleInc.)
Task: {F6850B69-7449-4C36-AEFF-DD8F9A269385} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe [2010-11-20] (MicrosoftCorporation)
Task: {F93C7104-998A-4A38-B935-775A3138B3C3} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotifications.exe [2009-07-13] (MicrosoftCorporation)
Task: {FE4778B9-7B93-4000-B20C-7813897382EC} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (MicrosoftCorporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2017-08-03 10:49 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3039522607-814947754-2739937932-1104\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 10.95.3.254 - 10.95.3.250
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{E926E57D-011D-4F63-BCC5-FFCFDC28D091}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{CE504808-152F-4073-8BB9-0F8E7C4D30C6}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{AB3FBA72-52C3-4476-9A38-230DBE05659B}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{31EE9EAB-B71B-422A-BC4E-348D016C2597}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe
FirewallRules: [{15321A36-A24B-4008-A553-C0EFF4D1FB29}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{12DB80DF-ECEF-41A1-8E11-F54588B06430}] => (Allow) LPort=59152
FirewallRules: [{13B956C5-16E6-4FC1-96DD-B4A387722989}] => (Allow) LPort=59152
FirewallRules: [{26A84E41-8665-41BB-9DB4-B05BFDEA6877}] => (Allow) LPort=59152
FirewallRules: [{35A564AA-2BE5-4B51-8AE2-747E1C4CE9A6}] => (Allow) LPort=3389
FirewallRules: [{262EF2F6-11DC-4C67-8F3E-033925DD2BA2}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{CD5FAC2E-8D7B-4F9C-A34A-6D2A374611C0}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{6357956D-61CB-4CB3-8E8D-E51FDD2D19F7}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{E66789CA-14F5-49CF-9F43-45C2FBBA97DA}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{F6F39870-0F9B-4689-84FC-A42759D7A286}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{58110752-45AF-4501-9153-3922535DA3A0}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{5FB70F3F-F998-4D64-B7F5-028F257FC1AC}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{46FAC6AC-F0F2-46AE-8B85-64D7A865BE48}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{E984F31A-C9BC-4402-9D08-ED15A39DBF22}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{43F0975C-ACA6-4185-88F6-EDA53C55E80B}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{5EEB1756-3470-4F5D-930F-3E5EEEE9D1A5}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{B1EBAEF8-6231-44EF-8B49-9AFF177D6E4A}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{67925EDF-90D8-4909-9294-92776A159773}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{115FB18D-C2EC-476D-93AB-42F3632D96E0}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{3D9F3B7D-C01F-492B-828A-4F1D0F0E5F7C}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{89BE475B-649C-48C4-8D7A-2078B3052246}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{FD067812-FA82-4481-8765-80B22AEB8104}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{A45112E0-DFEE-496C-ABB0-B21F37A5B035}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{EF53F8D6-5BAA-4C1D-A274-8F821EFC928D}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{DC5A310E-F9C7-4E0B-ADAA-0963994D321F}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{0D2C14AB-9351-4B81-90A9-580AA55D81CE}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{6B4BD414-3F08-4384-994B-1E5283C3B0D5}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
06-08-2017 00:00:01 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/07/2017 11:40:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/07/2017 10:28:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/07/2017 01:20:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service 960501775 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/07/2017 01:20:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service 1016956259 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/07/2017 01:20:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service 519423284 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/07/2017 01:20:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service 444506784 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/07/2017 01:20:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service 710447491 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/07/2017 01:20:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service 1016842375 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/07/2017 01:20:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service 197405849 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/07/2017 01:20:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service 684274751 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
 
System errors:
=============
Error: (08/07/2017 11:41:55 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{BB852057-B039-47BF-8D0C-67FFD445374A}.
The backup browser is stopping.
 
Error: (08/07/2017 11:32:20 AM) (Source: DCOM) (EventID: 10000) (User: )
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error:
"5"
Happened while starting this command:
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
 
Error: (08/07/2017 10:40:24 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{BB852057-B039-47BF-8D0C-67FFD445374A}.
The backup browser is stopping.
 
Error: (08/06/2017 03:36:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the 979145407 service to connect.
 
Error: (08/06/2017 03:35:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the 979061073 service to connect.
 
Error: (08/06/2017 03:35:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the 603299078 service to connect.
 
Error: (08/06/2017 03:35:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the 481547489 service to connect.
 
Error: (08/06/2017 03:32:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the 979034468 service to connect.
 
Error: (08/06/2017 03:32:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the 922315382 service to connect.
 
Error: (08/06/2017 03:31:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the 672417255 service to connect.
 
 
CodeIntegrity:
===================================
  Date: 2017-05-29 10:55:52.356
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-29 10:28:41.814
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-26 16:00:46.687
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-26 14:55:21.925
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-26 14:46:40.906
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-26 14:36:02.284
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-26 14:12:14.751
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-26 13:54:49.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-26 13:46:46.384
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon® CPU E7- 4870 @ 2.40GHz
Percentage of memory in use: 33%
Total physical RAM: 3967.55 MB
Available physical RAM: 2623.94 MB
Total Virtual: 7933.43 MB
Available Virtual: 6655.74 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:39.9 GB) (Free:20.13 GB) NTFS
Drive u: () (Network) (Total:500.66 GB) (Free:238 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 40 GB) (Disk ID: D400E35D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=39.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 


BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:01:03 PM

Posted 07 August 2017 - 03:44 PM

My name is John. I'll be helping you with your issue. :)

Just a few ground rules before we get started.

  • Please don't run any malware removal programs unless directed.
  • Please don't make any system changes unless directed.
  • Please copy and paste all logs in plain text straight into your reply, do not quote or attach logs.

These things are to make it easier for me to help you.

I've looked at your post and will respond as soon as possible with instructions.

Please be aware that I am still in training and everything that I say needs to be covered in detail with my instructor. This is a bonus for you because you have two sets of eyes on your thread, but you need to be aware this can take some time so my responses may take a day or so.

 

John



#3 vanbibber

vanbibber
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:03 PM

Posted 07 August 2017 - 04:00 PM

Thanks John, I'll have my guys stay away from this particular machine and use it as a baseline until we have a solution, then write up set of procedures so we can hit all of our other machines to eliminate the infection.

 

What I am seeing is that the particular virus keeps trying to copy .exe file to the windows directory using random file names, typically numeric names, which Kaspersky does block, then its writes an *.exe key into the registry in the CurrentControlSet under services section for it to run. It continues to do this 50+ times a day.

 

-tim


Edited by vanbibber, 07 August 2017 - 04:13 PM.


#4 vanbibber

vanbibber
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:03 PM

Posted 07 August 2017 - 04:30 PM

Here is the Sonicwall Enforced AV Kasperski  log file for today, maybe there is some info in here you can utilize.
 
-tim
 
 
 
