Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Emotet and Troldesh viruses appearing on PCs


  • This topic is locked This topic is locked
4 replies to this topic

#1 strathuni

strathuni

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 06 December 2017 - 11:34 AM

Hi Folks,

 

 

We have been infected with Emotet and Troldesh keeps appearing on some PCs, no PCs are encryptred and we can still use them. 

 

Malwarebytes is able to find Emotet and Troldesh, it deletes and quaratines them but the keep reappearing.

 

Have tried using McAfee, Malwarebytes, RKill, Hitman Pro - Free, Zemana - Free, RougeKiller and between them they find the viruses but the virus just keeps coming back.

 

Any help on this would be much appreicated, thanks.

 

Below is the FRST text output:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-11-2017
Ran by pharmadmin (administrator) on SIBS209-24 (06-12-2017 15:48:00)
Running from C:\Users\pharmadmin\Desktop
Loaded Profiles: eas96120 & eas97118 & gwb09135 & srb09136 & pharmadmin & nwb13148 & qdb13154 & xdb13142 & nqb13151 & eas02104 & mkb13172 & xsb13189 & xmb13168 & dkb13176 & pkb13174 & kqb13178 & mkb13180 & kwb13168 & xqb13169 & jwb13184 & wjb13173 & kqb13184 & dkb13193 & nqb13191 & gpb13199 & wrb14105 & ksb14129 & isb14165 & hwb14169 & yyb14148 & syb14156 & tmb14155 & rqb14187 & jjb14185 & pkb14181 & ylb14202 & rkb14179 & vib14179 & njb14165 & ftb14172 & ksb14165 & gwb14176 & xdb14175 & wyb14166 & jrb14165 & bwb14167 & nxb14161 & ixb14163 & ehb14187 & prb14175 & szb14190 & kxb14179 & pjb14193 & ypb14174 & nqb14204 & fmb15129 & dsb15163 & yhb15177 & ksb15157 & njb15177 & ftb15170 & alb15170 & prb15172 & mlb15170 & ykb15169 & isb15160 & jrb15158 & gvb15173 & kwb15156 & seb15166 & seb15172 & mlb15179 & rqb15183 & wjb15207 & cxb16141 & ngb16161 & npb16169 & yxb16177 & tjb16173 & gwb16172 & kfb16185 & psb16199 & fsb16191 & npb16187 & vib17115 & prb17147 & xnb17192 & ppclass & eas03104 & cecs06 & Dominion & Locald & Administrator (Available Profiles: eas96120 & eas97118 & gwb09135 & srb09136 & pharmadmin & nwb13148 & qdb13154 & xdb13142 & nqb13151 & eas02104 & mkb13172 & xsb13189 & xmb13168 & dkb13176 & pkb13174 & kqb13178 & mkb13180 & kwb13168 & xqb13169 & jwb13184 & wjb13173 & kqb13184 & dkb13193 & nqb13191 & gpb13199 & wrb14105 & ksb14129 & isb14165 & hwb14169 & yyb14148 & syb14156 & tmb14155 & rqb14187 & jjb14185 & pkb14181 & ylb14202 & rkb14179 & vib14179 & njb14165 & ftb14172 & ksb14165 & gwb14176 & xdb14175 & wyb14166 & jrb14165 & bwb14167 & nxb14161 & ixb14163 & ehb14187 & prb14175 & szb14190 & kxb14179 & pjb14193 & ypb14174 & nqb14204 & fmb15129 & dsb15163 & yhb15177 & ksb15157 & njb15177 & ftb15170 & alb15170 & prb15172 & mlb15170 & ykb15169 & isb15160 & jrb15158 & gvb15173 & kwb15156 & seb15166 & seb15172 & mlb15179 & rqb15183 & wjb15207 & cxb16141 & ngb16161 & npb16169 & yxb16177 & tjb16173 & gwb16172 & kfb16185 & psb16199 & fsb16191 & npb16187 & vib17115 & prb17147 & xnb17192 & ppclass & eas03104 & cecs06 & Dominion & Locald & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (All) =================
(Microsoft Corporation) C:\Windows\System32\smss.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\wininit.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\winlogon.exe
(Microsoft Corporation) C:\Windows\System32\services.exe
(Microsoft Corporation) C:\Windows\System32\lsass.exe
(Microsoft Corporation) C:\Windows\System32\lsm.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\spoolsv.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
(Microsoft Corporation) C:\Windows\System32\conhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.PMRINSTANCE\MSSQL\Binn\sqlservr.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes' Managed Client\SCComm.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(NHS Scotland) C:\Program Files\NHS Scotland ePharmacy\PMRAdapterRetryService.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\System32\dwm.exe
(Microsoft Corporation) C:\Windows\explorer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\taskhost.exe
(Adlice Software) C:\Users\pharmadmin\Desktop\RogueKiller_portable32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
(Farbar) C:\Users\pharmadmin\Desktop\FRST.exe