08/07/17:00:16:45  EC:2196 Debug Scheduler callback for client manager.
08/07/17:00:16:45  EC:2196 Info Query client manager 'https://clientmanager.global.sonicwall.com/ecm/getClientLicenseInfo'
08/07/17:00:16:46  EC:2196 Debug Response downloaded to buffer of size 1414
08/07/17:00:16:46  EC:2196 Debug Successfully parsed client manager response buffer
08/07/17:00:16:46  VP:2208 Debug Writing encrypted license update XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\license.xml.enc'.
08/07/17:00:16:46  VP:2208 Debug GetSDKPath - SDK LICENSE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN'.
08/07/17:00:16:46  VP:2208 Debug Extracting zipped files from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\1254985A.zip' to 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\'
08/07/17:00:16:46  VP:2208 Debug Removing old keys from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN' except  '1254985A.key'
08/07/17:00:16:47  EC:2196 Debug Client manager will be queried again in 3600 seconds
08/07/17:01:15:37  EC:2196 Debug Scheduler callback for policy manager.
08/07/17:01:15:37  EC:2196 Info Query policy manager 'http://eprs1.global.sonicwall.com/ws/ecm/policy'
08/07/17:01:15:37  EC:2196 Debug Response downloaded to buffer of size 5808
08/07/17:01:15:37  EC:2196 Debug Successfully parsed policy manager response buffer
08/07/17:01:15:37  EC:2196 Info Received policy 'Epicor Group Policy' from the policy server
08/07/17:01:15:37  VP:2208 Debug Policy has not changed - ignoring set policy call
08/07/17:01:15:37  EC:2196 Debug Policy manager will be queried again in 14400 seconds
08/07/17:01:16:47  EC:2196 Debug Scheduler callback for client manager.
08/07/17:01:16:47  EC:2196 Info Query client manager 'https://clientmanager.global.sonicwall.com/ecm/getClientLicenseInfo'
08/07/17:01:16:48  EC:2196 Debug Response downloaded to buffer of size 1414
08/07/17:01:16:48  EC:2196 Debug Successfully parsed client manager response buffer
08/07/17:01:16:48  VP:2208 Debug Writing encrypted license update XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\license.xml.enc'.
08/07/17:01:16:48  VP:2208 Debug GetSDKPath - SDK LICENSE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN'.
08/07/17:01:16:48  VP:2208 Debug Extracting zipped files from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\1254985A.zip' to 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\'
08/07/17:01:16:48  VP:2208 Debug Removing old keys from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN' except  '1254985A.key'
08/07/17:01:16:48  EC:2196 Debug Client manager will be queried again in 3600 seconds
08/07/17:01:31:52  VP:2408 Debug Timer Name:'AutoDATUpdate' signaled. IntervalChanged:'FALSE' Force:'FALSE'.
08/07/17:01:31:52  VP:2408 Debug Loading Kaspersky DAT Updater SDK ...
08/07/17:01:31:52  VP:2408 Debug Successfully initialized Updater SDK modules with struct
08/07/17:01:31:53  VP:2408 Debug Successfully initialized Updater SDK modules
08/07/17:01:31:53  VP:2408 Info Starting Kaspersky AV DAT Update...
08/07/17:01:31:53  VP:2408 Debug Downloading latest Database update...
08/07/17:01:31:54  VP:3912 Info DataBase Reload Started
08/07/17:01:32:12  VP:2408 Debug Kaspersky Updater SDK: event 'update result' Received with code:'OK'
08/07/17:01:32:12  VP:2408 Info Kaspersky AV DAT Update successful.
08/07/17:01:32:12  VP:2408 Debug UnLoading Kaspersky DAT Updater SDK ...
08/07/17:01:32:12  VP:2408 Debug Successfully Unloaded Kaspersky Updater SDK
08/07/17:01:32:12  VP:2408 Debug Resetting Kaspersky DAT update timer interval
08/07/17:01:32:12  VP:3912 Info DataBase Reload Finished
08/07/17:01:32:12  VP:2408 Debug Windows Security Center status (OnAccess:'On' DAT:'Up To Date') set successfully.
08/07/17:01:40:18  VP:2696 Info Detected:'Trojan' File:'C:\Windows\16771264.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:01:40:23  VP:2696 Info Advanced Disinfection procedure is required
08/07/17:01:40:43  VP:2696 Warn Advanced Disinfection procedure is cancelled.
08/07/17:01:40:45  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\1058672906\1058672906'
08/07/17:01:40:46  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\929240203\929240203'
08/07/17:01:40:48  VP:2696 Info Deleted:'C:\Windows\16771264.exe'
08/07/17:01:43:20  VP:2696 Info Detected:'Trojan' File:'C:\Windows\9038296.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:01:43:25  VP:2696 Info Advanced Disinfection procedure is required
08/07/17:01:43:45  VP:2696 Warn Advanced Disinfection procedure is cancelled.
08/07/17:01:43:47  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\1058765369\1058765369'
08/07/17:01:43:49  VP:2696 Info Deleted:'C:\Windows\9038296.exe'
08/07/17:01:46:27  VP:2696 Info Detected:'Trojan' File:'C:\Windows\23194072.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:01:46:33  VP:2696 Info Advanced Disinfection procedure is required
08/07/17:01:46:53  VP:2696 Warn Advanced Disinfection procedure is cancelled.
08/07/17:01:46:54  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\838565044\838565044'
08/07/17:01:46:55  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\979061073\979061073'
08/07/17:01:46:58  VP:2696 Info Deleted:'C:\Windows\23194072.exe'
08/07/17:01:47:21  VP:2696 Info Detected:'Trojan' File:'C:\Windows\9234904.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:01:47:21  VP:2696 Info Deleted:'C:\Windows\9234904.exe'
08/07/17:01:49:03  VP:2696 Info Detected:'Trojan' File:'C:\Windows\12380632.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:01:49:09  VP:2696 Info Advanced Disinfection procedure is required
08/07/17:01:49:29  VP:2696 Warn Advanced Disinfection procedure is cancelled.
08/07/17:01:49:31  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\752648570\752648570'
08/07/17:01:49:33  VP:2696 Info Deleted:'C:\Windows\12380632.exe'
08/07/17:02:16:48  EC:2196 Debug Scheduler callback for client manager.
08/07/17:02:16:48  EC:2196 Info Query client manager 'https://clientmanager.global.sonicwall.com/ecm/getClientLicenseInfo'
08/07/17:02:16:49  EC:2196 Debug Response downloaded to buffer of size 1414
08/07/17:02:16:49  EC:2196 Debug Successfully parsed client manager response buffer
08/07/17:02:16:49  VP:2208 Debug Writing encrypted license update XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\license.xml.enc'.
08/07/17:02:16:49  VP:2208 Debug GetSDKPath - SDK LICENSE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN'.
08/07/17:02:16:49  VP:2208 Debug Extracting zipped files from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\1254985A.zip' to 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\'
08/07/17:02:16:49  VP:2208 Debug Removing old keys from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN' except  '1254985A.key'
08/07/17:02:16:49  EC:2196 Debug Client manager will be queried again in 3600 seconds
08/07/17:02:56:28  VP:2696 Info Detected:'Trojan' File:'C:\Windows\20113880.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:02:56:34  VP:2696 Info Advanced Disinfection procedure is required
08/07/17:02:56:54  VP:2696 Warn Advanced Disinfection procedure is cancelled.
08/07/17:02:56:57  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\759043129\759043129'
08/07/17:02:57:00  VP:2696 Info Deleted:'C:\Windows\20113880.exe'
08/07/17:03:00:23  VP:2696 Info Detected:'Trojan' File:'C:\Windows\12511704.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:03:00:29  VP:2696 Info Advanced Disinfection procedure is required
08/07/17:03:00:49  VP:2696 Warn Advanced Disinfection procedure is cancelled.
08/07/17:03:00:52  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\244150191\244150191'
08/07/17:03:00:54  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\614185467\614185467'
08/07/17:03:00:59  VP:2696 Info Deleted:'C:\Windows\12511704.exe'
08/07/17:03:14:23  VP:2696 Info Detected:'Trojan' File:'C:\Windows\10086872.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:03:14:31  VP:2696 Info Advanced Disinfection procedure is required
08/07/17:03:14:51  VP:2696 Warn Advanced Disinfection procedure is cancelled.
08/07/17:03:14:54  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\566702897\566702897'
08/07/17:03:14:57  VP:2696 Info Deleted:'C:\Windows\10086872.exe'
08/07/17:03:16:49  EC:2196 Debug Scheduler callback for client manager.
08/07/17:03:16:49  EC:2196 Info Query client manager 'https://clientmanager.global.sonicwall.com/ecm/getClientLicenseInfo'
08/07/17:03:16:50  EC:2196 Debug Response downloaded to buffer of size 1414
08/07/17:03:16:50  EC:2196 Debug Successfully parsed client manager response buffer
08/07/17:03:16:50  VP:2208 Debug Writing encrypted license update XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\license.xml.enc'.
08/07/17:03:16:50  VP:2208 Debug GetSDKPath - SDK LICENSE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN'.
08/07/17:03:16:50  VP:2208 Debug Extracting zipped files from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\1254985A.zip' to 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\'
08/07/17:03:16:50  VP:2208 Debug Removing old keys from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN' except  '1254985A.key'
08/07/17:03:16:50  EC:2196 Debug Client manager will be queried again in 3600 seconds
08/07/17:03:17:39  VP:2696 Info Detected:'Trojan' File:'C:\Windows\9300440.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:03:17:47  VP:2696 Info Advanced Disinfection procedure is required
08/07/17:03:18:07  VP:2696 Warn Advanced Disinfection procedure is cancelled.
08/07/17:03:18:10  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\1007819904\1007819904'
08/07/17:03:18:12  VP:2696 Info Deleted:'C:\Windows\9300440.exe'
08/07/17:03:18:43  VP:2696 Info Detected:'Trojan' File:'C:\Windows\23456216.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:03:18:43  VP:2696 Info Deleted:'C:\Windows\23456216.exe'
08/07/17:03:21:19  VP:2696 Info Detected:'Trojan' File:'C:\Windows\13101528.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:03:21:26  VP:2696 Info Advanced Disinfection procedure is required
08/07/17:03:21:46  VP:2696 Warn Advanced Disinfection procedure is cancelled.
08/07/17:03:21:48  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\758184530\758184530'
08/07/17:03:21:51  VP:2696 Info Deleted:'C:\Windows\13101528.exe'
08/07/17:03:22:42  VP:2696 Info Detected:'Trojan' File:'C:\Windows\23194072.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:03:22:42  VP:2696 Info Advanced Disinfection procedure is required
08/07/17:03:23:02  VP:2696 Warn Advanced Disinfection procedure is cancelled.
08/07/17:03:23:05  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\760617428\760617428'
08/07/17:03:23:08  VP:2696 Info Deleted:'C:\Windows\23194072.exe'
08/07/17:03:24:19  VP:2696 Info Detected:'Trojan' File:'C:\Windows\23325144.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:03:24:25  VP:2696 Info Advanced Disinfection procedure is required
08/07/17:03:24:45  VP:2696 Warn Advanced Disinfection procedure is cancelled.
08/07/17:03:24:48  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\1064825540\1064825540'
08/07/17:03:24:50  VP:2696 Info Deleted:'C:\Windows\23325144.exe'
08/07/17:03:32:12  VP:2408 Debug Timer Name:'AutoDATUpdate' signaled. IntervalChanged:'FALSE' Force:'FALSE'.
08/07/17:03:32:12  VP:2408 Debug Loading Kaspersky DAT Updater SDK ...
08/07/17:03:32:12  VP:2408 Debug Successfully initialized Updater SDK modules with struct
08/07/17:03:32:12  VP:2408 Debug Successfully initialized Updater SDK modules
08/07/17:03:32:12  VP:2408 Info Starting Kaspersky AV DAT Update...
08/07/17:03:32:12  VP:2408 Debug Downloading latest Database update...
08/07/17:03:32:14  VP:3912 Info DataBase Reload Started
08/07/17:03:32:35  VP:2408 Debug Kaspersky Updater SDK: event 'update result' Received with code:'OK'
08/07/17:03:32:35  VP:2408 Info Kaspersky AV DAT Update successful.
08/07/17:03:32:35  VP:2408 Debug UnLoading Kaspersky DAT Updater SDK ...
08/07/17:03:32:35  VP:2408 Debug Successfully Unloaded Kaspersky Updater SDK
08/07/17:03:32:35  VP:2408 Debug Resetting Kaspersky DAT update timer interval
08/07/17:03:32:35  VP:3912 Info DataBase Reload Finished
08/07/17:03:32:36  VP:2408 Debug Windows Security Center status (OnAccess:'On' DAT:'Up To Date') set successfully.
08/07/17:03:32:52  VP:2696 Info Detected:'Trojan' File:'C:\Windows\23718360.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:03:32:59  VP:2696 Info Advanced Disinfection procedure is required
08/07/17:03:33:19  VP:2696 Warn Advanced Disinfection procedure is cancelled.
08/07/17:03:33:22  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\492912927\492912927'
08/07/17:03:33:25  VP:2696 Info Deleted:'C:\Windows\23718360.exe'
08/07/17:03:37:50  VP:2696 Info Detected:'Trojan' File:'C:\Windows\23456216.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:03:37:57  VP:2696 Info Advanced Disinfection procedure is required
08/07/17:03:38:17  VP:2696 Warn Advanced Disinfection procedure is cancelled.
08/07/17:03:38:20  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\325288448\325288448'
08/07/17:03:38:22  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\844101941\844101941'
08/07/17:03:38:24  VP:2696 Info Deleted:'C:\Windows\23456216.exe'
08/07/17:04:16:50  EC:2196 Debug Scheduler callback for client manager.
08/07/17:04:16:51  EC:2196 Info Query client manager 'https://clientmanager.global.sonicwall.com/ecm/getClientLicenseInfo'
08/07/17:04:16:51  EC:2196 Debug Response downloaded to buffer of size 1414
08/07/17:04:16:51  EC:2196 Debug Successfully parsed client manager response buffer
08/07/17:04:16:51  VP:2208 Debug Writing encrypted license update XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\license.xml.enc'.
08/07/17:04:16:51  VP:2208 Debug GetSDKPath - SDK LICENSE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN'.
08/07/17:04:16:51  VP:2208 Debug Extracting zipped files from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\1254985A.zip' to 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\'
08/07/17:04:16:51  VP:2208 Debug Removing old keys from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN' except  '1254985A.key'
08/07/17:04:16:52  EC:2196 Debug Client manager will be queried again in 3600 seconds
08/07/17:05:15:37  EC:2196 Debug Scheduler callback for policy manager.
08/07/17:05:15:37  EC:2196 Info Query policy manager 'http://eprs1.global.sonicwall.com/ws/ecm/policy'
08/07/17:05:15:37  EC:2196 Debug Response downloaded to buffer of size 5808
08/07/17:05:15:37  EC:2196 Debug Successfully parsed policy manager response buffer
08/07/17:05:15:37  EC:2196 Info Received policy 'Epicor Group Policy' from the policy server
08/07/17:05:15:37  VP:2208 Debug Policy has not changed - ignoring set policy call
08/07/17:05:15:37  EC:2196 Debug Policy manager will be queried again in 14400 seconds
08/07/17:05:16:52  EC:2196 Debug Scheduler callback for client manager.
08/07/17:05:16:52  EC:2196 Info Query client manager 'https://clientmanager.global.sonicwall.com/ecm/getClientLicenseInfo'
08/07/17:05:16:53  EC:2196 Debug Response downloaded to buffer of size 1414
08/07/17:05:16:53  EC:2196 Debug Successfully parsed client manager response buffer
08/07/17:05:16:53  VP:2208 Debug Writing encrypted license update XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\license.xml.enc'.
08/07/17:05:16:53  VP:2208 Debug GetSDKPath - SDK LICENSE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN'.
08/07/17:05:16:53  VP:2208 Debug Extracting zipped files from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\1254985A.zip' to 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\'
08/07/17:05:16:53  VP:2208 Debug Removing old keys from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN' except  '1254985A.key'
08/07/17:05:16:53  EC:2196 Debug Client manager will be queried again in 3600 seconds
08/07/17:05:32:36  VP:2408 Debug Timer Name:'AutoDATUpdate' signaled. IntervalChanged:'FALSE' Force:'FALSE'.
08/07/17:05:32:36  VP:2408 Debug Loading Kaspersky DAT Updater SDK ...
08/07/17:05:32:36  VP:2408 Debug Successfully initialized Updater SDK modules with struct
08/07/17:05:32:36  VP:2408 Debug Successfully initialized Updater SDK modules
08/07/17:05:32:36  VP:2408 Info Starting Kaspersky AV DAT Update...
08/07/17:05:32:36  VP:2408 Debug Downloading latest Database update...
08/07/17:05:32:38  VP:3912 Info DataBase Reload Started
08/07/17:05:33:28  VP:2408 Debug Kaspersky Updater SDK: event 'update result' Received with code:'OK'
08/07/17:05:33:28  VP:3912 Info DataBase Reload Finished
08/07/17:05:33:28  VP:2408 Info Kaspersky AV DAT Update successful.
08/07/17:05:33:28  VP:2408 Debug UnLoading Kaspersky DAT Updater SDK ...
08/07/17:05:33:28  VP:2408 Debug Successfully Unloaded Kaspersky Updater SDK
08/07/17:05:33:28  VP:2408 Debug Resetting Kaspersky DAT update timer interval
08/07/17:05:33:28  VP:2408 Debug Windows Security Center status (OnAccess:'On' DAT:'Up To Date') set successfully.
08/07/17:06:16:53  EC:2196 Debug Scheduler callback for client manager.
08/07/17:06:16:53  EC:2196 Info Query client manager 'https://clientmanager.global.sonicwall.com/ecm/getClientLicenseInfo'
08/07/17:06:16:54  EC:2196 Debug Response downloaded to buffer of size 1414
08/07/17:06:16:54  EC:2196 Debug Successfully parsed client manager response buffer
08/07/17:06:16:54  VP:2208 Debug Writing encrypted license update XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\license.xml.enc'.
08/07/17:06:16:54  VP:2208 Debug GetSDKPath - SDK LICENSE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN'.
08/07/17:06:16:54  VP:2208 Debug Extracting zipped files from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\1254985A.zip' to 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\'
08/07/17:06:16:54  VP:2208 Debug Removing old keys from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN' except  '1254985A.key'
08/07/17:06:16:54  EC:2196 Debug Client manager will be queried again in 3600 seconds
08/07/17:07:11:58  VP:2696 Info Detected:'Trojan' File:'C:\Windows\25553368.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:07:12:05  VP:2696 Info Advanced Disinfection procedure is required
08/07/17:07:12:25  VP:2696 Warn Advanced Disinfection procedure is cancelled.
08/07/17:07:12:27  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\478443459\478443459'
08/07/17:07:12:30  VP:2696 Info Deleted:'C:\Windows\25553368.exe'
08/07/17:07:16:55  EC:2196 Debug Scheduler callback for client manager.
08/07/17:07:16:55  EC:2196 Info Query client manager 'https://clientmanager.global.sonicwall.com/ecm/getClientLicenseInfo'
08/07/17:07:16:55  EC:2196 Debug Response downloaded to buffer of size 1414
08/07/17:07:16:55  EC:2196 Debug Successfully parsed client manager response buffer
08/07/17:07:16:55  VP:2208 Debug Writing encrypted license update XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\license.xml.enc'.
08/07/17:07:16:55  VP:2208 Debug GetSDKPath - SDK LICENSE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN'.
08/07/17:07:16:55  VP:2208 Debug Extracting zipped files from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\1254985A.zip' to 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\'
08/07/17:07:16:55  VP:2208 Debug Removing old keys from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN' except  '1254985A.key'
08/07/17:07:16:56  EC:2196 Debug Client manager will be queried again in 3600 seconds
08/07/17:07:33:28  VP:2408 Debug Timer Name:'AutoDATUpdate' signaled. IntervalChanged:'FALSE' Force:'FALSE'.
08/07/17:07:33:28  VP:2408 Debug Loading Kaspersky DAT Updater SDK ...
08/07/17:07:33:28  VP:2408 Debug Successfully initialized Updater SDK modules with struct
08/07/17:07:33:28  VP:2408 Debug Successfully initialized Updater SDK modules
08/07/17:07:33:28  VP:2408 Info Starting Kaspersky AV DAT Update...
08/07/17:07:33:28  VP:2408 Debug Downloading latest Database update...
08/07/17:07:33:30  VP:3912 Info DataBase Reload Started
08/07/17:07:33:51  VP:2408 Debug Kaspersky Updater SDK: event 'update result' Received with code:'OK'
08/07/17:07:33:51  VP:2408 Info Kaspersky AV DAT Update successful.
08/07/17:07:33:51  VP:2408 Debug UnLoading Kaspersky DAT Updater SDK ...
08/07/17:07:33:51  VP:2408 Debug Successfully Unloaded Kaspersky Updater SDK
08/07/17:07:33:51  VP:2408 Debug Resetting Kaspersky DAT update timer interval
08/07/17:07:33:51  VP:3912 Info DataBase Reload Finished
08/07/17:07:33:51  VP:2408 Debug Windows Security Center status (OnAccess:'On' DAT:'Up To Date') set successfully.
08/07/17:08:03:14  VP:2208 Debug Parsing Manual Scan Policy...
08/07/17:08:03:14  VP:2208 Warn Manual Scan: Heuristics is 'High'. Will use more computational resources. Recommended is 'Medium'
08/07/17:08:03:15  VP:4776 Info 'OnDemand' Scan Started for path(s): 'A:\|C:\|D:\' Configuration:'Packed:On MailBase:On MailPlain:On Archived:On AdvDisinfection:On Heuristic:Detail CleanMode:CleanDelete  TimeOut:5 minute ArcDepth:1 ArcMaxSize:0'
08/07/17:08:03:16  VP:4776 Debug Path:'A:\' does not exist.
08/07/17:08:16:56  EC:2196 Debug Scheduler callback for client manager.
08/07/17:08:16:56  EC:2196 Info Query client manager 'https://clientmanager.global.sonicwall.com/ecm/getClientLicenseInfo'
08/07/17:08:16:58  EC:2196 Debug Response downloaded to buffer of size 1414
08/07/17:08:16:58  EC:2196 Debug Successfully parsed client manager response buffer
08/07/17:08:16:58  VP:2208 Debug Writing encrypted license update XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\license.xml.enc'.
08/07/17:08:16:58  VP:2208 Debug GetSDKPath - SDK LICENSE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN'.
08/07/17:08:16:58  VP:2208 Debug Extracting zipped files from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\1254985A.zip' to 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\'
08/07/17:08:16:58  VP:2208 Debug Removing old keys from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN' except  '1254985A.key'
08/07/17:08:16:58  EC:2196 Debug Client manager will be queried again in 3600 seconds
08/07/17:08:45:20  VP:4776 Debug Path:'D:\' does not exist.
08/07/17:08:45:20  VP:4776 Info 'OnDemand' Scan finished successfully for 'A:\|C:\|D:\'.
08/07/17:09:06:23  VP:2696 Info Detected:'Trojan' File:'C:\Windows\21686744.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:09:06:31  VP:2696 Info Advanced Disinfection procedure is required
08/07/17:09:06:51  VP:2696 Warn Advanced Disinfection procedure is cancelled.
08/07/17:09:06:54  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\436450564\436450564'
08/07/17:09:06:58  VP:2696 Info Deleted:'C:\Windows\21686744.exe'
08/07/17:09:10:00  VP:2696 Info Detected:'Trojan' File:'C:\Windows\16967872.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:09:10:06  VP:2696 Info Advanced Disinfection procedure is required
08/07/17:09:10:26  VP:2696 Warn Advanced Disinfection procedure is cancelled.
08/07/17:09:10:29  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\1085657171\1085657171'
08/07/17:09:10:33  VP:2696 Info Deleted:'C:\Windows\16967872.exe'
08/07/17:09:12:46  VP:2696 Info Detected:'Trojan' File:'C:\Windows\23259608.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:09:12:53  VP:2696 Info Advanced Disinfection procedure is required
08/07/17:09:13:13  VP:2696 Warn Advanced Disinfection procedure is cancelled.
08/07/17:09:13:16  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\1085681064\1085681064'
08/07/17:09:13:19  VP:2696 Info Deleted:'C:\Windows\23259608.exe'
08/07/17:09:15:01  VP:2696 Info Detected:'Trojan' File:'C:\Windows\13232600.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:09:15:09  VP:2696 Info Advanced Disinfection procedure is required
08/07/17:09:15:29  VP:2696 Warn Advanced Disinfection procedure is cancelled.
08/07/17:09:15:32  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\865481176\865481176'
08/07/17:09:15:35  VP:2696 Info Deleted:'C:\Windows\13232600.exe'
08/07/17:09:15:38  EC:2196 Debug Scheduler callback for policy manager.
08/07/17:09:15:38  EC:2196 Info Query policy manager 'http://eprs1.global.sonicwall.com/ws/ecm/policy'
08/07/17:09:15:39  EC:2196 Debug Response downloaded to buffer of size 5808
08/07/17:09:15:39  EC:2196 Debug Successfully parsed policy manager response buffer
08/07/17:09:15:39  EC:2196 Info Received policy 'Epicor Group Policy' from the policy server
08/07/17:09:15:39  VP:2208 Debug Policy has not changed - ignoring set policy call
08/07/17:09:15:39  EC:2196 Debug Policy manager will be queried again in 14400 seconds
08/07/17:09:16:59  EC:2196 Debug Scheduler callback for client manager.
08/07/17:09:16:59  EC:2196 Info Query client manager 'https://clientmanager.global.sonicwall.com/ecm/getClientLicenseInfo'
08/07/17:09:17:00  EC:2196 Debug Response downloaded to buffer of size 1414
08/07/17:09:17:00  EC:2196 Debug Successfully parsed client manager response buffer
08/07/17:09:17:00  VP:2208 Debug Writing encrypted license update XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\license.xml.enc'.
08/07/17:09:17:00  VP:2208 Debug GetSDKPath - SDK LICENSE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN'.
08/07/17:09:17:00  VP:2208 Debug Extracting zipped files from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\1254985A.zip' to 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\'
08/07/17:09:17:00  VP:2208 Debug Removing old keys from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN' except  '1254985A.key'
08/07/17:09:17:00  EC:2196 Debug Client manager will be queried again in 3600 seconds
08/07/17:09:21:39  VP:2696 Info Detected:'Trojan' File:'C:\Windows\11463128.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:09:21:47  VP:2696 Info Advanced Disinfection procedure is required
08/07/17:09:22:07  VP:2696 Warn Advanced Disinfection procedure is cancelled.
08/07/17:09:22:10  VP:2696 Info Deleted:'HKLM\System\ControlSet001\Services\1086265428\1086265428'
08/07/17:09:22:15  VP:2696 Info Deleted:'C:\Windows\11463128.exe'
08/07/17:09:29:50  EC:2196 Debug Scheduler callback for report manager.
08/07/17:09:29:50  VP:2208 Debug Successfully initialized Updater SDK modules with struct
08/07/17:09:29:50  VP:2208 Debug Successfully initialized Updater SDK modules
08/07/17:09:29:50  VP:2208 Debug Successfully Unloaded Kaspersky Updater SDK
08/07/17:09:29:50  VP:2208 Debug Got report from Kaspersky SDK Successfully.
08/07/17:09:29:50  EC:2196 Debug Successfully got report data from Kaspersky antivirus agent
08/07/17:09:29:50  EC:2196 Info Sending report to 'https://eprs1.global.sonicwall.com/ws/ecm/data'
08/07/17:09:29:51  EC:2196 Debug The report has been sent to the report manager.
08/07/17:09:29:51  EC:2196 Debug Next report will be sent in 86400 seconds
08/07/17:09:33:51  VP:2408 Debug Timer Name:'AutoDATUpdate' signaled. IntervalChanged:'FALSE' Force:'FALSE'.
08/07/17:09:33:51  VP:2408 Debug Loading Kaspersky DAT Updater SDK ...
08/07/17:09:33:51  VP:2408 Debug Successfully initialized Updater SDK modules with struct
08/07/17:09:33:51  VP:2408 Debug Successfully initialized Updater SDK modules
08/07/17:09:33:51  VP:2408 Info Starting Kaspersky AV DAT Update...
08/07/17:09:33:51  VP:2408 Debug Downloading latest Database update...
08/07/17:09:33:52  VP:3912 Info DataBase Reload Started
08/07/17:09:34:27  VP:2408 Debug Kaspersky Updater SDK: event 'update result' Received with code:'OK'
08/07/17:09:34:27  VP:2408 Info Kaspersky AV DAT Update successful.
08/07/17:09:34:27  VP:2408 Debug UnLoading Kaspersky DAT Updater SDK ...
08/07/17:09:34:27  VP:2408 Debug Successfully Unloaded Kaspersky Updater SDK
08/07/17:09:34:27  VP:2408 Debug Resetting Kaspersky DAT update timer interval
08/07/17:09:34:27  VP:3912 Info DataBase Reload Finished
08/07/17:09:34:27  VP:2408 Debug Windows Security Center status (OnAccess:'On' DAT:'Up To Date') set successfully.
08/07/17:10:17:01  EC:2196 Debug Scheduler callback for client manager.
08/07/17:10:17:01  EC:2196 Info Query client manager 'https://clientmanager.global.sonicwall.com/ecm/getClientLicenseInfo'
08/07/17:10:17:03  EC:2196 Debug Response downloaded to buffer of size 1414
08/07/17:10:17:03  EC:2196 Debug Successfully parsed client manager response buffer
08/07/17:10:17:03  VP:2208 Debug Writing encrypted license update XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\license.xml.enc'.
08/07/17:10:17:03  VP:2208 Debug GetSDKPath - SDK LICENSE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN'.
08/07/17:10:17:03  VP:2208 Debug Extracting zipped files from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\1254985A.zip' to 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\'
08/07/17:10:17:03  VP:2208 Debug Removing old keys from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN' except  '1254985A.key'
08/07/17:10:17:03  EC:2196 Debug Client manager will be queried again in 3600 seconds
08/07/17:10:26:21  EC:2076 Info Stopping the Enforced Client
08/07/17:10:26:21  EC:2076 Debug Stopping ping responder
08/07/17:10:26:21  EC:2076 Debug Unintilizing and Stopping Pinger and Firewall Threads
08/07/17:10:26:21  EC:2252 Debug Firewall monitor thread Finished
08/07/17:10:26:21  EC:2256 Debug Ping responder receive socket closed gracefully (1)
08/07/17:10:26:21  EC:2256 Debug Pinger thread (UTM listener) Finished
08/07/17:10:26:21  EC:2076 Debug Pinger and Firewall Threads Uninitialized and Stopped successfully
08/07/17:10:26:21  EC:2076 Debug Cleaning up ping responder
08/07/17:10:26:21  EC:2076 Debug Stopping scheduler
08/07/17:10:26:21  EC:2076 Debug Stopping SEC update
08/07/17:10:26:22  VP:2176 Debug Begin Kaspersky AV agent cleanup...
08/07/17:10:26:22  VP:2276 Debug WaitForInstallEvents thread: Shutdown Event Received
08/07/17:10:26:22  VP:2272 Debug EventsListener: Received 'SECAV Stop' Event.
08/07/17:10:26:27  VP:2176 Debug Stopping Kaspersky DAT update timer
08/07/17:10:26:27  VP:2176 Debug Timer Name:'AutoDATUpdate' Stopped successfully.
08/07/17:10:26:27  VP:2176 Debug 'PoP3 Monitor' Unloaded successfully
08/07/17:10:26:27  VP:2176 Debug 'WEB Monitor' Unloaded successfully
08/07/17:10:26:27  VP:2176 Debug 'File Monitor' Unloaded successfully
08/07/17:10:26:36  VP:2176 Info Kaspersky AV SDK UnInitialized Successfully
08/07/17:10:26:36  VP:2176 Debug Kaspersky AV SDK Entry points UnLoaded Successfully
08/07/17:10:26:36  VP:2176 Info Kaspersky Agent Stopped Successfully.
08/07/17:10:27:17  EC:2128 Info Starting the Enforced Client version 1.9.52
08/07/17:10:27:17  EC:2128 Info Read SEC ID 0017C5147EE4 from the registry
08/07/17:10:27:17  EC:2128 Info Read client manager URI https://clientmanager.global.sonicwall.com/ecm/getClientLicenseInfo from the registry
08/07/17:10:27:17  EC:2128 Debug Initializing and Creating Pinger and Firewall Threads 
08/07/17:10:27:17  EC:2180 Debug Firewall monitor thread Started
08/07/17:10:27:17  EC:2128 Debug Pinger and Firewall Threads initialized and created successfully
08/07/17:10:27:17  EC:2184 Debug Pinger thread (UTM listener) Started
08/07/17:10:27:17  VP:2172 Debug Start SEC AV service..
08/07/17:10:27:17  VP:2172 Debug Reading encrypted license XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\license.xml.enc'.
08/07/17:10:27:17  VP:2172 Debug Begin Kaspersky AV Policy Initialization...
08/07/17:10:27:17  VP:2172 Debug Reading encrypted policy XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\policy.xml.enc'.
08/07/17:10:27:17  VP:2172 Debug Reading encrypted Kaspersky Updater settings XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\KAVSettings.xml.enc'.
08/07/17:10:27:17  VP:2172 Debug KAV Events database initialized successfully.
08/07/17:10:27:17  VP:2172 Debug Kaspersky Agent(2.0.2) is installed and licensed.
08/07/17:10:27:17  VP:2260 Debug KasperskyAvAgent::Run - Initializing DAT Updater SDK and applying policy for it.
08/07/17:10:27:17  VP:2260 Debug Begin Kaspersky AV DAT updater initialization ...
08/07/17:10:27:17  VP:2260 Debug GetSDKPath - SDK BASE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\BASES'.
08/07/17:10:27:17  VP:2260 Debug GetSDKPath - SDK TEMP:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\Temp'.
08/07/17:10:27:17  VP:2260 Debug GetSDKPath - UPDATER DSKM:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\DSKM'.
08/07/17:10:27:17  VP:2260 Debug Starting Kaspersky DAT update timer
08/07/17:10:27:18  VP:2260 Debug Timer Name:'AutoDATUpdate' created successfully.
08/07/17:10:27:18  VP:2260 Info Kaspersky DAT update timer started. Interval set to 900
08/07/17:10:27:18  VP:2260 Debug Apply settings for Kaspersky AV DAT update ... 
08/07/17:10:27:18  VP:2260 Debug Resetting Kaspersky DAT update timer interval
08/07/17:10:27:18  VP:2260 Debug Successfully Reset Auto DAT Update timer interval. New Interval:'7200'.
08/07/17:10:27:18  VP:2260 Debug Kaspersky AV DAT update settings applied successfully.
08/07/17:10:27:18  VP:2260 Debug Load Kaspersky AV SDK ...
08/07/17:10:27:18  VP:2268 Debug Timer Name:'AutoDATUpdate' signaled. IntervalChanged:'TRUE' Force:'FALSE'.
08/07/17:10:27:18  VP:2260 Debug KAV Scans database initialized successfully.
08/07/17:10:27:18  VP:2260 Debug KAV Hashes database initialized successfully.
08/07/17:10:27:18  VP:2260 Debug KAV Events database initialized successfully.
08/07/17:10:27:18  VP:2260 Debug KAV In Progress database initialized successfully.
08/07/17:10:27:18  VP:2260 Debug GetSDKPath - SDK BIN:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN'.
08/07/17:10:27:18  VP:2260 Debug GetSDKPath - SDK BASE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\BASES'.
08/07/17:10:27:18  VP:2260 Debug GetSDKPath - SDK LICENSE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN'.
08/07/17:10:27:18  VP:2260 Debug GetSDKPath - SDK TEMP:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\Temp'.
08/07/17:10:27:20  VP:2260 Debug Kaspersky AV SDK Entry points loaded Successfully
08/07/17:10:27:20  VP:2260 Debug Starting Kaspersky AV engine initialization...
08/07/17:10:27:22  EC:2160 Debug Scheduler callback for client manager.
08/07/17:10:27:22  EC:2160 Info Query client manager 'https://clientmanager.global.sonicwall.com/ecm/getClientLicenseInfo'
08/07/17:10:27:24  EC:2160 Debug Response downloaded to buffer of size 1414
08/07/17:10:27:24  EC:2160 Debug Successfully parsed client manager response buffer
08/07/17:10:27:24  VP:2172 Debug Writing encrypted license update XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\license.xml.enc'.
08/07/17:10:27:24  VP:2172 Debug GetSDKPath - SDK LICENSE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN'.
08/07/17:10:27:24  VP:2172 Debug Extracting zipped files from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\1254985A.zip' to 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\'
08/07/17:10:27:24  VP:2172 Debug Removing old keys from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN' except  '1254985A.key'
08/07/17:10:27:24  EC:2160 Debug Client manager will be queried again in 3600 seconds
08/07/17:10:27:24  EC:2160 Debug Scheduler callback for policy manager.
08/07/17:10:27:24  EC:2160 Info Query policy manager 'http://eprs1.global.sonicwall.com/ws/ecm/policy'
08/07/17:10:27:24  EC:2160 Debug Response downloaded to buffer of size 5808
08/07/17:10:27:24  EC:2160 Debug Successfully parsed policy manager response buffer
08/07/17:10:27:24  EC:2160 Info Received policy 'Epicor Group Policy' from the policy server
08/07/17:10:27:25  VP:2172 Debug Policy has not changed - ignoring set policy call
08/07/17:10:27:25  EC:2160 Debug Policy manager will be queried again in 14400 seconds
08/07/17:10:27:53  VP:2260 Debug Kaspersky AV engine initialized successfully
08/07/17:10:27:53  VP:2260 Debug Added [C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWECAV.exe] to trusted list
08/07/17:10:27:53  VP:2260 Debug Added [C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWEC.exe] to trusted list
08/07/17:10:27:53  VP:2260 Debug Added [C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWECLOG.exe] to trusted list
08/07/17:10:27:53  VP:2260 Debug Added [C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWDash.EXE] to trusted list
08/07/17:10:27:53  VP:2260 Info KAV Version 8.7.0.69 is running.
08/07/17:10:27:53  VP:2260 Debug Apply policy now ...
08/07/17:10:27:53  VP:2260 Debug Parsing Mail Monitor Policy...
08/07/17:10:27:53  VP:2260 Debug Load PoP3 Monitor
08/07/17:10:27:53  VP:2260 Debug Applied Mail Monitor settings successfully.
08/07/17:10:27:53  VP:2260 Debug Parsing Web Policy...
08/07/17:10:27:53  VP:2260 Debug Load WEB Monitor
08/07/17:10:27:53  VP:2260 Debug Applied Web Monitor settings successfully.
08/07/17:10:27:53  VP:2260 Debug Parsing FileMonitor Policy...
08/07/17:10:27:53  VP:2260 Warn File Monitor heuristics is 'High'. Critical Performace degradation is possible. Recommended is 'Low'
08/07/17:10:27:53  VP:2260 Debug Load File Monitor