==================== Registry (All) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [145904 2013-03-13] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [181232 2013-03-13] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [189936 2013-03-13] (Intel Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [831104 2012-03-29] (Conexant Systems, Inc.)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [333416 2012-09-05] (McAfee, Inc.)
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2475984 2017-09-18] (Malwarebytes Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [26624 2010-11-20] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [2616320 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll [2013-02-22] (Intel Corporation)
HKLM\ DisallowedCertificates: 08738A96A4853A52ACEF23F782E8E1FEA7BCED02 (U)
HKLM\ DisallowedCertificates: 09271DD621EBD3910C2EA1D059F99B8181405A17 (U)
HKLM\ DisallowedCertificates: 09FF2CC86CEEFA8A8BB3F2E3E84D6DA3FABBF63E (U)
HKLM\ DisallowedCertificates: 1916A2AF346D399F50313C393200F14140456616 (U)
HKLM\ DisallowedCertificates: 23EF3384E21F70F034C467D4CBA6EB61429F174E (U)
HKLM\ DisallowedCertificates: 2A83E9020591A55FC6DDAD3FB102794C52B24E70 (U)
HKLM\ DisallowedCertificates: 2B84BFBB34EE2EF949FE1CBE30AA026416EB2216 (U)
HKLM\ DisallowedCertificates: 305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6 (U)
HKLM\ DisallowedCertificates: 330D8D3FD325A0E5FDDDA27013A2E75E7130165F (U)
HKLM\ DisallowedCertificates: 367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB (U)
HKLM\ DisallowedCertificates: 374D5B925B0BD83494E656EB8087127275DB83CE (U)
HKLM\ DisallowedCertificates: 3A26012171855D4020C973BEC3F4F9DA45BD2B83 (U)
HKLM\ DisallowedCertificates: 3A850044D8A195CD401A680C012CB0A3B5F8DC08 (U)
HKLM\ DisallowedCertificates: 40AA38731BD189F9CDB5B9DC35E2136F38777AF4 (U)
HKLM\ DisallowedCertificates: 43D9BCB568E039D073A74A71D8511F7476089CC3 (U)
HKLM\ DisallowedCertificates: 471C949A8143DB5AD5CDF1C972864A2504FA23C9 (U)
HKLM\ DisallowedCertificates: 4D8547B7F864132A7F62D9B75B068521F10B68E3 (U)
HKLM\ DisallowedCertificates: 4DF13947493CFF69CDE554881C5F114E97C3D03B (U)
HKLM\ DisallowedCertificates: 4ED8AA06D1BC72CA64C47B1DFE05ACC8D51FC76F (U)
HKLM\ DisallowedCertificates: 51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74 (U)
HKLM\ DisallowedCertificates: 587B59FB52D8A683CBE1CA00E6393D7BB923BC92 (U)
HKLM\ DisallowedCertificates: 5CE339465F41A1E423149F65544095404DE6EBE2 (U)
HKLM\ DisallowedCertificates: 5D5185DF1EB7DC76015422EC8138A5724BEE2886 (U)
HKLM\ DisallowedCertificates: 5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179 (U)
HKLM\ DisallowedCertificates: 61793FCBFA4F9008309BBA5FF12D2CB29CD4151A (U)
HKLM\ DisallowedCertificates: 637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6 (U)
HKLM\ DisallowedCertificates: 63FEAE960BAA91E343CE2BD8B71798C76BDB77D0 (U)
HKLM\ DisallowedCertificates: 6431723036FD26DEA502792FA595922493030F97 (U)
HKLM\ DisallowedCertificates: 6690C02B922CBD3FF0D0A5994DBD336592887E3F (U)
HKLM\ DisallowedCertificates: 7613BF0BA261006CAC3ED2DDBEF343425357F18B (U)
HKLM\ DisallowedCertificates: 7D7F4414CCEF168ADF6BF40753B5BECD78375931 (U)
HKLM\ DisallowedCertificates: 80962AE4D6C5B442894E95A13E4A699E07D694CF (U)
HKLM\ DisallowedCertificates: 838FFD509DE868F481C29819992E38A4F7082873 (U)
HKLM\ DisallowedCertificates: 86E817C81A5CA672FE000F36F878C19518D6F844 (U)
HKLM\ DisallowedCertificates: 8977E8569D2A633AF01D0394851681CE122683A6 (U)
HKLM\ DisallowedCertificates: 8E5BD50D6AE686D65252F843A9D4B96D197730AB (U)
HKLM\ DisallowedCertificates: 9845A431D51959CAF225322B4A4FE9F223CE6D15 (U)
HKLM\ DisallowedCertificates: A1505D9843C826DD67ED4EA5209804BDBB0DF502 (U)
HKLM\ DisallowedCertificates: A221D360309B5C3C4097C44CC779ACC5A9845B66 (U)
HKLM\ DisallowedCertificates: A35A8C727E88BCCA40A3F9679CE8CA00C26789FD (U)
HKLM\ DisallowedCertificates: A7B5531DDC87129E2C3BB14767953D6745FB14A6 (U)
HKLM\ DisallowedCertificates: A81706D31E6F5C791CD9D3B1B9C63464954BA4F5 (U)
HKLM\ DisallowedCertificates: B533345D06F64516403C00DA03187D3BFEF59156 (U)
HKLM\ DisallowedCertificates: B86E791620F759F17B8D25E38CA8BE32E7D5EAC2 (U)
HKLM\ DisallowedCertificates: BED412B1334D7DFCEBA3015E5F9F905D571C45CF (U)
HKLM\ DisallowedCertificates: C060ED44CBD881BD0EF86C0BA287DDCF8167478C (U)
HKLM\ DisallowedCertificates: C69F28C825139E65A646C434ACA5A1D200295DB1 (U)
HKLM\ DisallowedCertificates: CEA586B2CE593EC7D939898337C57814708AB2BE (U)
HKLM\ DisallowedCertificates: D018B62DC518907247DF50925BB09ACF4A5CB3AD (U)
HKLM\ DisallowedCertificates: D0BB3E3DFBFB86C0EEE2A047E328609E6E1F185E (U)
HKLM\ DisallowedCertificates: D43153C8C25F0041287987250F1E3CABAC8C2177 (U)
HKLM\ DisallowedCertificates: D8CE8D07F9F19D2569C2FB854401BC99C1EB7C3B (U)
HKLM\ DisallowedCertificates: E38A2B7663B86796436D8DF5898D9FAA6835B238 (U)
HKLM\ DisallowedCertificates: E95DD86F32C771F0341743EBD75EC33C74A3DED9 (U)
HKLM\ DisallowedCertificates: E9809E023B4512AA4D4D53F40569C313C1D0294D (U)
HKLM\ DisallowedCertificates: F5A874F3987EB0A9961A564B669A9050F770308A (U)
HKLM\ DisallowedCertificates: F8A54E03AADC5692B850496A4C4630FFEAA29D83 (U)
HKLM\ DisallowedCertificates: F92BE5266CC05DB2DC0DC3F2DC74E02DEFD949CB (U)
HKLM\ DisallowedCertificates: FA6660A94AB45F6A88C0D7874D89A863D74DEE97 (U)
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1060284298-1482476501-839522115-10972\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-10991\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-204306\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-26076\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-262457\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex
HKU\S-1-5-21-1060284298-1482476501-839522115-264133\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-264140\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex
HKU\S-1-5-21-1060284298-1482476501-839522115-26544\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-265887\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-267514\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-267663\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-267672\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-267788\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-268850\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-269316\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-269406\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-272143\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-278902\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-284636\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-285427\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-285429\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-286034\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-286750\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-286968\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-288235\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-288239\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-288241\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-288252\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-1060284298-1482476501-839522115-288252\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1060284298-1482476501-839522115-288252\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-289790\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-289791\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-289802\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-289809\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-289813\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-289817\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-289821\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-289822\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-289823\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-289824\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-289838\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-289841\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-289843\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-289845\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-289846\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-290046\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-290740\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-290745\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-291804\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-306119\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-308922\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-309515\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-309528\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-1060284298-1482476501-839522115-309528\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1060284298-1482476501-839522115-309528\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-309686\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-309722\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-309769\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-309770\...\Run: [Google Update] => C:\Users\prb15172\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-27] (Google Inc.)
HKU\S-1-5-21-1060284298-1482476501-839522115-309770\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-311333\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-311373\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-311383\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-311386\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-311430\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-311454\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-311804\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-312624\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-312625\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-312752\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-315469\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-328177\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-331566\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-333412\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-333454\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-333457\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-333462\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-333465\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-333468\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-334120\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-334602\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-344859\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-350956\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-356235\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1060284298-1482476501-839522115-36363\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1395167171-484323596-84503876-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1395167171-484323596-84503876-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1395167171-484323596-84503876-1001\...\MountPoints2: {96713c54-f501-11e2-8871-806e6f6e6963} - D:\AutoRun.exe
HKU\S-1-5-21-1395167171-484323596-84503876-500\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-18\...\Run: [McAfee] => C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\hbwfitij\becghwgj.exe [278528 2017-09-13] ()
HKLM\...\Providers\Internet Print Provider: C:\Windows\system32\inetpp.dll [126464 2017-08-11] (Microsoft Corporation)
HKLM\...\Providers\LanMan Print Services: C:\Windows\system32\win32spl.dll [497664 2017-08-11] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: credssp.dll
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-18] (Microsoft Corporation)
BootExecute: autocheck autochk *
AlternateShell: cmd.exe
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 130.159.248.50 130.159.228.50
Tcpip\..\Interfaces\{AF0A4A54-AC04-4E96-BB24-CCAF1A6C27BB}: [DhcpNameServer] 130.159.248.50 130.159.228.50

Internet Explorer:
==================
HKU\S-1-5-21-1060284298-1482476501-839522115-10972\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-10991\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-204306\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-26076\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-264133\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-26544\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-265887\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-267514\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-267663\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-267672\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-267788\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-268850\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-269316\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-269406\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-272143\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-278902\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-284636\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-285427\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-285429\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-286034\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-286750\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-286968\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-288235\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-288239\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-288241\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-288252\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-289790\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-289791\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-289802\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-289809\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-289813\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-289817\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-289821\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-289822\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-289823\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-289824\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-289838\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-289841\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-289843\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-289845\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-289846\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-290046\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-290740\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-290745\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-291804\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-306119\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-308922\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-309515\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-309528\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-309686\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-309722\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-309769\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-309770\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-311333\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-311373\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-311383\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-311386\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-311430\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-311454\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-311804\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-312624\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-312625\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-312752\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-315469\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-328177\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-331566\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-333412\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-333454\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-333457\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-333462\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-333465\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-333468\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-334120\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-334602\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-344859\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-350956\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-356235\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1060284298-1482476501-839522115-36363\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1395167171-484323596-84503876-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1395167171-484323596-84503876-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1060284298-1482476501-839522115-189466\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1060284298-1482476501-839522115-191509\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1060284298-1482476501-839522115-241226\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1060284298-1482476501-839522115-241234\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1060284298-1482476501-839522115-249084\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1060284298-1482476501-839522115-249084\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1060284298-1482476501-839522115-26076\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1060284298-1482476501-839522115-26076\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1060284298-1482476501-839522115-262457\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1060284298-1482476501-839522115-264136\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1060284298-1482476501-839522115-264140\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1060284298-1482476501-839522115-266290\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1060284298-1482476501-839522115-267204\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1060284298-1482476501-839522115-267556\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1060284298-1482476501-839522115-267578\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1060284298-1482476501-839522115-267585\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1060284298-1482476501-839522115-267587\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1060284298-1482476501-839522115-267703\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1060284298-1482476501-839522115-288235\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1060284298-1482476501-839522115-289813\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1060284298-1482476501-839522115-311386\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1060284298-1482476501-839522115-312625\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1395167171-484323596-84503876-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.strath.ac.uk/