08/07/17:10:27:54  VP:2260 Debug Windows Security Center status (OnAccess:'On' DAT:'Up To Date') change is Pending.
08/07/17:10:27:54  VP:2260 Debug Applied File Monitor settings successfully.
08/07/17:10:27:54  VP:2260 Debug Adding Scheduled Scan UID:'EN13239977302257A6A20524153' Index:0
08/07/17:10:27:54  VP:2260 Debug Adding Scheduled Scan UID:'EN13239977302907A6A20524153' Index:1
08/07/17:10:27:54  VP:2260 Debug Apply policy is done
08/07/17:10:27:54  VP:2260 Info Kaspersky Virus Protection is Running.
08/07/17:10:29:54  VP:2768 Debug Windows Security Center status (OnAccess:'On' DAT:'Up To Date') set successfully.
08/07/17:10:42:20  EC:2160 Debug Scheduler callback for report manager.
08/07/17:10:42:20  VP:2172 Debug Successfully initialized Updater SDK modules with struct
08/07/17:10:42:20  VP:2172 Debug Successfully initialized Updater SDK modules
08/07/17:10:42:20  VP:2172 Debug Successfully Unloaded Kaspersky Updater SDK
08/07/17:10:42:20  VP:2172 Debug Got report from Kaspersky SDK Successfully.
08/07/17:10:42:20  EC:2160 Debug Successfully got report data from Kaspersky antivirus agent
08/07/17:10:42:20  EC:2160 Info Sending report to 'https://eprs1.global.sonicwall.com/ws/ecm/data'
08/07/17:10:42:21  EC:2160 Debug The report has been sent to the report manager.
08/07/17:10:42:21  EC:2160 Debug Next report will be sent in 86400 seconds
08/07/17:11:23:42  VP:3848 Info Detected:'Trojan' File:'C:\Windows\22931928.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:11:24:02  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:11:24:04  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:11:24:12  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\9388686\9388686'
08/07/17:11:24:23  VP:3848 Info Deleted:'C:\Windows\22931928.exe'
08/07/17:11:26:50  VP:3848 Info Detected:'Trojan' File:'C:\Windows\18278872.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:11:27:10  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:11:27:24  EC:2160 Debug Scheduler callback for client manager.
08/07/17:11:27:24  EC:2160 Info Query client manager 'https://clientmanager.global.sonicwall.com/ecm/getClientLicenseInfo'
08/07/17:11:27:25  EC:2160 Debug Response downloaded to buffer of size 1414
08/07/17:11:27:25  EC:2160 Debug Successfully parsed client manager response buffer
08/07/17:11:27:25  VP:2172 Debug Writing encrypted license XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\license.xml.enc'.
08/07/17:11:27:25  VP:2172 Debug KasperskyAvAgent::HandleNonExpiredLicense - Initializing DAT Updater SDK and applying policy for it.
08/07/17:11:27:25  VP:2172 Debug Begin Kaspersky AV DAT updater initialization ...
08/07/17:11:27:25  VP:2172 Debug GetSDKPath - SDK BASE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\BASES'.
08/07/17:11:27:25  VP:2172 Debug GetSDKPath - SDK TEMP:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\Temp'.
08/07/17:11:27:25  VP:2172 Debug GetSDKPath - UPDATER DSKM:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\DSKM'.
08/07/17:11:27:25  VP:2172 Debug Apply settings for Kaspersky AV DAT update ... 
08/07/17:11:27:25  VP:2172 Debug Kaspersky AV DAT update settings applied successfully.
08/07/17:11:27:25  VP:2172 Debug GetSDKPath - SDK LICENSE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN'.
08/07/17:11:27:25  VP:2172 Debug Extracting zipped files from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\1254985A.zip' to 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\'
08/07/17:11:27:25  VP:2172 Debug Removing old keys from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN' except  '1254985A.key'
08/07/17:11:27:25  EC:2160 Debug Client manager will be queried again in 3600 seconds
08/07/17:11:27:30  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:11:27:34  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\596251280\596251280'
08/07/17:11:27:44  VP:3848 Info Deleted:'C:\Windows\18278872.exe'
08/07/17:11:28:37  VP:3848 Info Detected:'Trojan' File:'C:\Windows\37480920.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:11:28:37  VP:3848 Info Deleted:'C:\Windows\37480920.exe'
08/07/17:11:31:31  VP:3848 Info Detected:'Trojan' File:'C:\Windows\20703704.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:11:31:44  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:11:31:51  VP:3848 Info Advanced Disinfection procedure is allowed.
08/07/17:11:31:52  VP:2644 Info Advanced disinfection Started.
08/07/17:11:31:55  VP:2644 Info Detected:'Trojan' File:'C:\Windows\20703704.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:11:31:58  VP:3848 Info Detected:'Trojan' File:'C:\Windows\11135448.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:11:31:58  VP:3848 Info Deleted:'C:\Windows\11135448.exe'
08/07/17:11:32:03  VP:2644 Info Deleted:'HKLM\System\ControlSet001\Services\1094005371\1094005371'
08/07/17:11:32:13  VP:2644 Info Deleted:'C:\Windows\20703704.exe'
08/07/17:11:32:17  VP:2644 Info Detected:'Trojan' File:'System Memory' Threat:'Trojan.Multi.GenAutorunReg.a' Severity:'High'
08/07/17:11:32:18  VP:2644 Info Disinfected:'System Memory'
08/07/17:11:33:33  VP:2644 Debug System Reboot is scheduled after 270 seconds Cause:To Clean infected files found in recent monitoring
08/07/17:11:33:33  VP:2644 Debug System Reboot: 'Required'. Reason: 'To Clean infected files found in recent monitoring' Rebootcountdown: 'Disabled'
08/07/17:11:38:03  VP:5016 Debug Reboot Scheduler Expired.
08/07/17:11:38:03  VP:5016 Debug Rebooting System.. Type:Required Cause:To Clean infected files found in recent monitoring
08/07/17:11:38:03  VP:5016 Debug Reboot Request Initiated successfully.
08/07/17:11:38:22  EC:2108 Info Stopping the Enforced Client
08/07/17:11:38:22  EC:2108 Debug Stopping ping responder
08/07/17:11:38:22  EC:2108 Debug Unintilizing and Stopping Pinger and Firewall Threads
08/07/17:11:38:22  EC:2180 Debug Firewall monitor thread Finished
08/07/17:11:38:22  EC:2184 Debug Ping responder receive socket closed gracefully (1)
08/07/17:11:38:22  EC:2184 Debug Pinger thread (UTM listener) Finished
08/07/17:11:38:22  EC:2108 Debug Pinger and Firewall Threads Uninitialized and Stopped successfully
08/07/17:11:38:22  EC:2108 Debug Cleaning up ping responder
08/07/17:11:38:22  EC:2108 Debug Stopping scheduler
08/07/17:11:38:22  EC:2108 Debug Stopping SEC update
08/07/17:11:38:22  EC:2108 Info The Enforced Client has been stopped
08/07/17:11:38:23  VP:2148 Debug Begin Kaspersky AV agent cleanup...
08/07/17:11:38:23  VP:2224 Debug EventsListener: Received 'SECAV Stop' Event.
08/07/17:11:38:23  VP:2228 Debug WaitForInstallEvents thread: Shutdown Event Received
08/07/17:11:38:28  VP:2148 Debug Stopping Kaspersky DAT update timer
08/07/17:11:38:28  VP:2148 Debug Timer Name:'AutoDATUpdate' Stopped successfully.
08/07/17:11:38:28  VP:2148 Debug 'PoP3 Monitor' Unloaded successfully
08/07/17:11:38:28  VP:2148 Debug 'WEB Monitor' Unloaded successfully
08/07/17:11:38:28  VP:2148 Debug 'File Monitor' Unloaded successfully
08/07/17:11:39:08  EC:2108 Info Starting the Enforced Client version 1.9.52
08/07/17:11:39:08  EC:2108 Info Read SEC ID 0017C5147EE4 from the registry
08/07/17:11:39:08  EC:2108 Info Read client manager URI https://clientmanager.global.sonicwall.com/ecm/getClientLicenseInfo from the registry
08/07/17:11:39:08  EC:2108 Debug Initializing and Creating Pinger and Firewall Threads 
08/07/17:11:39:08  EC:2164 Debug Firewall monitor thread Started
08/07/17:11:39:08  EC:2108 Debug Pinger and Firewall Threads initialized and created successfully
08/07/17:11:39:08  EC:2168 Debug Pinger thread (UTM listener) Started
08/07/17:11:39:08  VP:2156 Debug Start SEC AV service..
08/07/17:11:39:08  VP:2156 Debug Reading encrypted license XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\license.xml.enc'.
08/07/17:11:39:08  VP:2156 Debug Begin Kaspersky AV Policy Initialization...
08/07/17:11:39:08  VP:2156 Debug Reading encrypted policy XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\policy.xml.enc'.
08/07/17:11:39:08  VP:2156 Debug Reading encrypted Kaspersky Updater settings XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\KAVSettings.xml.enc'.
08/07/17:11:39:08  VP:2156 Debug KAV Events database initialized successfully.
08/07/17:11:39:08  VP:2156 Debug Kaspersky Agent(2.0.2) is installed and licensed.
08/07/17:11:39:08  VP:2208 Debug KasperskyAvAgent::Run - Initializing DAT Updater SDK and applying policy for it.
08/07/17:11:39:08  VP:2208 Debug Begin Kaspersky AV DAT updater initialization ...
08/07/17:11:39:08  VP:2208 Debug GetSDKPath - SDK BASE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\BASES'.
08/07/17:11:39:08  VP:2208 Debug GetSDKPath - SDK TEMP:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\Temp'.
08/07/17:11:39:08  VP:2208 Debug GetSDKPath - UPDATER DSKM:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\DSKM'.
08/07/17:11:39:08  VP:2208 Debug Starting Kaspersky DAT update timer
08/07/17:11:39:09  VP:2208 Debug Timer Name:'AutoDATUpdate' created successfully.
08/07/17:11:39:09  VP:2208 Info Kaspersky DAT update timer started. Interval set to 900
08/07/17:11:39:09  VP:2208 Debug Apply settings for Kaspersky AV DAT update ... 
08/07/17:11:39:09  VP:2208 Debug Resetting Kaspersky DAT update timer interval
08/07/17:11:39:09  VP:2208 Debug Successfully Reset Auto DAT Update timer interval. New Interval:'7200'.
08/07/17:11:39:09  VP:2208 Debug Kaspersky AV DAT update settings applied successfully.
08/07/17:11:39:09  VP:2208 Debug Load Kaspersky AV SDK ...
08/07/17:11:39:09  VP:2212 Debug Timer Name:'AutoDATUpdate' signaled. IntervalChanged:'TRUE' Force:'FALSE'.
08/07/17:11:39:09  VP:2208 Debug KAV Scans database initialized successfully.
08/07/17:11:39:09  VP:2208 Debug KAV Hashes database initialized successfully.
08/07/17:11:39:09  VP:2208 Debug KAV Events database initialized successfully.
08/07/17:11:39:09  VP:2208 Debug KAV In Progress database initialized successfully.
08/07/17:11:39:09  VP:2208 Debug GetSDKPath - SDK BIN:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN'.
08/07/17:11:39:09  VP:2208 Debug GetSDKPath - SDK BASE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\BASES'.
08/07/17:11:39:09  VP:2208 Debug GetSDKPath - SDK LICENSE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN'.
08/07/17:11:39:09  VP:2208 Debug GetSDKPath - SDK TEMP:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\Temp'.
08/07/17:11:39:12  VP:2208 Debug Kaspersky AV SDK Entry points loaded Successfully
08/07/17:11:39:12  VP:2208 Debug Starting Kaspersky AV engine initialization...
08/07/17:11:39:13  EC:2144 Debug Scheduler callback for client manager.
08/07/17:11:39:13  EC:2144 Info Query client manager 'https://clientmanager.global.sonicwall.com/ecm/getClientLicenseInfo'
08/07/17:11:39:13  EC:2144 Debug Response downloaded to buffer of size 1414
08/07/17:11:39:13  EC:2144 Debug Successfully parsed client manager response buffer
08/07/17:11:39:13  VP:2156 Debug Writing encrypted license update XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\license.xml.enc'.
08/07/17:11:39:13  VP:2156 Debug GetSDKPath - SDK LICENSE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN'.
08/07/17:11:39:13  VP:2156 Debug Extracting zipped files from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\1254985A.zip' to 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\'
08/07/17:11:39:13  VP:2156 Debug Removing old keys from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN' except  '1254985A.key'
08/07/17:11:39:14  EC:2144 Debug Client manager will be queried again in 3600 seconds
08/07/17:11:39:14  EC:2144 Debug Scheduler callback for policy manager.
08/07/17:11:39:14  EC:2144 Info Query policy manager 'http://eprs1.global.sonicwall.com/ws/ecm/policy'
08/07/17:11:39:14  EC:2144 Debug Response downloaded to buffer of size 5808
08/07/17:11:39:14  EC:2144 Debug Successfully parsed policy manager response buffer
08/07/17:11:39:14  EC:2144 Info Received policy 'Epicor Group Policy' from the policy server
08/07/17:11:39:14  VP:2156 Debug Policy has not changed - ignoring set policy call
08/07/17:11:39:14  EC:2144 Debug Policy manager will be queried again in 14400 seconds
08/07/17:11:39:33  VP:2208 Debug Kaspersky AV engine initialized successfully
08/07/17:11:39:33  VP:2208 Debug Added [C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWECAV.exe] to trusted list
08/07/17:11:39:33  VP:2208 Debug Added [C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWEC.exe] to trusted list
08/07/17:11:39:33  VP:2208 Debug Added [C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWECLOG.exe] to trusted list
08/07/17:11:39:33  VP:2208 Debug Added [C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWDash.EXE] to trusted list
08/07/17:11:39:33  VP:2208 Info KAV Version 8.7.0.69 is running.
08/07/17:11:39:33  VP:2208 Debug Apply policy now ...
08/07/17:11:39:33  VP:2208 Debug Parsing Mail Monitor Policy...
08/07/17:11:39:33  VP:2208 Debug Load PoP3 Monitor
08/07/17:11:39:33  VP:2208 Debug Applied Mail Monitor settings successfully.
08/07/17:11:39:33  VP:2208 Debug Parsing Web Policy...
08/07/17:11:39:33  VP:2208 Debug Load WEB Monitor
08/07/17:11:39:33  VP:2208 Debug Applied Web Monitor settings successfully.
08/07/17:11:39:33  VP:2208 Debug Parsing FileMonitor Policy...
08/07/17:11:39:33  VP:2208 Warn File Monitor heuristics is 'High'. Critical Performace degradation is possible. Recommended is 'Low'
08/07/17:11:39:33  VP:2208 Debug Load File Monitor
08/07/17:11:39:33  VP:2208 Debug Windows Security Center status (OnAccess:'On' DAT:'Up To Date') change is Pending.
08/07/17:11:39:33  VP:2208 Debug Applied File Monitor settings successfully.
08/07/17:11:39:33  VP:2208 Debug Adding Scheduled Scan UID:'EN13239977302257A6A20524153' Index:0
08/07/17:11:39:33  VP:2208 Debug Adding Scheduled Scan UID:'EN13239977302907A6A20524153' Index:1
08/07/17:11:39:33  VP:2208 Debug Apply policy is done
08/07/17:11:39:33  VP:2208 Info Kaspersky Virus Protection is Running.
08/07/17:11:41:05  VP:3848 Info Detected:'Trojan' File:'C:\Windows\13035992.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:11:41:13  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:11:41:23  VP:1732 Debug Windows Security Center status (OnAccess:'On' DAT:'Up To Date') set successfully.
08/07/17:11:41:33  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:11:41:37  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\788171573\788171573'
08/07/17:11:41:41  VP:3848 Info Deleted:'C:\Windows\13035992.exe'
08/07/17:11:42:52  VP:3848 Info Detected:'Trojan' File:'C:\Windows\24308184.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:11:42:55  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:11:43:15  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:11:43:17  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\275501057\275501057'
08/07/17:11:43:21  VP:3848 Info Deleted:'C:\Windows\24308184.exe'
08/07/17:11:45:45  VP:3848 Info Detected:'Trojan' File:'C:\Windows\13167064.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:11:45:49  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:11:46:09  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:11:46:11  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\522490591\522490591'
08/07/17:11:46:14  VP:3848 Info Deleted:'C:\Windows\13167064.exe'
08/07/17:11:54:09  EC:2144 Debug Scheduler callback for report manager.
08/07/17:11:54:09  VP:2156 Debug Successfully initialized Updater SDK modules with struct
08/07/17:11:54:09  VP:2156 Debug Successfully initialized Updater SDK modules
08/07/17:11:54:09  VP:2156 Debug Successfully Unloaded Kaspersky Updater SDK
08/07/17:11:54:09  VP:2156 Debug Got report from Kaspersky SDK Successfully.
08/07/17:11:54:09  EC:2144 Debug Successfully got report data from Kaspersky antivirus agent
08/07/17:11:54:09  EC:2144 Info Sending report to 'https://eprs1.global.sonicwall.com/ws/ecm/data'
08/07/17:11:54:10  EC:2144 Debug The report has been sent to the report manager.
08/07/17:11:54:10  EC:2144 Debug Next report will be sent in 86400 seconds
08/07/17:11:54:10  VP:2156 Debug Added 1 hashes to LMX
08/07/17:11:54:10  EC:2144 Debug Successfully got hashes data from Kaspersky antivirus agent
08/07/17:11:54:10  EC:2144 Info Sending hashes to 'https://soniclicense.global.sonicwall.com/ecm'
08/07/17:11:56:10  VP:3848 Info Detected:'Trojan' File:'C:\Windows\19851736.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:11:56:14  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:11:56:34  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:11:56:36  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\598011409\598011409'
08/07/17:11:56:39  VP:3848 Info Deleted:'C:\Windows\19851736.exe'
08/07/17:11:58:22  VP:3848 Info Detected:'Trojan' File:'C:\Windows\9300440.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:11:58:26  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:11:58:46  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:11:58:49  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\1095670994\1095670994'
08/07/17:11:58:52  VP:3848 Info Deleted:'C:\Windows\9300440.exe'
08/07/17:11:58:54  VP:3848 Info Detected:'Trojan' File:'C:\Windows\11332056.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:11:58:54  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:11:59:14  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:11:59:16  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\875298506\875298506'
08/07/17:11:59:19  VP:3848 Info Deleted:'C:\Windows\11332056.exe'
08/07/17:11:59:22  VP:3848 Info Detected:'Trojan' File:'C:\Windows\18672088.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:11:59:22  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:11:59:42  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:11:59:44  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\446799671\446799671'
08/07/17:11:59:46  VP:3848 Info Deleted:'C:\Windows\18672088.exe'
08/07/17:12:00:12  VP:3848 Info Detected:'Trojan' File:'C:\Windows\17164480.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:12:00:12  VP:3848 Info Deleted:'C:\Windows\17164480.exe'
08/07/17:12:03:06  VP:3848 Info Detected:'Trojan' File:'C:\Windows\12446168.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:12:03:09  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:12:03:29  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:12:03:32  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\276715088\276715088'
08/07/17:12:03:34  VP:3848 Info Deleted:'C:\Windows\12446168.exe'
08/07/17:12:39:16  EC:2144 Debug Scheduler callback for client manager.
08/07/17:12:39:16  EC:2144 Info Query client manager 'https://clientmanager.global.sonicwall.com/ecm/getClientLicenseInfo'
08/07/17:12:39:17  EC:2144 Debug Response downloaded to buffer of size 1414
08/07/17:12:39:17  EC:2144 Debug Successfully parsed client manager response buffer
08/07/17:12:39:17  VP:2156 Debug Writing encrypted license update XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\license.xml.enc'.
08/07/17:12:39:17  VP:2156 Debug GetSDKPath - SDK LICENSE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN'.
08/07/17:12:39:17  VP:2156 Debug Extracting zipped files from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\1254985A.zip' to 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\'
08/07/17:12:39:17  VP:2156 Debug Removing old keys from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN' except  '1254985A.key'
08/07/17:12:39:17  EC:2144 Debug Client manager will be queried again in 3600 seconds
08/07/17:13:13:08  VP:3848 Info Detected:'Trojan' File:'C:\Windows\12839384.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:13:13:12  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:13:13:32  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:13:13:34  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\1100103294\1100103294'
08/07/17:13:13:37  VP:3848 Info Deleted:'C:\Windows\12839384.exe'
08/07/17:13:14:58  VP:3848 Info Detected:'Trojan' File:'C:\Windows\6416576.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:13:15:02  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:13:15:22  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:13:15:25  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\1100356046\1100356046'
08/07/17:13:15:27  VP:3848 Info Deleted:'C:\Windows\6416576.exe'
08/07/17:13:16:11  VP:3848 Info Detected:'Trojan' File:'C:\Windows\25160152.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:13:16:11  VP:3848 Info Deleted:'C:\Windows\25160152.exe'
08/07/17:13:16:26  VP:3848 Info Detected:'Trojan' File:'C:\Windows\23259608.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:13:16:26  VP:3848 Info Deleted:'C:\Windows\23259608.exe'
08/07/17:13:17:46  VP:3848 Info Detected:'Trojan' File:'C:\Windows\12839384.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:13:17:49  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:13:18:09  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:13:18:12  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\281195546\281195546'
08/07/17:13:18:14  VP:3848 Info Deleted:'C:\Windows\12839384.exe'
08/07/17:13:18:19  VP:3848 Info Detected:'Trojan' File:'C:\Windows\18606552.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:13:18:19  VP:3848 Info Deleted:'C:\Windows\18606552.exe'
08/07/17:13:18:45  VP:3848 Info Detected:'Trojan' File:'C:\Windows\25487536.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:13:18:45  VP:3848 Info Deleted:'C:\Windows\25487536.exe'
08/07/17:13:19:10  VP:3848 Info Detected:'Trojan' File:'C:\Windows\17557976.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:13:19:10  VP:3848 Info Deleted:'C:\Windows\17557976.exe'
08/07/17:13:20:46  VP:3848 Info Detected:'Trojan' File:'C:\Windows\28961240.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:13:20:49  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:13:21:09  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:13:21:12  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\120007060\120007060'
08/07/17:13:21:14  VP:3848 Info Deleted:'C:\Windows\28961240.exe'
08/07/17:13:21:52  VP:3848 Info Detected:'Trojan' File:'C:\Windows\20113880.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:13:21:52  VP:3848 Info Deleted:'C:\Windows\20113880.exe'
08/07/17:13:39:09  VP:2212 Debug Timer Name:'AutoDATUpdate' signaled. IntervalChanged:'FALSE' Force:'FALSE'.
08/07/17:13:39:09  VP:2212 Debug Loading Kaspersky DAT Updater SDK ...
08/07/17:13:39:09  VP:2212 Debug Successfully initialized Updater SDK modules with struct
08/07/17:13:39:09  VP:2212 Debug Successfully initialized Updater SDK modules
08/07/17:13:39:09  VP:2212 Info Starting Kaspersky AV DAT Update...
08/07/17:13:39:09  VP:2212 Debug Downloading latest Database update...
08/07/17:13:39:11  VP:3600 Info DataBase Reload Started
08/07/17:13:39:17  EC:2144 Debug Scheduler callback for client manager.
08/07/17:13:39:17  EC:2144 Info Query client manager 'https://clientmanager.global.sonicwall.com/ecm/getClientLicenseInfo'
08/07/17:13:39:18  EC:2144 Debug Response downloaded to buffer of size 1414
08/07/17:13:39:18  EC:2144 Debug Successfully parsed client manager response buffer
08/07/17:13:39:18  VP:2156 Debug Writing encrypted license update XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\license.xml.enc'.
08/07/17:13:39:18  VP:2156 Debug GetSDKPath - SDK LICENSE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN'.
08/07/17:13:39:18  VP:2156 Debug Extracting zipped files from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\1254985A.zip' to 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\'
08/07/17:13:39:18  VP:2156 Debug Removing old keys from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN' except  '1254985A.key'
08/07/17:13:39:18  EC:2144 Debug Client manager will be queried again in 3600 seconds
08/07/17:13:39:59  VP:2212 Debug Kaspersky Updater SDK: event 'update result' Received with code:'OK'
08/07/17:13:39:59  VP:3600 Info DataBase Reload Finished
08/07/17:13:39:59  VP:2212 Info Kaspersky AV DAT Update successful.
08/07/17:13:39:59  VP:2212 Debug UnLoading Kaspersky DAT Updater SDK ...
08/07/17:13:39:59  VP:2212 Debug Successfully Unloaded Kaspersky Updater SDK
08/07/17:13:39:59  VP:2212 Debug Resetting Kaspersky DAT update timer interval
08/07/17:13:39:59  VP:2212 Debug Windows Security Center status (OnAccess:'On' DAT:'Up To Date') set successfully.
08/07/17:14:28:07  VP:3848 Info Detected:'Trojan' File:'C:\Windows\18934232.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:14:28:15  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:14:28:22  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:14:28:26  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\24305532\24305532'
08/07/17:14:28:31  VP:3848 Info Deleted:'C:\Windows\18934232.exe'
08/07/17:14:29:42  VP:3848 Info Detected:'Trojan' File:'C:\Windows\15985112.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:14:29:46  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:14:30:06  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:14:30:09  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\607223970\607223970'
08/07/17:14:30:12  VP:3848 Info Deleted:'C:\Windows\15985112.exe'
08/07/17:14:30:14  VP:3848 Info Detected:'Trojan' File:'C:\Windows\25225408.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:14:30:14  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:14:30:34  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:14:30:36  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\1104850140\1104850140'
08/07/17:14:30:39  VP:3848 Info Deleted:'C:\Windows\25225408.exe'
08/07/17:14:32:35  VP:3848 Info Detected:'Trojan' File:'C:\Windows\19589592.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:14:32:39  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:14:32:59  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:14:33:02  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\285684693\285684693'
08/07/17:14:33:04  VP:3848 Info Deleted:'C:\Windows\19589592.exe'
08/07/17:14:39:18  EC:2144 Debug Scheduler callback for client manager.
08/07/17:14:39:18  EC:2144 Info Query client manager 'https://clientmanager.global.sonicwall.com/ecm/getClientLicenseInfo'
08/07/17:14:39:19  EC:2144 Debug Response downloaded to buffer of size 1414
08/07/17:14:39:19  EC:2144 Debug Successfully parsed client manager response buffer
08/07/17:14:39:19  VP:2156 Debug Writing encrypted license update XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\license.xml.enc'.
08/07/17:14:39:19  VP:2156 Debug GetSDKPath - SDK LICENSE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN'.
08/07/17:14:39:19  VP:2156 Debug Extracting zipped files from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\1254985A.zip' to 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\'
08/07/17:14:39:19  VP:2156 Debug Removing old keys from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN' except  '1254985A.key'
08/07/17:14:39:19  EC:2144 Debug Client manager will be queried again in 3600 seconds
08/07/17:14:41:34  VP:3848 Info Detected:'Trojan' File:'C:\Windows\11856344.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:14:41:39  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:14:41:59  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:14:42:02  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\124855509\124855509'
08/07/17:14:42:04  VP:3848 Info Deleted:'C:\Windows\11856344.exe'
08/07/17:14:42:57  VP:3848 Info Detected:'Trojan' File:'C:\Windows\25422000.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:14:42:57  VP:3848 Info Deleted:'C:\Windows\25422000.exe'
08/07/17:14:43:35  VP:3848 Info Detected:'Trojan' File:'C:\Windows\9497048.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:14:43:40  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:14:44:00  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:14:44:02  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\1105584046\1105584046'
08/07/17:14:44:06  VP:3848 Info Deleted:'C:\Windows\9497048.exe'
08/07/17:14:46:37  VP:3848 Info Detected:'Trojan' File:'C:\Windows\12315096.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:14:46:41  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:14:47:01  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:14:47:04  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\885376389\885376389'
08/07/17:14:47:07  VP:3848 Info Deleted:'C:\Windows\12315096.exe'
08/07/17:14:48:13  VP:3848 Info Detected:'Trojan' File:'C:\Windows\12446168.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:14:48:19  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:14:48:39  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:14:48:42  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\10458915\10458915'
08/07/17:14:48:44  VP:3848 Info Deleted:'C:\Windows\12446168.exe'
08/07/17:14:51:43  VP:3848 Info Detected:'Trojan' File:'C:\Windows\25422000.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:14:51:48  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:14:52:08  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:14:52:10  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\505534750\505534750'
08/07/17:14:52:11  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\506060046\506060046'
08/07/17:14:52:14  VP:3848 Info Deleted:'C:\Windows\25422000.exe'
08/07/17:14:53:37  VP:3848 Info Detected:'Trojan' File:'C:\Windows\10480088.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:14:53:42  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:14:54:02  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:14:54:04  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\1049580810\1049580810'
08/07/17:14:54:07  VP:3848 Info Deleted:'C:\Windows\10480088.exe'
08/07/17:14:56:26  VP:3848 Info Detected:'Trojan' File:'C:\Windows\18278872.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:14:56:31  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:14:56:51  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:14:56:54  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\608828393\608828393'
08/07/17:14:56:58  VP:3848 Info Deleted:'C:\Windows\18278872.exe'
08/07/17:14:57:00  VP:3848 Info Detected:'Trojan' File:'C:\Windows\15853744.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:14:57:00  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:14:57:20  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:14:57:23  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\506369625\506369625'
08/07/17:14:57:27  VP:3848 Info Deleted:'C:\Windows\15853744.exe'
08/07/17:15:02:09  VP:3848 Info Detected:'Trojan' File:'C:\Windows\25356480.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:15:02:17  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:15:02:22  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:15:02:27  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\1106782703\1106782703'
08/07/17:15:02:32  VP:3848 Info Deleted:'C:\Windows\25356480.exe'
08/07/17:15:09:56  VP:3848 Info Detected:'Trojan' File:'C:\Windows\11921880.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:15:10:02  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:15:10:22  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:15:10:24  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\287924633\287924633'
08/07/17:15:10:26  VP:3848 Info Deleted:'C:\Windows\11921880.exe'
08/07/17:15:39:14  EC:2144 Debug Scheduler callback for policy manager.
08/07/17:15:39:14  EC:2144 Info Query policy manager 'http://eprs1.global.sonicwall.com/ws/ecm/policy'
08/07/17:15:39:14  EC:2144 Debug Response downloaded to buffer of size 5808
08/07/17:15:39:14  EC:2144 Debug Successfully parsed policy manager response buffer
08/07/17:15:39:14  EC:2144 Info Received policy 'Epicor Group Policy' from the policy server
08/07/17:15:39:15  VP:2156 Debug Policy has not changed - ignoring set policy call
08/07/17:15:39:15  EC:2144 Debug Policy manager will be queried again in 14400 seconds
08/07/17:15:39:20  EC:2144 Debug Scheduler callback for client manager.
08/07/17:15:39:20  EC:2144 Info Query client manager 'https://clientmanager.global.sonicwall.com/ecm/getClientLicenseInfo'
08/07/17:15:39:20  EC:2144 Debug Response downloaded to buffer of size 1414
08/07/17:15:39:20  EC:2144 Debug Successfully parsed client manager response buffer
08/07/17:15:39:20  VP:2156 Debug Writing encrypted license update XML file 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\license.xml.enc'.
08/07/17:15:39:20  VP:2156 Debug GetSDKPath - SDK LICENSE:'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN'.
08/07/17:15:39:20  VP:2156 Debug Extracting zipped files from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\\Services\Antivirus\Kaspersky\1254985A.zip' to 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN\'
08/07/17:15:39:20  VP:2156 Debug Removing old keys from 'C:\Program Files\SonicWALL\SonicWALL Enforced Client\Services\AntiVirus\Kaspersky\BIN' except  '1254985A.key'
08/07/17:15:39:21  EC:2144 Debug Client manager will be queried again in 3600 seconds
08/07/17:15:39:59  VP:2212 Debug Timer Name:'AutoDATUpdate' signaled. IntervalChanged:'FALSE' Force:'FALSE'.
08/07/17:15:39:59  VP:2212 Debug Loading Kaspersky DAT Updater SDK ...
08/07/17:15:39:59  VP:2212 Debug Successfully initialized Updater SDK modules with struct
08/07/17:15:39:59  VP:2212 Debug Successfully initialized Updater SDK modules
08/07/17:15:39:59  VP:2212 Info Starting Kaspersky AV DAT Update...
08/07/17:15:39:59  VP:2212 Debug Downloading latest Database update...
08/07/17:15:40:01  VP:3600 Info DataBase Reload Started
08/07/17:15:40:24  VP:2212 Debug Kaspersky Updater SDK: event 'update result' Received with code:'OK'
08/07/17:15:40:24  VP:2212 Info Kaspersky AV DAT Update successful.
08/07/17:15:40:24  VP:2212 Debug UnLoading Kaspersky DAT Updater SDK ...
08/07/17:15:40:24  VP:2212 Debug Successfully Unloaded Kaspersky Updater SDK
08/07/17:15:40:24  VP:2212 Debug Resetting Kaspersky DAT update timer interval
08/07/17:15:40:24  VP:3600 Info DataBase Reload Finished
08/07/17:15:40:24  VP:2212 Debug Windows Security Center status (OnAccess:'On' DAT:'Up To Date') set successfully.
08/07/17:15:50:11  VP:3848 Info Detected:'Trojan' File:'C:\Windows\11856344.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:15:50:17  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:15:50:37  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:15:50:40  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\537155138\537155138'
08/07/17:15:50:43  VP:3848 Info Deleted:'C:\Windows\11856344.exe'
08/07/17:15:51:33  VP:3848 Info Detected:'Trojan' File:'C:\Windows\9038296.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:15:51:33  VP:3848 Info Deleted:'C:\Windows\9038296.exe'
08/07/17:15:57:37  VP:3848 Info Detected:'Trojan' File:'C:\Windows\8251864.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:15:57:42  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:15:58:02  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:15:58:05  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\612498020\612498020'
08/07/17:15:58:08  VP:3848 Info Deleted:'C:\Windows\8251864.exe'
08/07/17:15:58:12  VP:3848 Info Detected:'Trojan' File:'C:\Windows\25356464.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:15:58:12  VP:3848 Info Deleted:'C:\Windows\25356464.exe'
08/07/17:16:00:17  VP:3848 Info Detected:'Trojan' File:'C:\Windows\9038296.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:16:00:25  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:16:00:27  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:16:00:31  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\1053579506\1053579506'
08/07/17:16:00:32  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\1109660414\1109660414'
08/07/17:16:00:35  VP:3848 Info Deleted:'C:\Windows\9038296.exe'
08/07/17:16:00:46  VP:3848 Info Detected:'Trojan' File:'C:\Windows\12642776.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:16:00:46  VP:3848 Info Deleted:'C:\Windows\12642776.exe'
08/07/17:16:02:06  VP:3848 Info Detected:'Trojan' File:'C:\Windows\23980504.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:16:02:10  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:16:02:30  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:16:02:33  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\1110241581\1110241581'
08/07/17:16:02:36  VP:3848 Info Deleted:'C:\Windows\23980504.exe'
08/07/17:16:07:25  VP:3848 Info Detected:'Trojan' File:'C:\Windows\12708312.exe' Threat:'HEUR:Trojan.Win32.Generic' Severity:'High'
08/07/17:16:07:30  VP:3848 Info Advanced Disinfection procedure is required
08/07/17:16:07:50  VP:3848 Warn Advanced Disinfection procedure is cancelled.
08/07/17:16:07:52  VP:3848 Info Deleted:'HKLM\System\ControlSet001\Services\30265925\30265925'
08/07/17:16:07:55  VP:3848 Info Deleted:'C:\Windows\12708312.exe'