HKU\S-1-5-21-1395167171-484323596-84503876-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1395167171-484323596-84503876-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1395167171-484323596-84503876-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1060284298-1482476501-839522115-267585 -> DefaultScope {C784CB78-1971-4842-A353-BA938CCC2294} URL = hxxp://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-1060284298-1482476501-839522115-267585 -> {C784CB78-1971-4842-A353-BA938CCC2294} URL = hxxp://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-09-13] (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130725151228.dll [2013-07-25] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-13] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\pharmadmin\AppData\Roaming\Mozilla\Firefox\Profiles\9vmv2s96.default [2017-12-06]
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore
FF Extension: (IDS_SS_NAME) - C:\Program Files\Common Files\McAfee\SystemCore [2017-12-06] [Lagacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2009-11-06] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1060284298-1482476501-839522115-309770: @tools.google.com/Google Update;version=3 -> C:\Users\prb15172\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1060284298-1482476501-839522115-309770: @tools.google.com/Google Update;version=9 -> C:\Users\prb15172\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-27] (Google Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2014-09-10] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\pharmadmin\AppData\Local\Google\Chrome\User Data\Default [2017-12-06]
CHR Extension: (Docs) - C:\Users\pharmadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\pharmadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-06]
CHR HKU\S-1-5-21-1395167171-484323596-84503876-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (All) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [83984 2017-09-27] (Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-11-15] (Adobe Systems Incorporated)
R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [62464 2009-07-14] (Microsoft Corporation)
S3 ALG; C:\Windows\System32\alg.exe [59392 2009-07-14] (Microsoft Corporation)
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [29696 2017-09-13] (Microsoft Corporation)
S3 Appinfo; C:\Windows\System32\appinfo.dll [47104 2016-11-09] (Microsoft Corporation)
S3 AppMgmt; C:\Windows\System32\appmgmts.dll [149504 2009-07-14] (Microsoft Corporation)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [31904 2014-03-04] (Microsoft Corporation)
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [474624 2016-06-14] (Microsoft Corporation)
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [474624 2016-06-14] (Microsoft Corporation)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [88064 2010-11-20] (Microsoft Corporation)
S3 BDESVC; C:\Windows\System32\bdesvc.dll [76800 2009-07-14] (Microsoft Corporation)
R2 BFE; C:\Windows\System32\bfe.dll [494592 2010-11-20] (Microsoft Corporation)
R3 BITS; C:\Windows\System32\qmgr.dll [585728 2010-11-20] (Microsoft Corporation)
R3 Browser; C:\Windows\System32\browser.dll [102912 2012-07-04] (Microsoft Corporation)
S3 bthserv; C:\Windows\system32\bthserv.dll [64512 2009-07-14] (Microsoft Corporation)
S3 CertPropSvc; C:\Windows\System32\certprop.dll [67584 2010-11-20] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [67224 2014-03-20] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-03-13] (Intel Corporation)
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [145920 2017-04-12] (Microsoft Corporation)
R2 CscService; C:\Windows\System32\cscsvc.dll [546304 2010-11-20] (Microsoft Corporation)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [377344 2017-08-11] (Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-14] (Microsoft Corporation)
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [935424 2016-08-21] (Microsoft Corporation)
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [132608 2011-03-03] (Microsoft Corporation)
S3 dot3svc; C:\Windows\System32\dot3svc.dll [214016 2010-11-20] (Microsoft Corporation)
R2 DPS; C:\Windows\system32\dps.dll [144384 2010-11-20] (Microsoft Corporation)
S3 EapHost; C:\Windows\System32\eapsvc.dll [98304 2009-07-14] (Microsoft Corporation)
S3 EFS; C:\Windows\System32\lsass.exe [22016 2017-09-13] (Microsoft Corporation)
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556544 2010-11-20] (Microsoft Corporation)
S3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-14] (Microsoft Corporation)
R2 ePharmacy PMR Retry Adapter; C:\Program Files\NHS Scotland ePharmacy\PMRAdapterRetryService.exe [10240 2006-08-11] (NHS Scotland) [File not signed]
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1086976 2010-11-20] (Microsoft Corporation)
R2 EventSystem; C:\Windows\system32\es.dll [271360 2009-07-14] (Microsoft Corporation)
S3 Fax; C:\Windows\system32\fxssvc.exe [523264 2010-11-20] (Microsoft Corporation)
S3 fdPHost; C:\Windows\system32\fdPHost.dll [12800 2009-07-14] (Microsoft Corporation)
S3 FDResPub; C:\Windows\system32\fdrespub.dll [28160 2009-07-14] (Microsoft Corporation)
R2 FontCache; C:\Windows\system32\FntCache.dll [909824 2017-05-12] (Microsoft Corporation)
R3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856 2009-06-10] (Microsoft Corporation)
R2 gpsvc; C:\Windows\System32\gpsvc.dll [606720 2016-05-12] (Microsoft Corporation)
S2 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-09-13] (Google Inc.)
S3 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-09-13] (Google Inc.)
S3 hidserv; C:\Windows\system32\hidserv.dll [49152 2009-07-14] (Microsoft Corporation)
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [71168 2010-11-20] (Microsoft Corporation)
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [194560 2010-11-20] (Microsoft Corporation)
S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [165376 2010-11-20] (Microsoft Corporation)
R3 ICCS; C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
S3 idsvc; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [879248 2014-06-30] (Microsoft Corporation)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [104960 2017-10-14] (Microsoft Corporation)
S3 IKEEXT; C:\Windows\System32\ikeext.dll [679424 2013-10-12] (Microsoft Corporation)
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [78848 2009-07-14] (Microsoft Corporation)
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [499712 2010-11-20] (Microsoft Corporation)
S3 KeyIso; C:\Windows\system32\lsass.exe [22016 2017-09-13] (Microsoft Corporation)
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [308736 2009-07-14] (Microsoft Corporation)
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [168960 2010-11-20] (Microsoft Corporation)
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [84480 2010-11-20] (Microsoft Corporation)
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [189952 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [18432 2009-07-14] (Microsoft Corporation)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [155088 2017-09-18] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [452576 2016-02-09] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [901088 2016-02-09] (Malwarebytes Corporation)
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [132712 2012-09-05] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [167344 2013-07-25] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [68096 2010-11-20] (Microsoft Corporation)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [159640 2013-07-25] (McAfee, Inc.)
S3 Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [30814400 2013-12-18] (Microsoft Corporation)
R2 MMCSS; C:\Windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation)
S4 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [175568 2017-09-13] (Mozilla Foundation)
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [566272 2010-11-20] (Microsoft Corporation)
S3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2009-07-14] (Microsoft Corporation)
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [114688 2009-07-14] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [73216 2016-11-09] (Microsoft Corporation)
R2 MSSQL$PMRINSTANCE; c:\Program Files\Microsoft SQL Server\MSSQL10.PMRINSTANCE\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
S4 MSSQLServerADHelper100; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [47128 2009-07-23] (Microsoft Corporation)
S3 napagent; C:\Windows\system32\qagentRT.dll [330240 2010-11-20] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2014-11-17] (Hewlett-Packard) [File not signed]
R2 Netlogon; C:\Windows\system32\lsass.exe [22016 2017-09-13] (Microsoft Corporation)
R3 Netman; C:\Windows\System32\netman.dll [280576 2009-07-14] (Microsoft Corporation)
R3 netprofm; C:\Windows\System32\netprofm.dll [360448 2009-07-14] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [129680 2014-07-10] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [242688 2014-12-06] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\nsisvc.dll [19968 2017-08-11] (Microsoft Corporation)
S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [159960 2017-09-12] (Microsoft Corporation)
S3 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4640000 2010-01-09] (Microsoft Corporation)
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation)
S3 p2psvc; C:\Windows\system32\p2psvc.dll [327680 2009-07-14] (Microsoft Corporation)
R3 PcaSvc; C:\Windows\System32\pcasvc.dll [157184 2016-06-14] (Microsoft Corporation)
S3 PeerDistSvc; C:\Windows\system32\peerdistsvc.dll [1004544 2009-07-14] (Microsoft Corporation)
S3 pla; C:\Windows\system32\pla.dll [1508352 2017-03-10] (Microsoft Corporation)
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [293376 2011-05-24] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2014-11-17] (Hewlett-Packard) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [20480 2009-07-14] (Microsoft Corporation)
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation)
R3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [351744 2016-05-12] (Microsoft Corporation)
R2 Power; C:\Windows\system32\umpo.dll [119808 2010-11-20] (Microsoft Corporation)
R2 ProfSvc; C:\Windows\system32\profsvc.dll [164864 2014-12-19] (Microsoft Corporation)
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [22016 2017-09-13] (Microsoft Corporation)
S3 QWAVE; C:\Windows\system32\qwave.dll [210944 2009-07-14] (Microsoft Corporation)
S3 RasAuto; C:\Windows\System32\rasauto.dll [90624 2009-07-14] (Microsoft Corporation)
S3 RasMan; C:\Windows\System32\rasmans.dll [286208 2010-11-20] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [75264 2009-07-14] (Microsoft Corporation)
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [112640 2009-07-14] (Microsoft Corporation)
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [43520 2009-07-14] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\system32\locator.exe [9216 2009-07-14] (Microsoft Corporation)
R2 RpcSs; C:\Windows\system32\rpcss.dll [377344 2017-08-11] (Microsoft Corporation)
R2 SamSs; C:\Windows\system32\lsass.exe [22016 2017-09-13] (Microsoft Corporation)
R2 SAService; C:\Windows\system32\SAsrv.exe [446592 2010-11-19] (Conexant Systems, Inc.)
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [132608 2009-07-14] (Microsoft Corporation)
R2 SCCommService; C:\Program Files\Malwarebytes' Managed Client\SCComm.exe [149992 2017-04-06] (Malwarebytes)
R2 Schedule; C:\Windows\system32\schedsvc.dll [751104 2015-08-05] (Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [67584 2010-11-20] (Microsoft Corporation)
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [125952 2010-11-20] (Microsoft Corporation)
S3 seclogon; C:\Windows\system32\seclogon.dll [21504 2016-02-09] (Microsoft Corporation)
R2 SENS; C:\Windows\System32\sens.dll [49664 2009-07-14] (Microsoft Corporation)
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [25088 2009-07-14] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\system32\sessenv.dll [113664 2010-11-20] (Microsoft Corporation)
S4 SharedAccess; C:\Windows\System32\ipnathlp.dll [300544 2009-07-14] (Microsoft Corporation)
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation)
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2009-07-14] (Microsoft Corporation)
R2 Spooler; C:\Windows\System32\spoolsv.exe [317440 2010-11-20] (Microsoft Corporation)
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3179520 2010-11-20] (Microsoft Corporation)
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [53760 2010-11-20] (Microsoft Corporation)
S4 SQLAgent$PMRINSTANCE; c:\Program Files\Microsoft SQL Server\MSSQL10.PMRINSTANCE\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
S4 SQLBrowser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [254808 2009-03-30] (Microsoft Corporation)
R2 SQLWriter; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [98840 2008-07-10] (Microsoft Corporation)
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [162816 2009-07-14] (Microsoft Corporation)
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [90112 2009-07-14] (Microsoft Corporation)
S2 StiSvc; C:\Windows\System32\wiaservc.dll [463360 2010-11-20] (Microsoft Corporation)
S3 StorSvc; C:\Windows\system32\storsvc.dll [16384 2009-07-14] (Microsoft Corporation)
R3 swprv; C:\Windows\System32\swprv.dll [313856 2009-07-14] (Microsoft Corporation)
R2 SysMain; C:\Windows\system32\sysmain.dll [1159168 2015-07-15] (Microsoft Corporation)
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [73216 2010-11-20] (Microsoft Corporation)
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation)
S3 TBS; C:\Windows\System32\tbssvc.dll [55808 2009-07-14] (Microsoft Corporation)
S3 TermService; C:\Windows\System32\termsrv.dll [523776 2014-10-14] (Microsoft Corporation)
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation)
S3 THREADORDER; C:\Windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation)
R2 TrkWks; C:\Windows\System32\trkwks.dll [77312 2009-07-14] (Microsoft Corporation)
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [204800 2010-11-20] (Microsoft Corporation)
S4 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2009-07-14] (Microsoft Corporation)
S3 UmRdpService; C:\Windows\System32\umrdp.dll [171008 2010-11-20] (Microsoft Corporation)
S3 upnphost; C:\Windows\System32\upnphost.dll [266752 2009-07-14] (Microsoft Corporation)
R2 UxSms; C:\Windows\System32\uxsms.dll [29696 2009-07-14] (Microsoft Corporation)
S3 VaultSvc; C:\Windows\system32\lsass.exe [22016 2017-09-13] (Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [453632 2010-11-20] (Microsoft Corporation)