#5 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:01:03 PM

Posted 07 August 2017 - 04:41 PM

Could please copy and paste your addition.txt that was generated when you ran the FRST scan, it will be in the same directory as the executable.

 

Thanks



#6 vanbibber

vanbibber
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:03 PM

Posted 07 August 2017 - 05:07 PM

Additions.txt is already pasted into the original posting

#7 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:01:03 PM

Posted 07 August 2017 - 05:09 PM

Thanks. I will confer with my instructor and reply as soon as possible.

 

John



#8 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:01:03 PM

Posted 10 August 2017 - 05:22 AM

Hi Tim,

 

Thanks for your patience. Let's get fixing.

 

i5r8d1.jpg   Please create a new text file located in the same directory as FRST.exe, copy these lines into it and then save it.

CreateRestorePoint:
Task: {A927C4C6-8D3B-44D0-BBDE-28D85E513D6A} - \{8AAFD274-4A3C-4500-98DF-0108964C45C9} -> No File <==== ATTENTION
Task: {35AC60CC-DD20-4F56-9DC1-FBC0B82B4C84} - \{7A547248-872D-4534-AE65-06196D847B9E} -> No File <==== ATTENTION
Task: {8A5AB1C8-8CCB-4957-97D7-A8006FDB2D5E} - \{BB363C98-1C20-4DE6-AD4A-D9F32CE82BE0} -> No File <==== ATTENTION
Task: {A2B1D23E-E467-4B95-B024-2618FC00AD0C} - System32\Tasks\{FB103ADA-6BB9-40E3-ACB2-682B31767B87} => C:\Users\HBC.CAC\AppData\Roaming\Microsoft\Bzezaridz\bzezarid.exe
EmptyTemp:

if you use a Domain firewall policy on Windows firewall please add these lines and save the file again

FirewallRules: [{262EF2F6-11DC-4C67-8F3E-033925DD2BA2}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{CD5FAC2E-8D7B-4F9C-A34A-6D2A374611C0}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{6357956D-61CB-4CB3-8E8D-E51FDD2D19F7}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{E66789CA-14F5-49CF-9F43-45C2FBBA97DA}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{F6F39870-0F9B-4689-84FC-A42759D7A286}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{58110752-45AF-4501-9153-3922535DA3A0}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{5FB70F3F-F998-4D64-B7F5-028F257FC1AC}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{46FAC6AC-F0F2-46AE-8B85-64D7A865BE48}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{E984F31A-C9BC-4402-9D08-ED15A39DBF22}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{43F0975C-ACA6-4185-88F6-EDA53C55E80B}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{5EEB1756-3470-4F5D-930F-3E5EEEE9D1A5}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{B1EBAEF8-6231-44EF-8B49-9AFF177D6E4A}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{67925EDF-90D8-4909-9294-92776A159773}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{115FB18D-C2EC-476D-93AB-42F3632D96E0}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{3D9F3B7D-C01F-492B-828A-4F1D0F0E5F7C}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{89BE475B-649C-48C4-8D7A-2078B3052246}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{FD067812-FA82-4481-8765-80B22AEB8104}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{A45112E0-DFEE-496C-ABB0-B21F37A5B035}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{EF53F8D6-5BAA-4C1D-A274-8F821EFC928D}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{DC5A310E-F9C7-4E0B-ADAA-0963994D321F}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{0D2C14AB-9351-4B81-90A9-580AA55D81CE}] => (Allow) C:\Windows\explorer.exe

if you do not use RDP (only VNC) please add this line and save again

FirewallRules: [{35A564AA-2BE5-4B51-8AE2-747E1C4CE9A6}] => (Allow) LPort=3389
  • Now name that file fixlist.txt
  • Please run FRST
  • Click the "fix" button.
  • Your PC may restart automatically to complete the fix.
  • Please note the removal log.

Next...

 

Unless you have a gateway proxy and Windows Firewall is deliberately disabled, please enable and start Windows Firewall from your services control panel. (Win key + R for run dialogue, then enter services.msc)

 

Next...

 

The UAC settings have been disabled and software is installing without Administrator permission. To reset to default settings copy the following into a new text document

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001

Save the file as "reset_permissions.reg"

 

Double click the file and OK to add the information to the registry.

 

i5r8d1.jpg  Please run Farbar Recovery Scan Tool again.

  • Click Yes to allow the application
  • Click Scan, wait for the log to appear
  • Copy and paste the results into your next reply

 

Please include in your reply

  • FRST fixlog
  • new FRST scan logs
  • how is the machine behaving now ?

John


Edited by TsVk!, 10 August 2017 - 05:24 AM.