S3 VSS; C:\Windows\system32\vssvc.exe [1025536 2010-11-20] (Microsoft Corporation)
R3 W32Time; C:\Windows\system32\w32time.dll [288768 2009-07-14] (Microsoft Corporation)
S3 wbengine; C:\Windows\system32\wbengine.exe [1203200 2010-11-20] (Microsoft Corporation)
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [151552 2009-07-14] (Microsoft Corporation)
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32768 2017-02-09] (Microsoft Corporation)
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation)
R3 WdiSystemHost; C:\Windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation)
S3 WebClient; C:\Windows\System32\webclnt.dll [208896 2016-09-08] (Microsoft Corporation)
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [147968 2009-07-14] (Microsoft Corporation)
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [61440 2009-07-14] (Microsoft Corporation)
R3 WerSvc; C:\Windows\System32\WerSvc.dll [65024 2009-07-14] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [351744 2016-05-11] (Microsoft Corporation)
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [168960 2009-07-14] (Microsoft Corporation)
S3 WinRM; C:\Windows\system32\WsmSvc.dll [1178112 2016-08-06] (Microsoft Corporation)
S3 Wlansvc; C:\Windows\System32\wlansvc.dll [828928 2017-09-13] (Microsoft Corporation)
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [136192 2009-07-14] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1121792 2010-11-20] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation)
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [85504 2010-11-20] (Microsoft Corporation)
R2 wscsvc; C:\Windows\System32\wscsvc.dll [73728 2009-07-14] (Microsoft Corporation)
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [427520 2017-10-12] (Microsoft Corporation)
R2 wuauserv; C:\Windows\system32\wuaueng.dll [2092032 2017-05-10] (Microsoft Corporation)
R2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [67584 2010-11-20] (Microsoft Corporation)
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [185856 2009-07-14] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S2 1007572845; %SystemRoot%\20441560.exe [X]
S2 1021023328; %SystemRoot%\18606736.exe [X]
S2 1022522920; %SystemRoot%\21752280.exe [X]
S2 1026620911; %SystemRoot%\23390680.exe [X]
S2 1050095114; %SystemRoot%\23325144.exe [X]
S2 1053413318; %SystemRoot%\15264216.exe [X]
S2 1074104199; %SystemRoot%\13953496.exe [X]
S2 1075124632; %SystemRoot%\13887960.exe [X]
S2 1096791954; %SystemRoot%\21555672.exe [X]
S2 1100633198; %SystemRoot%\17689048.exe [X]
S2 1106132077; %SystemRoot%\18016728.exe [X]
S2 1114532466; %SystemRoot%\17164760.exe [X]
S2 1129380454; %SystemRoot%\31517144.exe [X]
S2 1136495847; %SystemRoot%\24046040.exe [X]
S2 1137559025; %SystemRoot%\22145496.exe [X]
S2 1155724780; %SystemRoot%\21162456.exe [X]
S2 1159111733; %SystemRoot%\15657432.exe [X]
S2 1168329271; %SystemRoot%\14674392.exe [X]
S2 11795157; %SystemRoot%\20113880.exe [X]
S2 1192343222; %SystemRoot%\23652824.exe [X]
S2 1201315074; %SystemRoot%\16771544.exe [X]
S2 12313798; %SystemRoot%\35709440.exe [X]
S2 1238917804; %SystemRoot%\16574936.exe [X]
S2 1267129961; %SystemRoot%\23456216.exe [X]
S2 1273796086; %SystemRoot%\13756888.exe [X]
S2 13297478; %SystemRoot%\16312792.exe [X]
S2 14316445; %SystemRoot%\28240344.exe [X]
S2 15210159; %SystemRoot%\29419992.exe [X]
S2 18228607; %SystemRoot%\35055144.exe [X]
S2 18317996; %SystemRoot%\22014424.exe [X]
S2 19502979; %SystemRoot%\21226096.exe [X]
S2 23996572; %SystemRoot%\21817816.exe [X]
S2 26256185; %SystemRoot%\17885656.exe [X]
S2 2843243; %SystemRoot%\30335464.exe [X]
S2 31440597; %SystemRoot%\30206424.exe [X]
S2 3268454; %SystemRoot%\15524712.exe [X]
S2 4495434; %SystemRoot%\23914968.exe [X]
S2 4981969; %SystemRoot%\15460824.exe [X]
S2 5594461; %SystemRoot%\22340920.exe [X]
S2 7881061; %SystemRoot%\11266520.exe [X]
S2 842202; %SystemRoot%\30599640.exe [X]
S2 8734511; %SystemRoot%\22669784.exe [X]
S2 9231327; %SystemRoot%\33809352.exe [X]
S2 936692; %SystemRoot%\39970648.exe [X]
S2 9684682; %SystemRoot%\23651032.exe [X]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 TechnicalSvc; %SystemDrive%\techsvc.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [59904 2017-09-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23936 2016-02-09] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2013-07-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [215024 2013-07-25] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59616 2013-07-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [477584 2013-07-25] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87816 2013-07-25] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [180720 2013-07-25] (McAfee, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-12-06] ()
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-12-05] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-12-05] (Zemana Ltd.)
U3 mfeavfk01; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-06 15:48 - 2017-12-06 15:48 - 000063211 _____ C:\Users\pharmadmin\Desktop\FRST.txt
2017-12-06 15:44 - 2017-12-06 15:44 - 000000000 ____D C:\FRST
2017-12-06 15:44 - 2017-12-06 15:40 - 001752064 _____ (Farbar) C:\Users\pharmadmin\Desktop\FRST.exe
2017-12-06 15:43 - 2017-12-06 15:43 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-12-06 15:43 - 2017-12-06 15:43 - 000000000 ____D C:\ProgramData\RogueKiller
2017-12-06 15:42 - 2017-12-06 15:28 - 022471752 _____ (Adlice Software) C:\Users\pharmadmin\Desktop\RogueKiller_portable32.exe
2017-12-06 15:19 - 2017-12-06 15:42 - 000000000 ____D C:\ProgramData\HitmanPro
2017-12-05 15:51 - 2017-12-05 15:51 - 008454144 _____ C:\tmp.edb
2017-12-05 15:51 - 2017-12-05 15:51 - 000001824 _____ C:\grabber_temp.INTEG.RAW
2017-12-05 14:35 - 2017-12-05 14:35 - 000000000 __SHD C:\Users\pharmadmin\AppData\Roaming\AMMYY
2017-12-05 14:33 - 2017-12-06 15:48 - 000113988 _____ C:\Windows\ZAM.krnl.trace
2017-12-05 14:33 - 2017-12-06 15:48 - 000068787 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-12-05 14:33 - 2017-12-05 14:33 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2017-12-05 14:33 - 2017-12-05 14:33 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2017-12-05 14:33 - 2017-12-05 14:33 - 000001892 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-12-05 14:33 - 2017-12-05 14:33 - 000000000 ____D C:\Users\pharmadmin\AppData\Local\Zemana
2017-12-05 14:33 - 2017-12-05 14:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-12-05 14:33 - 2017-12-05 14:33 - 000000000 ____D C:\Program Files\Zemana AntiMalware
2017-12-05 14:21 - 2017-12-04 15:28 - 006625600 _____ (Zemana Ltd. ) C:\Users\pharmadmin\Desktop\Zemana.AntiMalware.Setup.exe
2017-12-04 21:10 - 2017-12-04 21:11 - 000000000 __SHD C:\ProgramData\AMMYY
2017-12-04 15:57 - 2017-12-06 15:42 - 000001914 _____ C:\Users\pharmadmin\Desktop\Rkill.txt
2017-12-04 15:57 - 2017-12-04 15:09 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\pharmadmin\Desktop\rkill.exe
2017-12-04 14:59 - 2017-12-04 14:59 - 000240640 _____ (MuleSoft) C:\ProgramData\wTnQYGgV.exe
2017-12-04 10:32 - 2017-12-04 10:32 - 000000000 ____D C:\Users\pharmadmin\AppData\Roaming\Malwarebytes
2017-12-04 10:27 - 2017-12-04 10:27 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\2145820B.sys
2017-12-04 10:24 - 2017-12-06 13:10 - 000000000 ____D C:\Users\pharmadmin\AppData\Roaming\services
2017-12-04 10:24 - 2017-12-04 16:06 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-12-04 10:24 - 2017-12-04 16:04 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-04 10:24 - 2017-12-04 10:24 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\6C735199.sys
2017-12-04 10:23 - 2017-12-04 15:53 - 000000000 ____D C:\Users\pharmadmin\Desktop\mbar
2017-12-01 10:28 - 2017-12-01 10:28 - 000000000 ____D C:\Users\vib17115\AppData\Roaming\Sun
2017-12-01 10:28 - 2017-12-01 10:28 - 000000000 ____D C:\Users\vib17115\AppData\LocalLow\Sun
2017-12-01 10:23 - 2017-12-01 10:23 - 000001417 _____ C:\Users\vib17115\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-12-01 10:23 - 2017-12-01 10:23 - 000000000 ____D C:\Users\vib17115\AppData\Roaming\Umetrics
2017-12-01 10:23 - 2017-12-01 10:23 - 000000000 ____D C:\Users\vib17115\AppData\Roaming\McAfee
2017-12-01 10:23 - 2017-12-01 10:23 - 000000000 ____D C:\Users\vib17115\AppData\Roaming\Adobe
2017-12-01 10:23 - 2017-12-01 10:23 - 000000000 ____D C:\Users\vib17115\AppData\Local\x-formation
2017-12-01 10:23 - 2017-12-01 10:23 - 000000000 ____D C:\Users\vib17115\AppData\Local\Google
2017-12-01 10:23 - 2017-12-01 10:23 - 000000000 ____D C:\Users\vib17115\AppData\Local\Conexant
2017-12-01 10:22 - 2017-12-01 10:23 - 000000000 ____D C:\Users\vib17115
2017-12-01 10:22 - 2017-12-01 10:22 - 000001682 __RSH C:\Users\vib17115\ntuser.pol
2017-12-01 10:22 - 2017-12-01 10:22 - 000000020 ___SH C:\Users\vib17115\ntuser.ini
2017-12-01 10:22 - 2013-09-13 04:02 - 000000000 ____D C:\Users\vib17115\AppData\Local\Microsoft Help
2017-12-01 10:22 - 2013-08-26 09:43 - 000000000 ____D C:\Users\vib17115\Desktop\Phys & Pharm
2017-12-01 10:22 - 2013-08-26 09:43 - 000000000 ____D C:\Users\vib17115\Desktop\Pharm sci
2017-12-01 10:22 - 2013-08-08 11:28 - 000001876 _____ C:\Users\vib17115\Desktop\Minitab 16 Statistical Software.lnk
2017-12-01 10:22 - 2013-08-05 08:31 - 000001020 _____ C:\Users\vib17115\Desktop\Pharmacy Manager.vbe
2017-12-01 10:22 - 2009-07-14 07:26 - 000000000 ____D C:\Users\vib17115\AppData\Roaming\Media Center Programs
2017-11-30 11:33 - 2017-11-30 11:33 - 000278528 _____ C:\ProgramData\l.exe
2017-11-22 14:48 - 2017-11-22 14:48 - 000000000 ____D C:\Users\xnb17192\AppData\Roaming\Sun
2017-11-22 14:48 - 2017-11-22 14:48 - 000000000 ____D C:\Users\xnb17192\AppData\LocalLow\Sun
2017-11-22 14:45 - 2017-11-22 14:45 - 000052328 _____ C:\Users\xnb17192\Downloads\Minitab Notes - Entering Data.pdf
2017-11-22 14:44 - 2017-11-22 14:44 - 000000000 ____D C:\Users\xnb17192\AppData\Local\Conexant
2017-11-22 14:43 - 2017-11-22 14:51 - 000000000 ____D C:\Users\xnb17192\AppData\Local\Google
2017-11-22 14:43 - 2017-11-22 14:43 - 000000000 ____D C:\Users\xnb17192\AppData\Roaming\McAfee
2017-11-22 14:42 - 2017-11-22 14:43 - 000000000 ____D C:\Users\xnb17192
2017-11-22 14:42 - 2017-11-22 14:42 - 000001682 __RSH C:\Users\xnb17192\ntuser.pol
2017-11-22 14:42 - 2017-11-22 14:42 - 000001417 _____ C:\Users\xnb17192\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-11-22 14:42 - 2017-11-22 14:42 - 000000020 ___SH C:\Users\xnb17192\ntuser.ini
2017-11-22 14:42 - 2017-11-22 14:42 - 000000000 ____D C:\Users\xnb17192\AppData\Roaming\Adobe
2017-11-22 14:42 - 2013-09-13 04:02 - 000000000 ____D C:\Users\xnb17192\AppData\Local\Microsoft Help
2017-11-22 14:42 - 2013-08-26 09:43 - 000000000 ____D C:\Users\xnb17192\Desktop\Phys & Pharm
2017-11-22 14:42 - 2013-08-26 09:43 - 000000000 ____D C:\Users\xnb17192\Desktop\Pharm sci
2017-11-22 14:42 - 2013-08-08 11:28 - 000001876 _____ C:\Users\xnb17192\Desktop\Minitab 16 Statistical Software.lnk
2017-11-22 14:42 - 2013-08-05 08:31 - 000001020 _____ C:\Users\xnb17192\Desktop\Pharmacy Manager.vbe
2017-11-22 14:42 - 2009-07-14 07:26 - 000000000 ____D C:\Users\xnb17192\AppData\Roaming\Media Center Programs
2017-11-22 12:26 - 2017-11-22 12:26 - 000000972 _____ C:\Users\rqb15183\Downloads\experimental_results (1).csv
2017-11-22 12:23 - 2017-11-22 12:23 - 000000936 _____ C:\Users\rqb15183\Downloads\experimental_results.csv
2017-11-22 11:33 - 2017-11-22 11:33 - 000000000 ____D C:\Users\rqb15183\AppData\Roaming\Sun
2017-11-22 11:33 - 2017-11-22 11:33 - 000000000 ____D C:\Users\rqb15183\AppData\LocalLow\Sun
2017-11-22 11:28 - 2017-11-22 11:28 - 000000000 ____D C:\Users\rqb15183\AppData\Local\Conexant
2017-11-22 11:27 - 2017-11-22 11:35 - 000000000 ____D C:\Users\rqb15183\AppData\Local\Google
2017-11-22 11:27 - 2017-11-22 11:27 - 000001417 _____ C:\Users\rqb15183\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-11-22 11:27 - 2017-11-22 11:27 - 000000000 ____D C:\Users\rqb15183\AppData\Roaming\McAfee
2017-11-22 11:27 - 2017-11-22 11:27 - 000000000 ____D C:\Users\rqb15183\AppData\Roaming\Adobe
2017-11-22 11:26 - 2017-11-22 11:27 - 000000000 ____D C:\Users\rqb15183
2017-11-22 11:26 - 2017-11-22 11:26 - 000001682 __RSH C:\Users\rqb15183\ntuser.pol
2017-11-22 11:26 - 2017-11-22 11:26 - 000000020 ___SH C:\Users\rqb15183\ntuser.ini
2017-11-22 11:26 - 2013-09-13 04:02 - 000000000 ____D C:\Users\rqb15183\AppData\Local\Microsoft Help
2017-11-22 11:26 - 2013-08-26 09:43 - 000000000 ____D C:\Users\rqb15183\Desktop\Phys & Pharm
2017-11-22 11:26 - 2013-08-26 09:43 - 000000000 ____D C:\Users\rqb15183\Desktop\Pharm sci
2017-11-22 11:26 - 2013-08-08 11:28 - 000001876 _____ C:\Users\rqb15183\Desktop\Minitab 16 Statistical Software.lnk
2017-11-22 11:26 - 2013-08-05 08:31 - 000001020 _____ C:\Users\rqb15183\Desktop\Pharmacy Manager.vbe
2017-11-22 11:26 - 2009-07-14 07:26 - 000000000 ____D C:\Users\rqb15183\AppData\Roaming\Media Center Programs
2017-11-20 11:14 - 2017-11-20 11:14 - 000000000 ____D C:\Users\kfb16185\AppData\Roaming\Sun
2017-11-20 11:14 - 2017-11-20 11:14 - 000000000 ____D C:\Users\kfb16185\AppData\LocalLow\Sun
2017-11-20 11:09 - 2017-11-20 11:18 - 000000000 ____D C:\Users\kfb16185\AppData\Local\Google
2017-11-20 11:09 - 2017-11-20 11:09 - 000000000 ____D C:\Users\kfb16185\AppData\Roaming\McAfee
2017-11-20 11:09 - 2017-11-20 11:09 - 000000000 ____D C:\Users\kfb16185\AppData\Local\Conexant
2017-11-20 11:08 - 2017-11-20 11:09 - 000000000 ____D C:\Users\kfb16185
2017-11-20 11:08 - 2017-11-20 11:08 - 000001682 __RSH C:\Users\kfb16185\ntuser.pol
2017-11-20 11:08 - 2017-11-20 11:08 - 000001417 _____ C:\Users\kfb16185\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-11-20 11:08 - 2017-11-20 11:08 - 000000020 ___SH C:\Users\kfb16185\ntuser.ini
2017-11-20 11:08 - 2017-11-20 11:08 - 000000000 ____D C:\Users\kfb16185\AppData\Roaming\Adobe
2017-11-20 11:08 - 2013-09-13 04:02 - 000000000 ____D C:\Users\kfb16185\AppData\Local\Microsoft Help
2017-11-20 11:08 - 2013-08-26 09:43 - 000000000 ____D C:\Users\kfb16185\Desktop\Phys & Pharm
2017-11-20 11:08 - 2013-08-26 09:43 - 000000000 ____D C:\Users\kfb16185\Desktop\Pharm sci
2017-11-20 11:08 - 2013-08-08 11:28 - 000001876 _____ C:\Users\kfb16185\Desktop\Minitab 16 Statistical Software.lnk
2017-11-20 11:08 - 2013-08-05 08:31 - 000001020 _____ C:\Users\kfb16185\Desktop\Pharmacy Manager.vbe
2017-11-20 11:08 - 2009-07-14 07:26 - 000000000 ____D C:\Users\kfb16185\AppData\Roaming\Media Center Programs