#9 vanbibber

vanbibber
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:03 PM

Posted 10 August 2017 - 07:59 AM

Fix result of Farbar Recovery Scan Tool (x86) Version: 06-08-2017
Ran by vanbibber-t (10-08-2017 07:28:20) Run:1
Running from C:\
Loaded Profiles: vanbibber-t (Available Profiles: vanbibber-t & salazar-m & mcgettes-t & CAC & HBC)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
Task: {A927C4C6-8D3B-44D0-BBDE-28D85E513D6A} - \{8AAFD274-4A3C-4500-98DF-0108964C45C9} -> No File <==== ATTENTION
Task: {35AC60CC-DD20-4F56-9DC1-FBC0B82B4C84} - \{7A547248-872D-4534-AE65-06196D847B9E} -> No File <==== ATTENTION
Task: {8A5AB1C8-8CCB-4957-97D7-A8006FDB2D5E} - \{BB363C98-1C20-4DE6-AD4A-D9F32CE82BE0} -> No File <==== ATTENTION
Task: {A2B1D23E-E467-4B95-B024-2618FC00AD0C} - System32\Tasks\{FB103ADA-6BB9-40E3-ACB2-682B31767B87} => C:\Users\HBC.CAC\AppData\Roaming\Microsoft\Bzezaridz\bzezarid.exe
FirewallRules: [{35A564AA-2BE5-4B51-8AE2-747E1C4CE9A6}] => (Allow) LPort=3389
FirewallRules: [{262EF2F6-11DC-4C67-8F3E-033925DD2BA2}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{CD5FAC2E-8D7B-4F9C-A34A-6D2A374611C0}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{6357956D-61CB-4CB3-8E8D-E51FDD2D19F7}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{E66789CA-14F5-49CF-9F43-45C2FBBA97DA}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{F6F39870-0F9B-4689-84FC-A42759D7A286}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{58110752-45AF-4501-9153-3922535DA3A0}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{5FB70F3F-F998-4D64-B7F5-028F257FC1AC}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{46FAC6AC-F0F2-46AE-8B85-64D7A865BE48}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{E984F31A-C9BC-4402-9D08-ED15A39DBF22}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{43F0975C-ACA6-4185-88F6-EDA53C55E80B}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{5EEB1756-3470-4F5D-930F-3E5EEEE9D1A5}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{B1EBAEF8-6231-44EF-8B49-9AFF177D6E4A}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{67925EDF-90D8-4909-9294-92776A159773}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{115FB18D-C2EC-476D-93AB-42F3632D96E0}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{3D9F3B7D-C01F-492B-828A-4F1D0F0E5F7C}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{89BE475B-649C-48C4-8D7A-2078B3052246}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{FD067812-FA82-4481-8765-80B22AEB8104}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{A45112E0-DFEE-496C-ABB0-B21F37A5B035}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{EF53F8D6-5BAA-4C1D-A274-8F821EFC928D}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{DC5A310E-F9C7-4E0B-ADAA-0963994D321F}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{0D2C14AB-9351-4B81-90A9-580AA55D81CE}] => (Allow) C:\Windows\explorer.exe
 
EmptyTemp:
*****************
 
Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A927C4C6-8D3B-44D0-BBDE-28D85E513D6A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A927C4C6-8D3B-44D0-BBDE-28D85E513D6A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8AAFD274-4A3C-4500-98DF-0108964C45C9} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35AC60CC-DD20-4F56-9DC1-FBC0B82B4C84} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35AC60CC-DD20-4F56-9DC1-FBC0B82B4C84} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7A547248-872D-4534-AE65-06196D847B9E} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A5AB1C8-8CCB-4957-97D7-A8006FDB2D5E} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A5AB1C8-8CCB-4957-97D7-A8006FDB2D5E} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BB363C98-1C20-4DE6-AD4A-D9F32CE82BE0} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2B1D23E-E467-4B95-B024-2618FC00AD0C} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2B1D23E-E467-4B95-B024-2618FC00AD0C} => key removed successfully.
C:\Windows\System32\Tasks\{FB103ADA-6BB9-40E3-ACB2-682B31767B87} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FB103ADA-6BB9-40E3-ACB2-682B31767B87} => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{35A564AA-2BE5-4B51-8AE2-747E1C4CE9A6} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{262EF2F6-11DC-4C67-8F3E-033925DD2BA2} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CD5FAC2E-8D7B-4F9C-A34A-6D2A374611C0} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6357956D-61CB-4CB3-8E8D-E51FDD2D19F7} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E66789CA-14F5-49CF-9F43-45C2FBBA97DA} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F6F39870-0F9B-4689-84FC-A42759D7A286} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{58110752-45AF-4501-9153-3922535DA3A0} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5FB70F3F-F998-4D64-B7F5-028F257FC1AC} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{46FAC6AC-F0F2-46AE-8B85-64D7A865BE48} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E984F31A-C9BC-4402-9D08-ED15A39DBF22} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{43F0975C-ACA6-4185-88F6-EDA53C55E80B} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5EEB1756-3470-4F5D-930F-3E5EEEE9D1A5} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B1EBAEF8-6231-44EF-8B49-9AFF177D6E4A} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{67925EDF-90D8-4909-9294-92776A159773} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{115FB18D-C2EC-476D-93AB-42F3632D96E0} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D9F3B7D-C01F-492B-828A-4F1D0F0E5F7C} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{89BE475B-649C-48C4-8D7A-2078B3052246} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FD067812-FA82-4481-8765-80B22AEB8104} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A45112E0-DFEE-496C-ABB0-B21F37A5B035} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EF53F8D6-5BAA-4C1D-A274-8F821EFC928D} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DC5A310E-F9C7-4E0B-ADAA-0963994D321F} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D2C14AB-9351-4B81-90A9-580AA55D81CE} => value removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5824650 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 18153628 B
Edge => 0 B
Chrome => 798381 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33125 B
Public => 0 B
ProgramData => 0 B
systemprofile => 29554951 B
LocalService => 0 B
NetworkService => 66228 B
VanBibber-T => 2928981 B
salazar-m => 32198 B
mcgettes-t => 43119 B
hbc => 65314 B
HBC.CAC => 1322236 B
 
RecycleBin => 0 B
EmptyTemp: => 64.1 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 07:28:44 ====
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-08-2017
Ran by vanbibber-t (administrator) on CAC (10-08-2017 07:35:30)
Running from C:\
Loaded Profiles: vanbibber-t (Available Profiles: vanbibber-t & salazar-m & mcgettes-t & CAC & HBC)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\vmicsvc.exe
(Microsoft Corporation) C:\Windows\System32\vmicsvc.exe
(Microsoft Corporation) C:\Windows\System32\vmicsvc.exe
(Microsoft Corporation) C:\Windows\System32\vmicsvc.exe
(Microsoft Corporation) C:\Windows\System32\vmicsvc.exe
(Epicor Software Corporation) C:\Program Files\Epicor\Analytics\Eagle\CompassSchedulerService.exe
(Epicor Software Corporation) C:\Program Files\Epicor\Analytics\Eagle\EagleClientProfilesService.exe
(SonicWall Inc.) C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWECLOG.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Epicor Software Corporation) C:\Program Files\Epicor\eConnect\eConnectTaskService.exe
() C:\Windows\System32\storageshed.exe
(SonicWall Inc.) C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWEC.exe
(SonicWall Inc.) C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWECAV.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Epicor Software Corporation) C:\Program Files\Epicor\eConnect\eConnectTray.exe
(SonicWall Inc.) C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWDash.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [1690096 2013-07-19] (GlavSoftLLC.)
HKLM\...\Run: [Eagle eConnect Tray Monitor] => C:\Program Files\Epicor\eConnect\eConnectTray.exe [28160 2016-10-12] (EpicorSoftwareCorporation)
HKLM\...\Run: [ECM Dashboard] => C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWDash.exe [10721280 2017-03-15] (SonicWallInc.)
HKU\S-1-5-21-3039522607-814947754-2739937932-1104\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7658200 2017-06-30] (PiriformLtd)
HKU\S-1-5-21-3039522607-814947754-2739937932-1104\...\Policies\system: [NoColorChoice] 1
HKU\S-1-5-21-3039522607-814947754-2739937932-1104\...\Policies\system: [NoVisualStyleChoice] 1
HKU\S-1-5-21-3039522607-814947754-2739937932-1104\...\Policies\Explorer: [NoThemesTab] 1
Startup: C:\Users\hbc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eagle Listener.lnk [2017-04-28]
ShortcutTarget: Eagle Listener.lnk -> C:\3apps\Catapult\3listen.exe (Epicor Software Corporation)
Startup: C:\Users\hbc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eagle Scheduler.lnk [2017-04-28]
ShortcutTarget: Eagle Scheduler.lnk -> C:\3apps\Catapult\Sched.exe (Epicor Software Corporation)
Startup: C:\Users\VanBibber-T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eagle Listener.lnk [2017-08-08]
ShortcutTarget: Eagle Listener.lnk -> C:\3apps\Catapult\3listen.exe (Epicor Software Corporation)
Startup: C:\Users\VanBibber-T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eagle Scheduler.lnk [2017-08-08]
ShortcutTarget: Eagle Scheduler.lnk -> C:\3apps\Catapult\Sched.exe (Epicor Software Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{BB852057-B039-47BF-8D0C-67FFD445374A}: [NameServer] 10.95.3.254,10.95.3.250,8.8.8.8
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3039522607-814947754-2739937932-1104\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
DPF: {CB7FBF9A-F0FE-4DF2-AFDD-4EA305116E3B} hxxp://software.sonicwall.com/applications/SEC/ClientSoftware/SWECMControlX.cab
 
FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\VanBibber-T\AppData\Local\Google\Chrome\User Data\Default [2017-08-10]
CHR Extension: (Docs) - C:\Users\VanBibber-T\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-26]
CHR Extension: (No Name) - C:\Users\VanBibber-T\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-26]
CHR Extension: (No Name) - C:\Users\VanBibber-T\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-26]
CHR Extension: (No Name) - C:\Users\VanBibber-T\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\VanBibber-T\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-26]
CHR Extension: (No Name) - C:\Users\VanBibber-T\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-26]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CompassScheduler; C:\Program Files\Epicor\Analytics\Eagle\CompassSchedulerService.exe [189952 2016-06-13] (EpicorSoftwareCorporation) [File not signed]
R2 EagleClientProfiles; C:\Program Files\Epicor\Analytics\Eagle\EagleClientProfilesService.exe [163840 2016-06-13] (EpicorSoftwareCorporation) [File not signed]
S3 eConnect.ListenerService; C:\Program Files\Epicor\eConnect\eConnectListenerService.exe [17920 2016-10-12] (EpicorSoftwareCorporation) [File not signed]
R2 eConnect.TaskService; C:\Program Files\Epicor\eConnect\eConnectTaskService.exe [18944 2016-10-12] (EpicorSoftwareCorporation) [File not signed]
S3 Norris Tasks; C:\Program Files\Epicor\Analytics\Eagle\NorrisTaskService.exe [103424 2016-06-13] (EpicorSoftwareCorporation) [File not signed]
R2 SEC; C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWEC.exe [970240 2017-03-15] (SonicWallInc.) [File not signed]
R2 SECAV; C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWECAV.exe [2078272 2017-03-14] (SonicWallInc.)
R2 SECLOG; C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWECLOG.exe [318392 2017-03-15] (SonicWallInc.)
S2 storageshed; C:\Windows\system32\storageshed.exe [120320 2017-08-10] () [File not signed]
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [1690096 2013-07-19] (GlavSoftLLC.)
R2 vmicheartbeat; C:\Windows\system32\vmicsvc.exe [215552 2010-11-20] (MicrosoftCorporation)
R2 vmickvpexchange; C:\Windows\system32\vmicsvc.exe [215552 2010-11-20] (MicrosoftCorporation)
R2 vmicshutdown; C:\Windows\system32\vmicsvc.exe [215552 2010-11-20] (MicrosoftCorporation)
R2 vmictimesync; C:\Windows\system32\vmicsvc.exe [215552 2010-11-20] (MicrosoftCorporation)
R2 vmicvss; C:\Windows\system32\vmicsvc.exe [215552 2010-11-20] (MicrosoftCorporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (MicrosoftCorporation)
S2 1031926723; %SystemRoot%\12380632.exe [X]
S2 1252881079; %SystemRoot%\9890264.exe [X]
S2 1275723962; %SystemRoot%\9234904.exe [X]
S2 1279936114; %SystemRoot%\9038296.exe [X]
S2 17742765; %SystemRoot%\15788224.exe [X]
S2 181101685; %SystemRoot%\24046040.exe [X]
S2 183803107; %SystemRoot%\19327448.exe [X]
S2 22361214; %SystemRoot%\22866392.exe [X]
S2 45778352; %SystemRoot%\9038296.exe [X]
S2 48480992; %SystemRoot%\19524056.exe [X]
S2 53196668; %SystemRoot%\22604248.exe [X]
S2 627153066; %SystemRoot%\21686744.exe [X]
S2 630167645; %SystemRoot%\22014424.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [15952 2009-07-13] (CMDTechnology,Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [165296 2016-08-25] (AOKasperskyLab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141136 2016-08-25] (AOKasperskyLab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [111440 2016-08-25] (AOKasperskyLab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [786256 2016-08-25] (AOKasperskyLab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [108888 2016-08-25] (AOKasperskyLab)
R3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (MicrosoftCorporation)
R3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (MicrosoftCorporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-10 07:32 - 2017-08-10 07:33 - 000000278 _____ C:\Users\VanBibber-T\Desktop\reset_permission.reg
2017-08-10 07:28 - 2017-08-10 07:28 - 000009151 _____ C:\Fixlog.txt
2017-08-10 04:55 - 2017-08-10 04:55 - 000120320 _____ C:\Windows\system32\storageshed.exe
2017-08-08 20:07 - 2017-07-29 09:50 - 000074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-08-08 20:07 - 2017-07-21 09:26 - 000518144 _____ C:\Windows\system32\msjetoledb40.dll
2017-08-08 20:07 - 2017-07-21 09:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\system32\msexch40.dll
2017-08-08 20:07 - 2017-07-21 09:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\system32\msjtes40.dll
2017-08-08 20:07 - 2017-07-21 09:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\system32\mstext40.dll
2017-08-08 20:07 - 2017-07-15 12:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-08-08 20:07 - 2017-07-14 10:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-08-08 20:07 - 2017-07-14 10:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-08-08 20:07 - 2017-07-14 10:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-08-08 20:07 - 2017-07-14 10:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-08-08 20:07 - 2017-07-14 10:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-08-08 20:07 - 2017-07-14 10:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-08-08 20:07 - 2017-07-14 10:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-08-08 20:07 - 2017-07-14 10:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-08-08 20:07 - 2017-07-14 10:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-08-08 20:07 - 2017-07-14 10:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-08-08 20:07 - 2017-07-14 10:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-08-08 20:07 - 2017-07-14 10:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-08-08 20:07 - 2017-07-14 09:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-08-08 20:07 - 2017-07-14 09:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-08-08 20:07 - 2017-07-14 09:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-08-08 20:07 - 2017-07-14 09:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-08-08 20:07 - 2017-07-13 22:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-08-08 20:07 - 2017-07-13 22:00 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-08-08 20:07 - 2017-07-13 21:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-08-08 20:07 - 2017-07-13 21:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-08-08 20:07 - 2017-07-13 21:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-08-08 20:07 - 2017-07-13 21:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-08-08 20:07 - 2017-07-13 21:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-08-08 20:07 - 2017-07-13 21:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-08-08 20:07 - 2017-07-13 21:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-08-08 20:07 - 2017-07-13 21:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-08-08 20:07 - 2017-07-13 21:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-08-08 20:07 - 2017-07-13 21:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-08-08 20:07 - 2017-07-13 21:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-08-08 20:07 - 2017-07-13 21:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-08-08 20:07 - 2017-07-13 21:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-08-08 20:07 - 2017-07-13 21:38 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-08-08 20:07 - 2017-07-13 21:33 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-08-08 20:07 - 2017-07-13 21:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-08-08 20:07 - 2017-07-13 21:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-08-08 20:07 - 2017-07-13 21:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-08-08 20:07 - 2017-07-13 21:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-08-08 20:07 - 2017-07-13 21:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-08-08 20:07 - 2017-07-13 21:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-08-08 20:07 - 2017-07-13 21:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-08-08 20:07 - 2017-07-13 21:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-08-08 20:07 - 2017-07-13 21:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-08-08 20:07 - 2017-07-13 21:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-08-08 20:07 - 2017-07-13 21:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-08-08 20:07 - 2017-07-13 21:12 - 000689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-08-08 20:07 - 2017-07-13 21:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-08-08 20:07 - 2017-07-13 21:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-08-08 20:07 - 2017-07-13 21:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-08-08 20:07 - 2017-07-13 20:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-08-08 20:07 - 2017-07-13 20:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-08-08 20:07 - 2017-07-13 20:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-08-08 20:07 - 2017-07-08 10:19 - 000250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-08-08 20:07 - 2017-07-08 09:51 - 002402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-08-08 20:07 - 2017-07-07 10:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-08-08 20:07 - 2017-07-07 10:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-08-08 20:07 - 2017-07-07 10:15 - 000296680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-08-08 20:07 - 2017-07-07 10:15 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-08-08 20:07 - 2017-07-07 10:15 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-08-08 20:07 - 2017-07-07 10:13 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-08-08 20:07 - 2017-07-07 10:10 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-08-08 20:07 - 2017-07-07 10:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-08-08 20:07 - 2017-07-07 10:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-08-08 20:07 - 2017-07-07 10:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-08-08 20:07 - 2017-07-07 10:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-08-08 20:07 - 2017-07-07 10:10 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-08-08 20:07 - 2017-07-07 10:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-08-08 20:07 - 2017-07-07 10:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-08-08 20:07 - 2017-07-07 10:10 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-08-08 20:07 - 2017-07-07 10:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-08-08 20:07 - 2017-07-07 10:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-08-08 20:07 - 2017-07-07 09:52 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-08-08 20:07 - 2017-07-07 09:52 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-08-08 20:07 - 2017-07-07 09:52 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-08-08 20:07 - 2017-07-07 09:52 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-08-08 20:07 - 2017-07-07 09:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-08-08 20:07 - 2017-07-07 09:50 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-08-08 20:07 - 2017-07-07 09:48 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-08-08 20:07 - 2017-07-07 09:48 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-08-08 20:07 - 2017-07-07 09:48 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-08-08 20:07 - 2017-07-07 09:47 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-08-08 20:07 - 2017-07-07 09:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-08-08 20:07 - 2017-07-07 09:47 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-08-08 20:07 - 2017-07-07 09:47 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\system32\mswdat10.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\system32\mswstr10.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\system32\msrepl40.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\system32\msxbde40.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\system32\mspbde40.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\system32\msrd2x40.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\system32\msltus40.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\system32\msjint40.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\msjter40.dll
2017-08-08 08:51 - 2017-08-08 08:51 - 000001611 _____ C:\Users\Public\Desktop\Eagle Browser.lnk
2017-08-08 08:51 - 2017-08-08 08:51 - 000001591 _____ C:\Users\Public\Desktop\Point-of-Sale.lnk
2017-08-08 08:51 - 2017-08-08 08:51 - 000000000 ____D C:\Users\VanBibber-T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eagle Utilities
2017-08-08 08:51 - 2017-08-08 08:51 - 000000000 ____D C:\Users\VanBibber-T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eagle Offline
2017-08-07 15:04 - 2017-08-07 15:04 - 000031061 _____ C:\Addition.txt
2017-08-07 15:00 - 2017-08-07 15:00 - 000000000 ____D C:\av utilities
2017-08-07 14:24 - 2017-08-10 07:36 - 000009953 _____ C:\FRST.txt
2017-08-07 14:24 - 2017-08-10 07:35 - 000000000 ____D C:\FRST
2017-08-07 14:23 - 2017-08-07 13:47 - 001778176 _____ (Farbar) C:\FRST.exe
2017-08-07 10:10 - 2017-08-07 11:31 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-07 10:10 - 2017-08-07 11:21 - 000170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-07 10:10 - 2017-08-07 10:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-07 10:09 - 2017-08-07 11:31 - 000000000 ____D C:\Users\mcgettes-t\Desktop\mbar
2017-08-07 10:09 - 2017-08-07 11:20 - 000094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-08-07 10:08 - 2017-08-07 09:50 - 016563352 _____ (Malwarebytes Corp.) C:\mbar-1.09.3.1001.exe
2017-08-03 08:41 - 2011-06-26 01:45 - 000256000 _____ C:\Windows\PEV.exe
2017-08-03 08:41 - 2010-11-07 12:20 - 000208896 _____ C:\Windows\MBR.exe
2017-08-03 08:41 - 2009-04-19 23:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-08-03 08:41 - 2000-08-30 19:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-08-03 08:41 - 2000-08-30 19:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-08-03 08:41 - 2000-08-30 19:00 - 000098816 _____ C:\Windows\sed.exe
2017-08-03 08:41 - 2000-08-30 19:00 - 000080412 _____ C:\Windows\grep.exe
2017-08-03 08:41 - 2000-08-30 19:00 - 000068096 _____ C:\Windows\zip.exe
2017-08-03 08:39 - 2017-08-03 10:52 - 000000000 ____D C:\Qoobox
2017-08-03 08:39 - 2017-08-03 10:50 - 000000000 ____D C:\Windows\erdnt
2017-08-03 08:38 - 2017-08-03 07:54 - 005659660 ____R (Swearware) C:\ComboFix.exe
2017-07-26 15:29 - 2017-07-26 15:35 - 000000000 ____D C:\ProgramData\HitmanPro
2017-07-26 15:28 - 2017-07-26 15:27 - 011007936 _____ (SurfRight B.V.) C:\HitmanPro.exe
2017-07-26 09:29 - 2017-08-08 14:04 - 000069680 _____ C:\Users\mcgettes-t\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-26 09:29 - 2017-08-08 14:04 - 000002358 __RSH C:\Users\mcgettes-t\ntuser.pol
2017-07-26 09:29 - 2017-08-08 14:04 - 000000000 ____D C:\Users\mcgettes-t
2017-07-26 09:29 - 2017-07-29 16:09 - 000000000 ____D C:\Users\mcgettes-t\AppData\Local\Google
2017-07-26 09:29 - 2017-07-26 15:28 - 000002201 _____ C:\Users\mcgettes-t\Desktop\Google Chrome.lnk
2017-07-26 09:29 - 2017-07-26 09:29 - 000001413 _____ C:\Users\mcgettes-t\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-26 09:29 - 2017-07-26 09:29 - 000000020 ___SH C:\Users\mcgettes-t\ntuser.ini
2017-07-26 09:29 - 2017-07-26 09:29 - 000000000 ____D C:\Users\mcgettes-t\AppData\Roaming\Adobe
2017-07-26 09:29 - 2011-04-11 21:24 - 000000000 ____D C:\Users\mcgettes-t\AppData\Roaming\Media Center Programs
2017-07-21 09:19 - 2017-07-21 09:19 - 000001606 _____ C:\Users\salazar-m\Desktop\Network Configuration.lnk
2017-07-20 09:15 - 2017-07-20 09:15 - 000069680 _____ C:\Users\salazar-m\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-20 09:15 - 2017-07-20 09:15 - 000002201 _____ C:\Users\salazar-m\Desktop\Google Chrome.lnk
2017-07-20 09:15 - 2017-07-20 09:15 - 000002178 __RSH C:\Users\salazar-m\ntuser.pol
2017-07-20 09:15 - 2017-07-20 09:15 - 000001413 _____ C:\Users\salazar-m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-20 09:15 - 2017-07-20 09:15 - 000000020 ___SH C:\Users\salazar-m\ntuser.ini
2017-07-20 09:15 - 2017-07-20 09:15 - 000000000 ____D C:\Users\salazar-m\AppData\Roaming\Adobe
2017-07-20 09:15 - 2017-07-20 09:15 - 000000000 ____D C:\Users\salazar-m\AppData\Local\Google
2017-07-20 09:15 - 2017-07-20 09:15 - 000000000 ____D C:\Users\salazar-m
2017-07-20 09:15 - 2011-04-11 21:24 - 000000000 ____D C:\Users\salazar-m\AppData\Roaming\Media Center Programs
2017-07-12 01:20 - 2017-06-15 15:18 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-12 01:20 - 2017-06-12 17:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-12 01:20 - 2017-06-12 17:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-12 01:20 - 2017-06-12 17:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-12 01:20 - 2017-06-12 17:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-12 01:20 - 2017-06-12 17:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-12 01:20 - 2017-06-12 17:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-12 01:20 - 2017-06-12 17:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-12 01:20 - 2017-06-10 10:39 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-12 01:20 - 2017-06-09 10:17 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-12 01:20 - 2017-06-06 10:12 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-12 01:20 - 2017-05-29 23:39 - 001309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-12 01:20 - 2017-05-29 23:39 - 000240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-12 01:20 - 2017-05-29 23:39 - 000187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-12 01:20 - 2017-05-20 23:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-12 01:20 - 2017-05-16 10:16 - 000730856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-12 01:20 - 2017-05-16 10:16 - 000218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-12 01:20 - 2017-05-16 10:12 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-11 23:31 - 2017-05-03 10:15 - 000081640 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-11 23:31 - 2017-05-03 10:10 - 000987648 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-11 23:31 - 2017-05-03 08:05 - 001327616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-11 23:31 - 2017-05-03 08:05 - 000505856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-11 23:31 - 2017-05-03 08:05 - 000446464 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-11 23:31 - 2017-05-03 08:05 - 000275456 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-11 23:31 - 2017-05-03 08:05 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-11 23:31 - 2017-05-03 08:05 - 000182784 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-11 23:31 - 2017-05-03 08:05 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-11 23:31 - 2017-03-22 21:06 - 001602048 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-10 07:35 - 2010-11-20 16:01 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-10 07:35 - 2009-07-13 23:34 - 000039680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-10 07:35 - 2009-07-13 23:34 - 000039680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-10 07:35 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\inf
2017-08-10 07:30 - 2017-05-26 13:46 - 000002358 __RSH C:\Users\VanBibber-T\ntuser.pol
2017-08-10 07:30 - 2017-05-26 13:46 - 000000000 ____D C:\Users\VanBibber-T
2017-08-10 07:29 - 2017-04-28 15:22 - 000000152 _____ C:\Windows\system32\config\netlogon.ftl
2017-08-10 07:29 - 2009-07-13 23:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-09 12:48 - 2017-04-28 15:36 - 000008444 __RSH C:\ProgramData\ntuser.pol
2017-08-09 06:25 - 2017-05-26 13:46 - 000069680 _____ C:\Users\VanBibber-T\AppData\Local\GDIPFONTCACHEV1.DAT
2017-08-09 01:56 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\rescache
2017-08-09 01:19 - 2009-07-13 23:33 - 000287080 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-09 01:03 - 2017-05-02 06:26 - 000000000 ____D C:\Windows\system32\MRT
2017-08-09 01:01 - 2017-05-02 06:26 - 137505280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-08 08:53 - 2017-04-28 15:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eagle Utilities
2017-08-08 08:53 - 2017-04-28 15:23 - 000000000 ____D C:\3apps
2017-08-08 08:52 - 2017-04-28 15:28 - 000000000 ____D C:\aesServer
2017-08-08 08:51 - 2017-04-28 15:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eagle
2017-08-03 19:27 - 2017-04-28 15:48 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-03 10:49 - 2009-07-13 21:04 - 000000215 _____ C:\Windows\system.ini
2017-08-03 10:31 - 2009-07-13 21:03 - 045088768 _____ C:\Windows\system32\config\SOFTWARE.bak
2017-08-03 10:31 - 2009-07-13 21:03 - 011534336 _____ C:\Windows\system32\config\SYSTEM.bak
2017-08-03 10:31 - 2009-07-13 21:03 - 000262144 _____ C:\Windows\system32\config\SECURITY.bak
2017-08-03 10:31 - 2009-07-13 21:03 - 000262144 _____ C:\Windows\system32\config\SAM.bak
2017-08-03 10:31 - 2009-07-13 21:03 - 000262144 _____ C:\Windows\system32\config\DEFAULT.bak
2017-08-03 08:40 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\Registration
2017-07-31 09:24 - 2017-06-27 09:54 - 000000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-07-26 09:29 - 2009-07-13 23:46 - 000001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-07-12 01:15 - 2017-05-02 03:18 - 000000000 ____D C:\Windows\system32\appraiser
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-01 00:57
 
==================== End of FRST.txt ============================


#10 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:01:03 PM

Posted 10 August 2017 - 09:17 AM

And the new addition.txt too please.



#11 vanbibber

vanbibber
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:03 PM

Posted 10 August 2017 - 10:07 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-08-2017
Ran by vanbibber-t (10-08-2017 07:37:05)
Running from C:\
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2017-04-28 20:16:03)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3795392686-1027691241-4019915128-500 - Administrator - Disabled)
BeakService (S-1-5-21-3795392686-1027691241-4019915128-1001 - Limited - Enabled)
CAC (S-1-5-21-3795392686-1027691241-4019915128-1000 - Limited - Enabled) => C:\Users\hbc
Guest (S-1-5-21-3795392686-1027691241-4019915128-501 - Limited - Disabled)
HBC (S-1-5-21-3795392686-1027691241-4019915128-1002 - Limited - Enabled) => C:\Users\HBC.CAC
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: SonicWall Enforced Client-AntiVirus (Enabled - Up to date) {8F284F92-0627-4F3F-515B-CFCC0C1DF38D}
AS: SonicWall Enforced Client-AntiSpyware (Enabled - Up to date) {3449AE76-201D-40B1-6BEB-F4BE779AB930}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
.NET Framework 4.0 Bootstrapper  26.0856.110 (HKLM\...\{1ad37d0d-4c57-4926-b20b-6059b2c6f0f0}) (Version: 15.140.22830 - Epicor Software Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Eagle e4wDrivers 26.0856.110 (HKLM\...\{27C00D87-C36C-4C8D-8E41-7D6677DE2582}) (Version: 15.140.22830 - Epicor Software Corporation) Hidden
Eagle e4wVB6AppsReg 26.0856.110 (HKLM\...\{C6395AD8-1564-4C7D-926A-94791A80AA17}) (Version: 15.140.22830 - Epicor Software Corporation) Hidden
Eagle eConnect 03.0367.001 (HKLM\...\{D06149A4-52CF-4B01-BFD0-3A7F7A904E89}) (Version: 1.207.23833 - Epicor Software Corporation)
Eagle for Windows (HKLM\...\Eagle for Windows) (Version:  - Epicor Software Corporation)
Eagle MasterInstall 26.0856.110 (HKLM\...\{CD61F48C-4432-4E3F-B919-18B2A5E2EE87}) (Version: 15.140.22830 - Epicor Software Corporation) Hidden
Epicor Compass (HKLM\...\{5E86BDAE-BEAB-4E26-BC3D-05EB5D053EC0}) (Version: 14.0.1880 - Epicor Software Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
LaserCat 3 (HKLM\...\{A97D30A2-E40D-4DFF-B9B8-AB7C25B25BE9}) (Version: 3.4.1.2B - CCITriad)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
SonicWALL Enforced Client (HKLM\...\{5A5187B5-5F34-4A32-8CAB-86E232E45E4D}) (Version: 1.9.52 - SonicWALL)
SonicWALL Enforced Client Kaspersky AV (HKLM\...\{A04119BF-4709-41EA-9947-4F5A999B332D}) (Version: 2.0.2 - SonicWALL)
TightVNC (HKLM\...\{D903B276-81AE-4AED-AEF9-45DACFBF16CE}) (Version: 2.7.10.0 - GlavSoft LLC.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\system32\EhStorShell.dll [2009-07-13] (MicrosoftCorporation)
ShellIconOverlayIdentifiers: [Offline Files] -> {4E77131D-3629-431c-9818-C5679DC83E81} => C:\Windows\System32\cscui.dll [2010-11-20] (MicrosoftCorporation)
ShellIconOverlayIdentifiers: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => C:\Windows\system32\ntshrui.dll [2012-01-04] (MicrosoftCorporation)
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => C:\Windows\system32\syncui.dll [2010-11-20] (MicrosoftCorporation)
ContextMenuHandlers1: [Open With] -> {09799AFB-AD67-11d1-ABCD-00C04FC30936} => C:\Windows\system32\shell32.dll [2017-05-10] (MicrosoftCorporation)
ContextMenuHandlers1: [Open With EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} => C:\Windows\system32\shell32.dll [2017-05-10] (MicrosoftCorporation)
ContextMenuHandlers1: [SECShellExt] -> {10232C27-DE8B-41fd-8F9D-F27DF4928393} => C:\Program Files\SonicWALL\SonicWALL Enforced Client\SECShellExt.dll [2017-03-15] (SonicWallInc.)
ContextMenuHandlers1: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\Windows\system32\ntshrui.dll [2012-01-04] (MicrosoftCorporation)
ContextMenuHandlers2: [EnhancedStorageShell] -> {2854F705-3548-414C-A113-93E27C808C85} => C:\Windows\system32\EhStorShell.dll [2009-07-13] (MicrosoftCorporation)
ContextMenuHandlers2: [SECShellExt] -> {10232C27-DE8B-41fd-8F9D-F27DF4928393} => C:\Program Files\SonicWALL\SonicWALL Enforced Client\SECShellExt.dll [2017-03-15] (SonicWallInc.)
ContextMenuHandlers2: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\Windows\system32\ntshrui.dll [2012-01-04] (MicrosoftCorporation)
ContextMenuHandlers3: [CopyAsPathMenu] -> {f3d06e7c-1e45-4a26-847e-f9fcdee59be0} => C:\Windows\system32\shell32.dll [2017-05-10] (MicrosoftCorporation)
ContextMenuHandlers3: [SECShellExt] -> {10232C27-DE8B-41fd-8F9D-F27DF4928393} => C:\Program Files\SonicWALL\SonicWALL Enforced Client\SECShellExt.dll [2017-03-15] (SonicWallInc.)
ContextMenuHandlers3: [SendTo] -> {7BA4C740-9E81-11CF-99D3-00AA004AE837} => C:\Windows\system32\shell32.dll [2017-05-10] (MicrosoftCorporation)
ContextMenuHandlers4: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} => C:\Windows\system32\shell32.dll [2017-05-10] (MicrosoftCorporation)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => C:\Windows\System32\cscui.dll [2010-11-20] (MicrosoftCorporation)
ContextMenuHandlers4: [SECShellExt] -> {10232C27-DE8B-41fd-8F9D-F27DF4928393} => C:\Program Files\SonicWALL\SonicWALL Enforced Client\SECShellExt.dll [2017-03-15] (SonicWallInc.)
ContextMenuHandlers4: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\Windows\system32\ntshrui.dll [2012-01-04] (MicrosoftCorporation)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => C:\Program Files\Windows Sidebar\sbdrop.dll [2009-07-13] (MicrosoftCorporation)
ContextMenuHandlers5: [New] -> {D969A300-E7FF-11d0-A93B-00A0C90F2719} => C:\Windows\system32\shell32.dll [2017-05-10] (MicrosoftCorporation)
ContextMenuHandlers5: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\Windows\system32\ntshrui.dll [2012-01-04] (MicrosoftCorporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => C:\Windows\system32\syncui.dll [2010-11-20] (MicrosoftCorporation)
ContextMenuHandlers6: [Library Location] -> {3dad6c5d-2167-4cae-9914-f99e41c12cfa} => C:\Windows\system32\shell32.dll [2017-05-10] (MicrosoftCorporation)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => C:\Windows\System32\cscui.dll [2010-11-20] (MicrosoftCorporation)
ContextMenuHandlers6: [SECShellExt] -> {10232C27-DE8B-41fd-8F9D-F27DF4928393} => C:\Program Files\SonicWALL\SonicWALL Enforced Client\SECShellExt.dll [2017-03-15] (SonicWallInc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1219F7F2-3093-48F7-920E-9D7EBFA9C29E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {2375F586-1009-41FB-B54E-30D8AF2B781D} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe [2009-07-13] (MicrosoftCorporation)
Task: {2890A467-F43F-4AEE-85A3-AE703AF50989} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (MicrosoftCorporation)
Task: {29064243-6313-4F35-9BD1-E65267AB7D4A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-04-28] (GoogleInc.)
Task: {2C59ECAF-3A27-4640-9F4B-519B05BDD70F} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\Windows\system32\lpremove.exe [2010-11-20] (MicrosoftCorporation)
Task: {32FBCD9D-CC9D-45A3-9821-09C59BEFCA4C} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2017-05-03] (MicrosoftCorporation)
Task: {46F2DE15-FF0E-434A-A382-DA1624B00759} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (MicrosoftCorporation)
Task: {523CEA57-701E-43C1-8350-675042D50C1B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {526F7BEE-33F0-4ED5-A612-ADDC42BD9307} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe [2010-11-20] (MicrosoftCorporation)
Task: {53E481B3-B4E7-48DC-AFC6-31C017551960} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {5A2F7011-F511-4541-A9A4-109CED3CF3F3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification => C:\Windows\System32\sdclt.exe [2010-11-20] (MicrosoftCorporation)
Task: {5DF43977-6A6B-4B7E-A146-59B0357D0334} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (PiriformLtd)
Task: {60158C7A-6808-42CD-95EE-AFD9A57925DB} - System32\Tasks\Microsoft\Windows\AppID\PolicyConverter => C:\Windows\system32\appidpolicyconverter.exe [2017-07-07] (MicrosoftCorporation)
Task: {60B15620-FEEB-41F7-9862-73C39E3A32A7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {645D309C-D299-419B-88EB-063DB2C581D2} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (MicrosoftCorporation)
Task: {6B7AC694-8D6D-481B-9DD8-2A3A741ADA6D} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem => C:\Windows\System32\powercfg.exe [2009-07-13] (MicrosoftCorporation)
Task: {70A8956F-3F87-41BB-B6D5-ACE8199C9EAE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe [2010-11-20] (MicrosoftCorporation)
Task: {731E9C62-95B5-4C8C-AB64-4CC591C9FF5B} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2009-07-13] (MicrosoftCorporation)
Task: {7D3C7871-A917-4EF0-82E8-5F0A96423051} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\system32\BthUdTask.exe [2009-07-13] (MicrosoftCorporation)
Task: {83C003BE-83B4-4A85-9ED2-98E59FE2FB0E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {882053AD-06B6-440F-B5B2-64F2C951CF6D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {89DD175C-99B3-4CC0-BD70-8C8FC268DE59} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {99D72257-F664-4C13-A819-FD0CA9B1CEDF} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {A6394592-54CE-4E93-8D64-1A068F462632} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\Windows\System32\wsqmcons.exe [2010-11-20] (MicrosoftCorporation)
Task: {AC1552F3-D94C-4693-8EFA-D6FEEF2094D9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {B3CC9132-D346-44DD-A44E-12C1FC72F3C0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {B71A9623-E2C7-4E84-B0BA-222FF13162A2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {B9BEE219-C29E-4310-819C-147A5A0E045E} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\Windows\system32\defrag.exe [2009-07-13] (MicrosoftCorp.)
Task: {BC298592-3399-4C1F-BDC2-B4DB9AB5163B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (MicrosoftCorporation)
Task: {C90440A0-6D8F-423F-8F42-83EEF05CE708} - System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck => C:\Windows\system32\appidcertstorecheck.exe [2017-07-07] (MicrosoftCorporation)
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\system32\aitagent.exe [2010-11-20] (MicrosoftCorporation)
Task: {D50E00EA-3FA8-4718-9005-A2873E71C9C4} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {DA584D85-54EC-4E99-9E84-CAE593EBD0EA} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2016-03-23] (MicrosoftCorporation)
Task: {DE8699D2-8A05-42F7-8A85-5162AF47D26A} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\Windows\system32\wermgr.exe [2017-07-14] (MicrosoftCorporation)
Task: {E4F5CA62-93C0-40A9-B677-1EB527C6F1F8} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\Windows\system32\DFDWiz.exe [2009-07-13] (MicrosoftCorporation)
Task: {EFD15602-1256-41C7-A55D-6B231086653C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-04-28] (GoogleInc.)
Task: {F6850B69-7449-4C36-AEFF-DD8F9A269385} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe [2010-11-20] (MicrosoftCorporation)
Task: {F93C7104-998A-4A38-B935-775A3138B3C3} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotifications.exe [2009-07-13] (MicrosoftCorporation)
Task: {FE4778B9-7B93-4000-B20C-7813897382EC} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (MicrosoftCorporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-08-10 04:55 - 2017-08-10 04:55 - 000120320 _____ () C:\Windows\system32\storageshed.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2017-08-03 10:49 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3039522607-814947754-2739937932-1104\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 10.95.3.254 - 10.95.3.250
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{E926E57D-011D-4F63-BCC5-FFCFDC28D091}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{CE504808-152F-4073-8BB9-0F8E7C4D30C6}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{AB3FBA72-52C3-4476-9A38-230DBE05659B}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{31EE9EAB-B71B-422A-BC4E-348D016C2597}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe
FirewallRules: [{15321A36-A24B-4008-A553-C0EFF4D1FB29}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{12DB80DF-ECEF-41A1-8E11-F54588B06430}] => (Allow) LPort=59152
FirewallRules: [{13B956C5-16E6-4FC1-96DD-B4A387722989}] => (Allow) LPort=59152
FirewallRules: [{26A84E41-8665-41BB-9DB4-B05BFDEA6877}] => (Allow) LPort=59152
FirewallRules: [{6B4BD414-3F08-4384-994B-1E5283C3B0D5}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
09-08-2017 01:00:12 Windows Update
10-08-2017 07:28:22 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/10/2017 07:31:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e38
 
Start Time: 01d311d4708e005c
 
Termination Time: 47897
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: bddbd057-7dc7-11e7-a53d-00155d036402
 
Error: (08/10/2017 07:31:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/10/2017 07:28:21 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d10efd75-87d4-44bc-929b-bba9bab6c712}
 
Error: (08/09/2017 07:31:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/09/2017 06:35:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/09/2017 01:30:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/08/2017 06:43:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SetHosts.exe version 14.0.0.1880 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 10a0
 
Start Time: 01d3103b3c6588b6
 
Termination Time: 0
 
Application Path: C:\Program Files\Epicor\Analytics\Eagle\SetHosts.exe
 
Report Id: b2b6a37f-7c2e-11e7-924b-00155d036402
 
Error: (08/08/2017 06:42:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompassSchedulerService.exe, version: 14.0.0.1880, time stamp: 0x575eeb07
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23775, time stamp: 0x58f4dbfb
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0x748
Faulting application start time: 0x01d3103b2314e766
Faulting application path: C:\Program Files\Epicor\Analytics\Eagle\CompassSchedulerService.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: ada30ecc-7c2e-11e7-924b-00155d036402
 
Error: (08/08/2017 06:42:38 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CompassSchedulerService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
   at Norris.CompassSchedulerService.Scheduler.SchedulerRunThread()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (08/08/2017 06:42:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (08/10/2017 07:29:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the storageshed service to connect.
 
Error: (08/10/2017 04:55:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the storageshed service to connect.
 
Error: (08/09/2017 11:25:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the storageshed service to connect.
 
Error: (08/09/2017 03:09:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the storageshed service to connect.
 
Error: (08/09/2017 03:09:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the 1279936114 service to connect.
 
Error: (08/09/2017 03:03:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the storageshed service to connect.
 
Error: (08/09/2017 03:03:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the 17742765 service to connect.
 
Error: (08/09/2017 02:57:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the storageshed service to connect.
 
Error: (08/09/2017 02:57:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the 183803107 service to connect.
 
Error: (08/09/2017 02:54:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the storageshed service to connect.
 
 
CodeIntegrity:
===================================
  Date: 2017-05-29 10:55:52.356
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-29 10:28:41.814
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-26 16:00:46.687
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-26 14:55:21.925
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-26 14:46:40.906
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-26 14:36:02.284
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-26 14:12:14.751
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-26 13:54:49.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-26 13:46:46.384
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon® CPU E7- 4870 @ 2.40GHz
Percentage of memory in use: 28%
Total physical RAM: 3967.55 MB
Available physical RAM: 2834.74 MB
Total Virtual: 7933.43 MB
Available Virtual: 6849.13 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:39.9 GB) (Free:19.82 GB) NTFS
Drive u: () (Network) (Total:500.66 GB) (Free:237.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 40 GB) (Disk ID: D400E35D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=39.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#12 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:01:03 PM

Posted 11 August 2017 - 02:17 AM

Hi Tim,

 

i5r8d1.jpg  Please create a new text file located in the same directory as FRST.exe, copy these lines into it and then save it.

CreateRestorePoint:
S2 storageshed; C:\Windows\system32\storageshed.exe [120320 2017-08-10] () [File not signed]
C:\Windows\system32\storageshed.exe
S2 1031926723; %SystemRoot%\12380632.exe [X]
S2 1252881079; %SystemRoot%\9890264.exe [X]
S2 1275723962; %SystemRoot%\9234904.exe [X]
S2 1279936114; %SystemRoot%\9038296.exe [X]
S2 17742765; %SystemRoot%\15788224.exe [X]
S2 181101685; %SystemRoot%\24046040.exe [X]
S2 183803107; %SystemRoot%\19327448.exe [X]
S2 22361214; %SystemRoot%\22866392.exe [X]
S2 45778352; %SystemRoot%\9038296.exe [X]
S2 48480992; %SystemRoot%\19524056.exe [X]
S2 53196668; %SystemRoot%\22604248.exe [X]
S2 627153066; %SystemRoot%\21686744.exe [X]
S2 630167645; %SystemRoot%\22014424.exe [X]
Reg: reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc /v Start /t REG_DWORD /d 0x2 /f
cmd: NetSh Advfirewall set allprofiles state on
  • Now name that file fixlist.txt
  • Please run FRST
  • Click the "fix" button.
  • Your PC may restart automatically to complete the fix.
  • Please note the removal log.

 

 

i5r8d1.jpg  Please run Farbar Recovery Scan Tool again.

  • Click Yes to allow the application
  • Click Scan, wait for the log to appear
  • Copy and paste the results into your next reply.

 

 

Please include in your reply

  • FRST fixlog
  • FRST scan log
  • FRST addition

Is the machine behaving correctly now?

 

John


Edited by TsVk!, 11 August 2017 - 02:18 AM.


#13 vanbibber

vanbibber
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:03 PM

Posted 11 August 2017 - 07:44 AM

Fix result of Farbar Recovery Scan Tool (x86) Version: 06-08-2017
Ran by vanbibber-t (11-08-2017 07:33:13) Run:2
Running from C:\
Loaded Profiles: vanbibber-t & mcgettes-t (Available Profiles: vanbibber-t & salazar-m & mcgettes-t & CAC & HBC)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
S2 storageshed; C:\Windows\system32\storageshed.exe [120320 2017-08-10] () [File not signed]
C:\Windows\system32\storageshed.exe
S2 1031926723; %SystemRoot%\12380632.exe [X]
S2 1252881079; %SystemRoot%\9890264.exe [X]
S2 1275723962; %SystemRoot%\9234904.exe [X]
S2 1279936114; %SystemRoot%\9038296.exe [X]
S2 17742765; %SystemRoot%\15788224.exe [X]
S2 181101685; %SystemRoot%\24046040.exe [X]
S2 183803107; %SystemRoot%\19327448.exe [X]
S2 22361214; %SystemRoot%\22866392.exe [X]
S2 45778352; %SystemRoot%\9038296.exe [X]
S2 48480992; %SystemRoot%\19524056.exe [X]
S2 53196668; %SystemRoot%\22604248.exe [X]
S2 627153066; %SystemRoot%\21686744.exe [X]
S2 630167645; %SystemRoot%\22014424.exe [X]
Reg: reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc /v Start /t REG_DWORD /d 0x2 /f
cmd: NetSh Advfirewall set allprofiles state on
 
*****************
 
Restore point was successfully created.
HKLM\System\CurrentControlSet\Services\storageshed => key removed successfully.
storageshed => service removed successfully.
C:\Windows\system32\storageshed.exe => moved successfully
1031926723 => service not found.
1252881079 => service not found.
1275723962 => service not found.
1279936114 => service not found.
17742765 => service not found.
181101685 => service not found.
183803107 => service not found.
22361214 => service not found.
45778352 => service not found.
48480992 => service not found.
53196668 => service not found.
627153066 => service not found.
630167645 => service not found.
 
========= reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc /v Start /t REG_DWORD /d 0x2 /f =========
 
The operation completed successfully.
 
 
========= End of Reg: =========
 
 
========= NetSh Advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
==== End of Fixlog 07:33:29 ====
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-08-2017
Ran by vanbibber-t (administrator) on CAC (11-08-2017 07:35:07)
Running from C:\
Loaded Profiles: vanbibber-t & mcgettes-t (Available Profiles: vanbibber-t & salazar-m & mcgettes-t & CAC & HBC)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\vmicsvc.exe
(Microsoft Corporation) C:\Windows\System32\vmicsvc.exe
(Microsoft Corporation) C:\Windows\System32\vmicsvc.exe
(Microsoft Corporation) C:\Windows\System32\vmicsvc.exe
(Microsoft Corporation) C:\Windows\System32\vmicsvc.exe
(Epicor Software Corporation) C:\Program Files\Epicor\Analytics\Eagle\CompassSchedulerService.exe
(Epicor Software Corporation) C:\Program Files\Epicor\Analytics\Eagle\EagleClientProfilesService.exe
(SonicWall Inc.) C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWECLOG.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(SonicWall Inc.) C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWEC.exe
(SonicWall Inc.) C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWECAV.exe
(Epicor Software Corporation) C:\Program Files\Epicor\eConnect\eConnectTaskService.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Epicor Software Corporation) C:\Program Files\Epicor\eConnect\eConnectTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(SonicWall Inc.) C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWDash.exe
(Epicor Software Corporation) C:\Program Files\Epicor\Analytics\Eagle\Conductor.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Epicor Software Corporation) C:\Program Files\Epicor\eConnect\eConnectTray.exe
(SonicWall Inc.) C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWDash.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
() C:\FRST\Quarantine\C\Windows\System32\storageshed.exe.xBAD
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [1690096 2013-07-19] (GlavSoftLLC.)
HKLM\...\Run: [Eagle eConnect Tray Monitor] => C:\Program Files\Epicor\eConnect\eConnectTray.exe [28160 2016-10-12] (EpicorSoftwareCorporation)
HKLM\...\Run: [ECM Dashboard] => C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWDash.exe [10721280 2017-03-15] (SonicWallInc.)
HKU\S-1-5-21-3039522607-814947754-2739937932-1104\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7658200 2017-06-30] (PiriformLtd)
HKU\S-1-5-21-3039522607-814947754-2739937932-1104\...\Policies\system: [NoColorChoice] 1
HKU\S-1-5-21-3039522607-814947754-2739937932-1104\...\Policies\system: [NoVisualStyleChoice] 1
HKU\S-1-5-21-3039522607-814947754-2739937932-1104\...\Policies\Explorer: [NoThemesTab] 1
HKU\S-1-5-21-3039522607-814947754-2739937932-1165\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7658200 2017-06-30] (PiriformLtd)
HKU\S-1-5-21-3039522607-814947754-2739937932-1165\...\Policies\system: [NoColorChoice] 1
HKU\S-1-5-21-3039522607-814947754-2739937932-1165\...\Policies\system: [NoVisualStyleChoice] 1
HKU\S-1-5-21-3039522607-814947754-2739937932-1165\...\Policies\Explorer: [NoThemesTab] 1
Startup: C:\Users\hbc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eagle Listener.lnk [2017-04-28]
ShortcutTarget: Eagle Listener.lnk -> C:\3apps\Catapult\3listen.exe (Epicor Software Corporation)
Startup: C:\Users\hbc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eagle Scheduler.lnk [2017-04-28]
ShortcutTarget: Eagle Scheduler.lnk -> C:\3apps\Catapult\Sched.exe (Epicor Software Corporation)
Startup: C:\Users\VanBibber-T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eagle Listener.lnk [2017-08-08]
ShortcutTarget: Eagle Listener.lnk -> C:\3apps\Catapult\3listen.exe (Epicor Software Corporation)
Startup: C:\Users\VanBibber-T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eagle Scheduler.lnk [2017-08-08]
ShortcutTarget: Eagle Scheduler.lnk -> C:\3apps\Catapult\Sched.exe (Epicor Software Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{BB852057-B039-47BF-8D0C-67FFD445374A}: [NameServer] 10.95.3.254,10.95.3.250,8.8.8.8
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3039522607-814947754-2739937932-1104\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3039522607-814947754-2739937932-1165\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
DPF: {CB7FBF9A-F0FE-4DF2-AFDD-4EA305116E3B} hxxp://software.sonicwall.com/applications/SEC/ClientSoftware/SWECMControlX.cab
 
FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\VanBibber-T\AppData\Local\Google\Chrome\User Data\Default [2017-08-10]
CHR Extension: (Docs) - C:\Users\VanBibber-T\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-26]
CHR Extension: (No Name) - C:\Users\VanBibber-T\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-26]
CHR Extension: (No Name) - C:\Users\VanBibber-T\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-26]
CHR Extension: (No Name) - C:\Users\VanBibber-T\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\VanBibber-T\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-26]
CHR Extension: (No Name) - C:\Users\VanBibber-T\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-26]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 147195710; C:\Windows\25356760.exe [254976 2017-08-11] () [File not signed]
S2 36817827; C:\Windows\13035992.exe [254976 2017-08-11] () [File not signed]
S2 53363246; C:\Windows\27716056.exe [213504 2017-08-10] () [File not signed]
S2 62485607; C:\Windows\11135448.exe [254976 2017-08-11] () [File not signed]
R2 CompassScheduler; C:\Program Files\Epicor\Analytics\Eagle\CompassSchedulerService.exe [189952 2016-06-13] (EpicorSoftwareCorporation) [File not signed]
R2 EagleClientProfiles; C:\Program Files\Epicor\Analytics\Eagle\EagleClientProfilesService.exe [163840 2016-06-13] (EpicorSoftwareCorporation) [File not signed]
S3 eConnect.ListenerService; C:\Program Files\Epicor\eConnect\eConnectListenerService.exe [17920 2016-10-12] (EpicorSoftwareCorporation) [File not signed]
R2 eConnect.TaskService; C:\Program Files\Epicor\eConnect\eConnectTaskService.exe [18944 2016-10-12] (EpicorSoftwareCorporation) [File not signed]
S3 Norris Tasks; C:\Program Files\Epicor\Analytics\Eagle\NorrisTaskService.exe [103424 2016-06-13] (EpicorSoftwareCorporation) [File not signed]
R2 SEC; C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWEC.exe [970240 2017-03-15] (SonicWallInc.) [File not signed]
R2 SECAV; C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWECAV.exe [2078272 2017-03-14] (SonicWallInc.)
R2 SECLOG; C:\Program Files\SonicWALL\SonicWALL Enforced Client\SWECLOG.exe [318392 2017-03-15] (SonicWallInc.)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [1690096 2013-07-19] (GlavSoftLLC.)
R2 vmicheartbeat; C:\Windows\system32\vmicsvc.exe [215552 2010-11-20] (MicrosoftCorporation)
R2 vmickvpexchange; C:\Windows\system32\vmicsvc.exe [215552 2010-11-20] (MicrosoftCorporation)
R2 vmicshutdown; C:\Windows\system32\vmicsvc.exe [215552 2010-11-20] (MicrosoftCorporation)
R2 vmictimesync; C:\Windows\system32\vmicsvc.exe [215552 2010-11-20] (MicrosoftCorporation)
R2 vmicvss; C:\Windows\system32\vmicsvc.exe [215552 2010-11-20] (MicrosoftCorporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (MicrosoftCorporation)
S2 100361355; %SystemRoot%\12773848.exe [X]
S2 100652905; %SystemRoot%\22604248.exe [X]
S2 100679379; %SystemRoot%\11004376.exe [X]
S2 119008123; %SystemRoot%\36039128.exe [X]
S2 119359937; %SystemRoot%\23390680.exe [X]
S2 139888498; %SystemRoot%\37743064.exe [X]
S2 139898545; %SystemRoot%\16181720.exe [X]
S2 140023127; %SystemRoot%\20376024.exe [X]
S2 140238315; %SystemRoot%\37743064.exe [X]
S2 140364208; %SystemRoot%\29747672.exe [X]
S2 164750877; %SystemRoot%\24570328.exe [X]
S2 169134021; %SystemRoot%\23718360.exe [X]
S2 169556176; %SystemRoot%\28568024.exe [X]
S2 169915914; %SystemRoot%\9169368.exe [X]
S2 172271484; %SystemRoot%\30271888.exe [X]
S2 187085759; %SystemRoot%\24963544.exe [X]
S2 201250531; %SystemRoot%\22997392.exe [X]
S2 32737215; %SystemRoot%\24504792.exe [X]
S2 46180414; %SystemRoot%\19982808.exe [X]
S2 48710469; %SystemRoot%\9300440.exe [X]
S2 516728109; %SystemRoot%\24439440.exe [X]
S2 53188681; %SystemRoot%\11200984.exe [X]
S2 53698008; %SystemRoot%\20965848.exe [X]
S2 53914538; %SystemRoot%\39643608.exe [X]
S2 54359921; %SystemRoot%\24242648.exe [X]
S2 66123270; %SystemRoot%\14936536.exe [X]
S2 71252671; %SystemRoot%\9365976.exe [X]
S2 76848338; %SystemRoot%\26274264.exe [X]
S2 83015557; %SystemRoot%\25291224.exe [X]
S2 83068145; %SystemRoot%\12839384.exe [X]
S2 83135491; %SystemRoot%\10873304.exe [X]
S2 83150919; %SystemRoot%\12511704.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [15952 2009-07-13] (CMDTechnology,Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [165296 2016-08-25] (AOKasperskyLab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141136 2016-08-25] (AOKasperskyLab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [111440 2016-08-25] (AOKasperskyLab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [786256 2016-08-25] (AOKasperskyLab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [108888 2016-08-25] (AOKasperskyLab)
R3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (MicrosoftCorporation)
R3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (MicrosoftCorporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-11 00:25 - 2017-08-11 00:24 - 000254976 _____ C:\Windows\13035992.exe
2017-08-11 00:24 - 2017-08-11 00:23 - 000254976 _____ C:\Windows\25356760.exe
2017-08-11 00:24 - 2017-08-11 00:23 - 000254976 _____ C:\Windows\11135448.exe
2017-08-10 16:08 - 2017-08-10 16:06 - 000213504 _____ C:\Windows\27716056.exe
2017-08-10 13:40 - 2017-08-10 13:40 - 000000000 ____D C:\Users\mcgettes-t\AppData\Local\VirtualStore
2017-08-10 07:55 - 2017-08-10 07:55 - 000000000 ____D C:\Users\VanBibber-T\AppData\Local\VirtualStore
2017-08-10 07:32 - 2017-08-10 07:33 - 000000278 _____ C:\reset_permission.reg
2017-08-10 07:28 - 2017-08-11 07:33 - 000002270 _____ C:\Fixlog.txt
2017-08-08 20:07 - 2017-07-29 09:50 - 000074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-08-08 20:07 - 2017-07-21 09:26 - 000518144 _____ C:\Windows\system32\msjetoledb40.dll
2017-08-08 20:07 - 2017-07-21 09:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\system32\msexch40.dll
2017-08-08 20:07 - 2017-07-21 09:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\system32\msjtes40.dll
2017-08-08 20:07 - 2017-07-21 09:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\system32\mstext40.dll
2017-08-08 20:07 - 2017-07-15 12:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-08-08 20:07 - 2017-07-14 10:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-08-08 20:07 - 2017-07-14 10:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-08-08 20:07 - 2017-07-14 10:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-08-08 20:07 - 2017-07-14 10:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-08-08 20:07 - 2017-07-14 10:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-08-08 20:07 - 2017-07-14 10:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-08-08 20:07 - 2017-07-14 10:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-08-08 20:07 - 2017-07-14 10:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-08-08 20:07 - 2017-07-14 10:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-08-08 20:07 - 2017-07-14 10:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-08-08 20:07 - 2017-07-14 10:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-08-08 20:07 - 2017-07-14 10:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-08-08 20:07 - 2017-07-14 09:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-08-08 20:07 - 2017-07-14 09:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-08-08 20:07 - 2017-07-14 09:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-08-08 20:07 - 2017-07-14 09:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-08-08 20:07 - 2017-07-13 22:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-08-08 20:07 - 2017-07-13 22:00 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-08-08 20:07 - 2017-07-13 21:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-08-08 20:07 - 2017-07-13 21:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-08-08 20:07 - 2017-07-13 21:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-08-08 20:07 - 2017-07-13 21:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-08-08 20:07 - 2017-07-13 21:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-08-08 20:07 - 2017-07-13 21:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-08-08 20:07 - 2017-07-13 21:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-08-08 20:07 - 2017-07-13 21:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-08-08 20:07 - 2017-07-13 21:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-08-08 20:07 - 2017-07-13 21:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-08-08 20:07 - 2017-07-13 21:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-08-08 20:07 - 2017-07-13 21:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-08-08 20:07 - 2017-07-13 21:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-08-08 20:07 - 2017-07-13 21:38 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-08-08 20:07 - 2017-07-13 21:33 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-08-08 20:07 - 2017-07-13 21:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-08-08 20:07 - 2017-07-13 21:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-08-08 20:07 - 2017-07-13 21:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-08-08 20:07 - 2017-07-13 21:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-08-08 20:07 - 2017-07-13 21:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-08-08 20:07 - 2017-07-13 21:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-08-08 20:07 - 2017-07-13 21:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-08-08 20:07 - 2017-07-13 21:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-08-08 20:07 - 2017-07-13 21:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-08-08 20:07 - 2017-07-13 21:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-08-08 20:07 - 2017-07-13 21:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-08-08 20:07 - 2017-07-13 21:12 - 000689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-08-08 20:07 - 2017-07-13 21:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-08-08 20:07 - 2017-07-13 21:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-08-08 20:07 - 2017-07-13 21:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-08-08 20:07 - 2017-07-13 20:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-08-08 20:07 - 2017-07-13 20:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-08-08 20:07 - 2017-07-13 20:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-08-08 20:07 - 2017-07-08 10:19 - 000250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-08-08 20:07 - 2017-07-08 09:51 - 002402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-08-08 20:07 - 2017-07-07 10:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-08-08 20:07 - 2017-07-07 10:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-08-08 20:07 - 2017-07-07 10:15 - 000296680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-08-08 20:07 - 2017-07-07 10:15 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-08-08 20:07 - 2017-07-07 10:15 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-08-08 20:07 - 2017-07-07 10:13 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-08-08 20:07 - 2017-07-07 10:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-08-08 20:07 - 2017-07-07 10:10 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-08-08 20:07 - 2017-07-07 10:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-08-08 20:07 - 2017-07-07 10:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-08-08 20:07 - 2017-07-07 10:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-08-08 20:07 - 2017-07-07 10:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-08-08 20:07 - 2017-07-07 10:10 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-08-08 20:07 - 2017-07-07 10:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-08-08 20:07 - 2017-07-07 10:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-08-08 20:07 - 2017-07-07 10:10 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-08-08 20:07 - 2017-07-07 10:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-08-08 20:07 - 2017-07-07 10:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-08-08 20:07 - 2017-07-07 09:52 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-08-08 20:07 - 2017-07-07 09:52 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-08-08 20:07 - 2017-07-07 09:52 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-08-08 20:07 - 2017-07-07 09:52 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-08-08 20:07 - 2017-07-07 09:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-08-08 20:07 - 2017-07-07 09:50 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-08-08 20:07 - 2017-07-07 09:48 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-08-08 20:07 - 2017-07-07 09:48 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-08-08 20:07 - 2017-07-07 09:48 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-08-08 20:07 - 2017-07-07 09:47 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-08-08 20:07 - 2017-07-07 09:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-08-08 20:07 - 2017-07-07 09:47 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-08-08 20:07 - 2017-07-07 09:47 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\system32\mswdat10.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\system32\mswstr10.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\system32\msrepl40.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\system32\msxbde40.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\system32\mspbde40.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\system32\msrd2x40.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\system32\msltus40.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\system32\msjint40.dll
2017-08-08 20:07 - 2017-07-01 08:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\msjter40.dll
2017-08-08 08:51 - 2017-08-08 08:51 - 000001611 _____ C:\Users\Public\Desktop\Eagle Browser.lnk
2017-08-08 08:51 - 2017-08-08 08:51 - 000001591 _____ C:\Users\Public\Desktop\Point-of-Sale.lnk
2017-08-08 08:51 - 2017-08-08 08:51 - 000000000 ____D C:\Users\VanBibber-T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eagle Utilities
2017-08-08 08:51 - 2017-08-08 08:51 - 000000000 ____D C:\Users\VanBibber-T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eagle Offline
2017-08-07 15:04 - 2017-08-10 07:37 - 000029717 _____ C:\Addition.txt
2017-08-07 15:00 - 2017-08-07 15:00 - 000000000 ____D C:\av utilities
2017-08-07 14:24 - 2017-08-11 07:35 - 000012019 _____ C:\FRST.txt
2017-08-07 14:24 - 2017-08-11 07:35 - 000000000 ____D C:\FRST
2017-08-07 14:23 - 2017-08-07 13:47 - 001778176 _____ (Farbar) C:\FRST.exe
2017-08-07 10:10 - 2017-08-07 11:31 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-07 10:10 - 2017-08-07 11:21 - 000170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-07 10:10 - 2017-08-07 10:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-07 10:09 - 2017-08-07 11:31 - 000000000 ____D C:\Users\mcgettes-t\Desktop\mbar
2017-08-07 10:09 - 2017-08-07 11:20 - 000094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-08-07 10:08 - 2017-08-07 09:50 - 016563352 _____ (Malwarebytes Corp.) C:\mbar-1.09.3.1001.exe
2017-08-03 08:41 - 2011-06-26 01:45 - 000256000 _____ C:\Windows\PEV.exe
2017-08-03 08:41 - 2010-11-07 12:20 - 000208896 _____ C:\Windows\MBR.exe
2017-08-03 08:41 - 2009-04-19 23:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-08-03 08:41 - 2000-08-30 19:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-08-03 08:41 - 2000-08-30 19:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-08-03 08:41 - 2000-08-30 19:00 - 000098816 _____ C:\Windows\sed.exe
2017-08-03 08:41 - 2000-08-30 19:00 - 000080412 _____ C:\Windows\grep.exe
2017-08-03 08:41 - 2000-08-30 19:00 - 000068096 _____ C:\Windows\zip.exe
2017-08-03 08:39 - 2017-08-03 10:52 - 000000000 ____D C:\Qoobox
2017-08-03 08:39 - 2017-08-03 10:50 - 000000000 ____D C:\Windows\erdnt
2017-08-03 08:38 - 2017-08-03 07:54 - 005659660 ____R (Swearware) C:\ComboFix.exe
2017-07-26 15:29 - 2017-07-26 15:35 - 000000000 ____D C:\ProgramData\HitmanPro
2017-07-26 15:28 - 2017-07-26 15:27 - 011007936 _____ (SurfRight B.V.) C:\HitmanPro.exe
2017-07-26 09:29 - 2017-08-10 13:40 - 000002358 __RSH C:\Users\mcgettes-t\ntuser.pol
2017-07-26 09:29 - 2017-08-10 13:40 - 000000000 ____D C:\Users\mcgettes-t
2017-07-26 09:29 - 2017-08-08 14:04 - 000069680 _____ C:\Users\mcgettes-t\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-26 09:29 - 2017-07-29 16:09 - 000000000 ____D C:\Users\mcgettes-t\AppData\Local\Google
2017-07-26 09:29 - 2017-07-26 15:28 - 000002201 _____ C:\Users\mcgettes-t\Desktop\Google Chrome.lnk
2017-07-26 09:29 - 2017-07-26 09:29 - 000001413 _____ C:\Users\mcgettes-t\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-26 09:29 - 2017-07-26 09:29 - 000000020 ___SH C:\Users\mcgettes-t\ntuser.ini
2017-07-26 09:29 - 2017-07-26 09:29 - 000000000 ____D C:\Users\mcgettes-t\AppData\Roaming\Adobe
2017-07-26 09:29 - 2011-04-11 21:24 - 000000000 ____D C:\Users\mcgettes-t\AppData\Roaming\Media Center Programs
2017-07-21 09:19 - 2017-07-21 09:19 - 000001606 _____ C:\Users\salazar-m\Desktop\Network Configuration.lnk
2017-07-20 09:15 - 2017-07-20 09:15 - 000069680 _____ C:\Users\salazar-m\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-20 09:15 - 2017-07-20 09:15 - 000002201 _____ C:\Users\salazar-m\Desktop\Google Chrome.lnk
2017-07-20 09:15 - 2017-07-20 09:15 - 000002178 __RSH C:\Users\salazar-m\ntuser.pol
2017-07-20 09:15 - 2017-07-20 09:15 - 000001413 _____ C:\Users\salazar-m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-20 09:15 - 2017-07-20 09:15 - 000000020 ___SH C:\Users\salazar-m\ntuser.ini
2017-07-20 09:15 - 2017-07-20 09:15 - 000000000 ____D C:\Users\salazar-m\AppData\Roaming\Adobe
2017-07-20 09:15 - 2017-07-20 09:15 - 000000000 ____D C:\Users\salazar-m\AppData\Local\Google
2017-07-20 09:15 - 2017-07-20 09:15 - 000000000 ____D C:\Users\salazar-m
2017-07-20 09:15 - 2011-04-11 21:24 - 000000000 ____D C:\Users\salazar-m\AppData\Roaming\Media Center Programs
2017-07-12 01:20 - 2017-06-15 15:18 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-12 01:20 - 2017-06-12 17:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-12 01:20 - 2017-06-12 17:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-12 01:20 - 2017-06-12 17:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-12 01:20 - 2017-06-12 17:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-12 01:20 - 2017-06-12 17:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-12 01:20 - 2017-06-12 17:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-12 01:20 - 2017-06-12 17:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-12 01:20 - 2017-06-10 10:39 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-12 01:20 - 2017-06-09 10:17 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-12 01:20 - 2017-06-06 10:12 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-12 01:20 - 2017-05-29 23:39 - 001309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-12 01:20 - 2017-05-29 23:39 - 000240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-12 01:20 - 2017-05-29 23:39 - 000187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-12 01:20 - 2017-05-20 23:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-12 01:20 - 2017-05-16 10:16 - 000730856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-12 01:20 - 2017-05-16 10:16 - 000218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-12 01:20 - 2017-05-16 10:12 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-11 07:35 - 2017-04-28 15:22 - 000000152 _____ C:\Windows\system32\config\netlogon.ftl
2017-08-11 04:39 - 2009-07-13 23:34 - 000039680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-11 04:39 - 2009-07-13 23:34 - 000039680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-10 16:41 - 2017-04-28 15:36 - 000008618 __RSH C:\ProgramData\ntuser.pol
2017-08-10 08:01 - 2010-11-20 16:01 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-10 08:01 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\inf
2017-08-10 07:55 - 2009-07-13 23:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-10 07:30 - 2017-05-26 13:46 - 000002358 __RSH C:\Users\VanBibber-T\ntuser.pol
2017-08-10 07:30 - 2017-05-26 13:46 - 000000000 ____D C:\Users\VanBibber-T
2017-08-09 06:25 - 2017-05-26 13:46 - 000069680 _____ C:\Users\VanBibber-T\AppData\Local\GDIPFONTCACHEV1.DAT
2017-08-09 01:56 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\rescache
2017-08-09 01:19 - 2009-07-13 23:33 - 000287080 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-09 01:03 - 2017-05-02 06:26 - 000000000 ____D C:\Windows\system32\MRT
2017-08-09 01:01 - 2017-05-02 06:26 - 137505280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-08 08:53 - 2017-04-28 15:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eagle Utilities
2017-08-08 08:53 - 2017-04-28 15:23 - 000000000 ____D C:\3apps
2017-08-08 08:52 - 2017-04-28 15:28 - 000000000 ____D C:\aesServer
2017-08-08 08:51 - 2017-04-28 15:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eagle
2017-08-03 19:27 - 2017-04-28 15:48 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-03 10:49 - 2009-07-13 21:04 - 000000215 _____ C:\Windows\system.ini
2017-08-03 10:31 - 2009-07-13 21:03 - 045088768 _____ C:\Windows\system32\config\SOFTWARE.bak
2017-08-03 10:31 - 2009-07-13 21:03 - 011534336 _____ C:\Windows\system32\config\SYSTEM.bak
2017-08-03 10:31 - 2009-07-13 21:03 - 000262144 _____ C:\Windows\system32\config\SECURITY.bak
2017-08-03 10:31 - 2009-07-13 21:03 - 000262144 _____ C:\Windows\system32\config\SAM.bak
2017-08-03 10:31 - 2009-07-13 21:03 - 000262144 _____ C:\Windows\system32\config\DEFAULT.bak
2017-08-03 08:40 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\Registration
2017-07-31 09:24 - 2017-06-27 09:54 - 000000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-07-26 09:29 - 2009-07-13 23:46 - 000001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-07-12 01:15 - 2017-05-02 03:18 - 000000000 ____D C:\Windows\system32\appraiser
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-11 00:52
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-08-2017
Ran by vanbibber-t (11-08-2017 07:36:11)
Running from C:\
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2017-04-28 20:16:03)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3795392686-1027691241-4019915128-500 - Administrator - Disabled)
BeakService (S-1-5-21-3795392686-1027691241-4019915128-1001 - Limited - Enabled)
CAC (S-1-5-21-3795392686-1027691241-4019915128-1000 - Limited - Enabled) => C:\Users\hbc
Guest (S-1-5-21-3795392686-1027691241-4019915128-501 - Limited - Disabled)
HBC (S-1-5-21-3795392686-1027691241-4019915128-1002 - Limited - Enabled) => C:\Users\HBC.CAC
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: SonicWall Enforced Client-AntiVirus (Enabled - Up to date) {8F284F92-0627-4F3F-515B-CFCC0C1DF38D}
AS: SonicWall Enforced Client-AntiSpyware (Enabled - Up to date) {3449AE76-201D-40B1-6BEB-F4BE779AB930}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
.NET Framework 4.0 Bootstrapper  26.0856.110 (HKLM\...\{1ad37d0d-4c57-4926-b20b-6059b2c6f0f0}) (Version: 15.140.22830 - Epicor Software Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Eagle e4wDrivers 26.0856.110 (HKLM\...\{27C00D87-C36C-4C8D-8E41-7D6677DE2582}) (Version: 15.140.22830 - Epicor Software Corporation) Hidden
Eagle e4wVB6AppsReg 26.0856.110 (HKLM\...\{C6395AD8-1564-4C7D-926A-94791A80AA17}) (Version: 15.140.22830 - Epicor Software Corporation) Hidden
Eagle eConnect 03.0367.001 (HKLM\...\{D06149A4-52CF-4B01-BFD0-3A7F7A904E89}) (Version: 1.207.23833 - Epicor Software Corporation)
Eagle for Windows (HKLM\...\Eagle for Windows) (Version:  - Epicor Software Corporation)
Eagle MasterInstall 26.0856.110 (HKLM\...\{CD61F48C-4432-4E3F-B919-18B2A5E2EE87}) (Version: 15.140.22830 - Epicor Software Corporation) Hidden
Epicor Compass (HKLM\...\{5E86BDAE-BEAB-4E26-BC3D-05EB5D053EC0}) (Version: 14.0.1880 - Epicor Software Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
LaserCat 3 (HKLM\...\{A97D30A2-E40D-4DFF-B9B8-AB7C25B25BE9}) (Version: 3.4.1.2B - CCITriad)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
SonicWALL Enforced Client (HKLM\...\{5A5187B5-5F34-4A32-8CAB-86E232E45E4D}) (Version: 1.9.52 - SonicWALL)
SonicWALL Enforced Client Kaspersky AV (HKLM\...\{A04119BF-4709-41EA-9947-4F5A999B332D}) (Version: 2.0.2 - SonicWALL)
TightVNC (HKLM\...\{D903B276-81AE-4AED-AEF9-45DACFBF16CE}) (Version: 2.7.10.0 - GlavSoft LLC.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\system32\EhStorShell.dll [2009-07-13] (MicrosoftCorporation)
ShellIconOverlayIdentifiers: [Offline Files] -> {4E77131D-3629-431c-9818-C5679DC83E81} => C:\Windows\System32\cscui.dll [2010-11-20] (MicrosoftCorporation)
ShellIconOverlayIdentifiers: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => C:\Windows\system32\ntshrui.dll [2012-01-04] (MicrosoftCorporation)
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => C:\Windows\system32\syncui.dll [2010-11-20] (MicrosoftCorporation)
ContextMenuHandlers1: [Open With] -> {09799AFB-AD67-11d1-ABCD-00C04FC30936} => C:\Windows\system32\shell32.dll [2017-05-10] (MicrosoftCorporation)
ContextMenuHandlers1: [Open With EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} => C:\Windows\system32\shell32.dll [2017-05-10] (MicrosoftCorporation)
ContextMenuHandlers1: [SECShellExt] -> {10232C27-DE8B-41fd-8F9D-F27DF4928393} => C:\Program Files\SonicWALL\SonicWALL Enforced Client\SECShellExt.dll [2017-03-15] (SonicWallInc.)
ContextMenuHandlers1: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\Windows\system32\ntshrui.dll [2012-01-04] (MicrosoftCorporation)
ContextMenuHandlers2: [EnhancedStorageShell] -> {2854F705-3548-414C-A113-93E27C808C85} => C:\Windows\system32\EhStorShell.dll [2009-07-13] (MicrosoftCorporation)
ContextMenuHandlers2: [SECShellExt] -> {10232C27-DE8B-41fd-8F9D-F27DF4928393} => C:\Program Files\SonicWALL\SonicWALL Enforced Client\SECShellExt.dll [2017-03-15] (SonicWallInc.)
ContextMenuHandlers2: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\Windows\system32\ntshrui.dll [2012-01-04] (MicrosoftCorporation)
ContextMenuHandlers3: [CopyAsPathMenu] -> {f3d06e7c-1e45-4a26-847e-f9fcdee59be0} => C:\Windows\system32\shell32.dll [2017-05-10] (MicrosoftCorporation)
ContextMenuHandlers3: [SECShellExt] -> {10232C27-DE8B-41fd-8F9D-F27DF4928393} => C:\Program Files\SonicWALL\SonicWALL Enforced Client\SECShellExt.dll [2017-03-15] (SonicWallInc.)
ContextMenuHandlers3: [SendTo] -> {7BA4C740-9E81-11CF-99D3-00AA004AE837} => C:\Windows\system32\shell32.dll [2017-05-10] (MicrosoftCorporation)
ContextMenuHandlers4: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} => C:\Windows\system32\shell32.dll [2017-05-10] (MicrosoftCorporation)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => C:\Windows\System32\cscui.dll [2010-11-20] (MicrosoftCorporation)
ContextMenuHandlers4: [SECShellExt] -> {10232C27-DE8B-41fd-8F9D-F27DF4928393} => C:\Program Files\SonicWALL\SonicWALL Enforced Client\SECShellExt.dll [2017-03-15] (SonicWallInc.)
ContextMenuHandlers4: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\Windows\system32\ntshrui.dll [2012-01-04] (MicrosoftCorporation)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => C:\Program Files\Windows Sidebar\sbdrop.dll [2009-07-13] (MicrosoftCorporation)
ContextMenuHandlers5: [New] -> {D969A300-E7FF-11d0-A93B-00A0C90F2719} => C:\Windows\system32\shell32.dll [2017-05-10] (MicrosoftCorporation)
ContextMenuHandlers5: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\Windows\system32\ntshrui.dll [2012-01-04] (MicrosoftCorporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => C:\Windows\system32\syncui.dll [2010-11-20] (MicrosoftCorporation)
ContextMenuHandlers6: [Library Location] -> {3dad6c5d-2167-4cae-9914-f99e41c12cfa} => C:\Windows\system32\shell32.dll [2017-05-10] (MicrosoftCorporation)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => C:\Windows\System32\cscui.dll [2010-11-20] (MicrosoftCorporation)
ContextMenuHandlers6: [SECShellExt] -> {10232C27-DE8B-41fd-8F9D-F27DF4928393} => C:\Program Files\SonicWALL\SonicWALL Enforced Client\SECShellExt.dll [2017-03-15] (SonicWallInc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1219F7F2-3093-48F7-920E-9D7EBFA9C29E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {2375F586-1009-41FB-B54E-30D8AF2B781D} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe [2009-07-13] (MicrosoftCorporation)
Task: {2890A467-F43F-4AEE-85A3-AE703AF50989} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (MicrosoftCorporation)
Task: {29064243-6313-4F35-9BD1-E65267AB7D4A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-04-28] (GoogleInc.)
Task: {2C59ECAF-3A27-4640-9F4B-519B05BDD70F} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\Windows\system32\lpremove.exe [2010-11-20] (MicrosoftCorporation)
Task: {32FBCD9D-CC9D-45A3-9821-09C59BEFCA4C} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2017-05-03] (MicrosoftCorporation)
Task: {46F2DE15-FF0E-434A-A382-DA1624B00759} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (MicrosoftCorporation)
Task: {523CEA57-701E-43C1-8350-675042D50C1B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {526F7BEE-33F0-4ED5-A612-ADDC42BD9307} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe [2010-11-20] (MicrosoftCorporation)
Task: {53E481B3-B4E7-48DC-AFC6-31C017551960} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {5A2F7011-F511-4541-A9A4-109CED3CF3F3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification => C:\Windows\System32\sdclt.exe [2010-11-20] (MicrosoftCorporation)
Task: {5DF43977-6A6B-4B7E-A146-59B0357D0334} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (PiriformLtd)
Task: {60158C7A-6808-42CD-95EE-AFD9A57925DB} - System32\Tasks\Microsoft\Windows\AppID\PolicyConverter => C:\Windows\system32\appidpolicyconverter.exe [2017-07-07] (MicrosoftCorporation)
Task: {60B15620-FEEB-41F7-9862-73C39E3A32A7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {645D309C-D299-419B-88EB-063DB2C581D2} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (MicrosoftCorporation)
Task: {6B7AC694-8D6D-481B-9DD8-2A3A741ADA6D} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem => C:\Windows\System32\powercfg.exe [2009-07-13] (MicrosoftCorporation)
Task: {70A8956F-3F87-41BB-B6D5-ACE8199C9EAE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe [2010-11-20] (MicrosoftCorporation)
Task: {731E9C62-95B5-4C8C-AB64-4CC591C9FF5B} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2009-07-13] (MicrosoftCorporation)
Task: {7D3C7871-A917-4EF0-82E8-5F0A96423051} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\system32\BthUdTask.exe [2009-07-13] (MicrosoftCorporation)
Task: {83C003BE-83B4-4A85-9ED2-98E59FE2FB0E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {882053AD-06B6-440F-B5B2-64F2C951CF6D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {89DD175C-99B3-4CC0-BD70-8C8FC268DE59} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {99D72257-F664-4C13-A819-FD0CA9B1CEDF} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {A6394592-54CE-4E93-8D64-1A068F462632} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\Windows\System32\wsqmcons.exe [2010-11-20] (MicrosoftCorporation)
Task: {AC1552F3-D94C-4693-8EFA-D6FEEF2094D9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {B3CC9132-D346-44DD-A44E-12C1FC72F3C0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {B71A9623-E2C7-4E84-B0BA-222FF13162A2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {B9BEE219-C29E-4310-819C-147A5A0E045E} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\Windows\system32\defrag.exe [2009-07-13] (MicrosoftCorp.)
Task: {BC298592-3399-4C1F-BDC2-B4DB9AB5163B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (MicrosoftCorporation)
Task: {C90440A0-6D8F-423F-8F42-83EEF05CE708} - System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck => C:\Windows\system32\appidcertstorecheck.exe [2017-07-07] (MicrosoftCorporation)
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\system32\aitagent.exe [2010-11-20] (MicrosoftCorporation)
Task: {D50E00EA-3FA8-4718-9005-A2873E71C9C4} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (MicrosoftCorporation)
Task: {DA584D85-54EC-4E99-9E84-CAE593EBD0EA} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2016-03-23] (MicrosoftCorporation)
Task: {DE8699D2-8A05-42F7-8A85-5162AF47D26A} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\Windows\system32\wermgr.exe [2017-07-14] (MicrosoftCorporation)
Task: {E4F5CA62-93C0-40A9-B677-1EB527C6F1F8} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\Windows\system32\DFDWiz.exe [2009-07-13] (MicrosoftCorporation)
Task: {EFD15602-1256-41C7-A55D-6B231086653C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-04-28] (GoogleInc.)
Task: {F6850B69-7449-4C36-AEFF-DD8F9A269385} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe [2010-11-20] (MicrosoftCorporation)
Task: {F93C7104-998A-4A38-B935-775A3138B3C3} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotifications.exe [2009-07-13] (MicrosoftCorporation)
Task: {FE4778B9-7B93-4000-B20C-7813897382EC} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (MicrosoftCorporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2017-08-03 10:49 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3039522607-814947754-2739937932-1104\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-3039522607-814947754-2739937932-1165\Control Panel\Desktop\\Wallpaper -> C:\Users\mcgettes-t\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.95.3.254 - 10.95.3.250
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{E926E57D-011D-4F63-BCC5-FFCFDC28D091}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{CE504808-152F-4073-8BB9-0F8E7C4D30C6}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{AB3FBA72-52C3-4476-9A38-230DBE05659B}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{31EE9EAB-B71B-422A-BC4E-348D016C2597}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe
FirewallRules: [{15321A36-A24B-4008-A553-C0EFF4D1FB29}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{12DB80DF-ECEF-41A1-8E11-F54588B06430}] => (Allow) LPort=59152
FirewallRules: [{13B956C5-16E6-4FC1-96DD-B4A387722989}] => (Allow) LPort=59152
FirewallRules: [{26A84E41-8665-41BB-9DB4-B05BFDEA6877}] => (Allow) LPort=59152
FirewallRules: [{6B4BD414-3F08-4384-994B-1E5283C3B0D5}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
10-08-2017 07:28:22 Restore Point Created by FRST
11-08-2017 07:33:14 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/11/2017 07:33:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service 112938343 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/11/2017 07:33:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service 171119234 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/11/2017 07:33:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service 133613795 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/11/2017 07:33:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service 383349524 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/11/2017 07:33:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service 133541426 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/11/2017 07:33:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service 102063281 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/11/2017 07:33:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service 133580021 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/11/2017 07:33:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service 685971937 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/11/2017 07:33:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service 936926 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/11/2017 07:33:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service 47256524 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
 
System errors:
=============
Error: (08/11/2017 07:18:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the storageshed service to connect.
 
Error: (08/11/2017 06:03:13 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the storageshed service to connect.
 
Error: (08/11/2017 05:48:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the storageshed service to connect.
 
Error: (08/11/2017 05:17:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the storageshed service to connect.
 
Error: (08/11/2017 05:17:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the 54359921 service to connect.
 
Error: (08/11/2017 05:17:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the storageshed service to connect.
 
Error: (08/11/2017 05:17:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the 100679379 service to connect.
 
Error: (08/11/2017 05:17:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the storageshed service to connect.
 
Error: (08/11/2017 05:17:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the storageshed service to connect.
 
Error: (08/11/2017 05:17:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the 187085759 service to connect.
 
 
CodeIntegrity:
===================================
  Date: 2017-05-29 10:55:52.356
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-29 10:28:41.814
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-26 16:00:46.687
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-26 14:55:21.925
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-26 14:46:40.906
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-26 14:36:02.284
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-26 14:12:14.751
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-26 13:54:49.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-26 13:46:46.384
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon® CPU E7- 4870 @ 2.40GHz
Percentage of memory in use: 40%
Total physical RAM: 3967.55 MB
Available physical RAM: 2362.69 MB
Total Virtual: 7933.43 MB
Available Virtual: 6341.63 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:39.9 GB) (Free:20.21 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 40 GB) (Disk ID: D400E35D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=39.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#14 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:01:03 PM

Posted 11 August 2017 - 10:49 PM

How is the machine behaving?

 

John



#15 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:01:03 PM

Posted 14 August 2017 - 06:38 PM

It's been a few days, you still with me?

 

John






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users