2017-11-20 09:17 - 2017-11-20 09:17 - 000000000 ____D C:\Users\fsb16191\AppData\Roaming\Sun
2017-11-20 09:17 - 2017-11-20 09:17 - 000000000 ____D C:\Users\fsb16191\AppData\LocalLow\Sun
2017-11-20 09:12 - 2017-11-20 09:20 - 000000000 ____D C:\Users\fsb16191\AppData\Local\Google
2017-11-20 09:12 - 2017-11-20 09:12 - 000001417 _____ C:\Users\fsb16191\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-11-20 09:12 - 2017-11-20 09:12 - 000000000 ____D C:\Users\fsb16191\AppData\Roaming\McAfee
2017-11-20 09:12 - 2017-11-20 09:12 - 000000000 ____D C:\Users\fsb16191\AppData\Roaming\Adobe
2017-11-20 09:12 - 2017-11-20 09:12 - 000000000 ____D C:\Users\fsb16191\AppData\Local\Conexant
2017-11-20 09:11 - 2017-11-20 09:12 - 000000000 ____D C:\Users\fsb16191
2017-11-20 09:11 - 2017-11-20 09:11 - 000001682 __RSH C:\Users\fsb16191\ntuser.pol
2017-11-20 09:11 - 2017-11-20 09:11 - 000000020 ___SH C:\Users\fsb16191\ntuser.ini
2017-11-20 09:11 - 2013-09-13 04:02 - 000000000 ____D C:\Users\fsb16191\AppData\Local\Microsoft Help
2017-11-20 09:11 - 2013-08-26 09:43 - 000000000 ____D C:\Users\fsb16191\Desktop\Phys & Pharm
2017-11-20 09:11 - 2013-08-26 09:43 - 000000000 ____D C:\Users\fsb16191\Desktop\Pharm sci
2017-11-20 09:11 - 2013-08-08 11:28 - 000001876 _____ C:\Users\fsb16191\Desktop\Minitab 16 Statistical Software.lnk
2017-11-20 09:11 - 2013-08-05 08:31 - 000001020 _____ C:\Users\fsb16191\Desktop\Pharmacy Manager.vbe
2017-11-20 09:11 - 2009-07-14 07:26 - 000000000 ____D C:\Users\fsb16191\AppData\Roaming\Media Center Programs
2017-11-17 14:01 - 2017-11-17 14:01 - 002276352 _____ (Strathclyde Institute for Pharmacy & Biomedical Sciences) C:\Users\prb17147\Desktop\Ratcvs.exe
2017-11-17 13:39 - 2017-11-17 13:39 - 000000000 ____D C:\Users\prb17147\AppData\Roaming\Sun
2017-11-17 13:39 - 2017-11-17 13:39 - 000000000 ____D C:\Users\prb17147\AppData\LocalLow\Sun
2017-11-17 13:34 - 2017-11-17 13:34 - 000000000 ____D C:\Users\prb17147\AppData\Local\Conexant
2017-11-17 13:33 - 2017-11-17 13:33 - 000001682 __RSH C:\Users\prb17147\ntuser.pol
2017-11-17 13:33 - 2017-11-17 13:33 - 000001417 _____ C:\Users\prb17147\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-11-17 13:33 - 2017-11-17 13:33 - 000000020 ___SH C:\Users\prb17147\ntuser.ini
2017-11-17 13:33 - 2017-11-17 13:33 - 000000000 ____D C:\Users\prb17147\AppData\Roaming\McAfee
2017-11-17 13:33 - 2017-11-17 13:33 - 000000000 ____D C:\Users\prb17147\AppData\Roaming\Adobe
2017-11-17 13:33 - 2017-11-17 13:33 - 000000000 ____D C:\Users\prb17147\AppData\Local\Google
2017-11-17 13:33 - 2013-09-13 04:02 - 000000000 ____D C:\Users\prb17147\AppData\Local\Microsoft Help
2017-11-17 13:33 - 2013-08-26 09:43 - 000000000 ____D C:\Users\prb17147\Desktop\Phys & Pharm
2017-11-17 13:33 - 2013-08-26 09:43 - 000000000 ____D C:\Users\prb17147\Desktop\Pharm sci
2017-11-17 13:33 - 2013-08-08 11:28 - 000001876 _____ C:\Users\prb17147\Desktop\Minitab 16 Statistical Software.lnk
2017-11-17 13:33 - 2013-08-05 08:31 - 000001020 _____ C:\Users\prb17147\Desktop\Pharmacy Manager.vbe
2017-11-17 13:33 - 2009-07-14 07:26 - 000000000 ____D C:\Users\prb17147\AppData\Roaming\Media Center Programs
2017-11-17 13:32 - 2017-11-17 13:33 - 000000000 ____D C:\Users\prb17147
2017-11-17 09:37 - 2017-11-17 09:37 - 002276352 _____ (Strathclyde Institute for Pharmacy & Biomedical Sciences) C:\Users\Locald\Downloads\Ratcvs.exe
2017-11-15 01:27 - 2017-10-18 06:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-15 01:27 - 2017-10-18 01:55 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-15 01:27 - 2017-10-18 01:55 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-15 01:27 - 2017-10-18 01:55 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-15 01:27 - 2017-10-18 01:55 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-11-15 01:27 - 2017-10-18 01:55 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-11-15 01:27 - 2017-10-18 01:55 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-11-15 01:27 - 2017-10-18 01:55 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-11-15 01:27 - 2017-10-16 22:49 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-15 01:27 - 2017-10-16 22:25 - 002402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-15 01:27 - 2017-10-16 21:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2017-11-15 01:27 - 2017-10-14 07:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-15 01:27 - 2017-10-14 07:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-11-15 01:27 - 2017-10-14 07:03 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-11-15 01:27 - 2017-10-14 06:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-15 01:27 - 2017-10-14 06:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-11-15 01:27 - 2017-10-14 06:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-11-15 01:27 - 2017-10-14 06:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-11-15 01:27 - 2017-10-14 06:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-11-15 01:27 - 2017-10-14 06:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-15 01:27 - 2017-10-14 06:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-11-15 01:27 - 2017-10-14 06:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-11-15 01:27 - 2017-10-14 06:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-11-15 01:27 - 2017-10-14 06:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-15 01:27 - 2017-10-14 06:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-11-15 01:27 - 2017-10-14 06:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-11-15 01:27 - 2017-10-14 06:45 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-11-15 01:27 - 2017-10-14 06:41 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-11-15 01:27 - 2017-10-14 06:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-11-15 01:27 - 2017-10-14 06:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-11-15 01:27 - 2017-10-14 06:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-11-15 01:27 - 2017-10-14 06:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-11-15 01:27 - 2017-10-14 06:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-15 01:27 - 2017-10-14 06:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-11-15 01:27 - 2017-10-14 06:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-11-15 01:27 - 2017-10-14 06:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-11-15 01:27 - 2017-10-14 06:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-11-15 01:27 - 2017-10-14 06:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-15 01:27 - 2017-10-14 06:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-15 01:27 - 2017-10-14 06:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-15 01:27 - 2017-10-14 06:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-15 01:27 - 2017-10-14 06:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-15 01:27 - 2017-10-14 06:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-11-15 01:27 - 2017-10-14 06:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-15 01:27 - 2017-10-14 06:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-15 01:27 - 2017-10-14 06:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-15 01:27 - 2017-10-12 00:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-11-15 01:27 - 2017-10-12 00:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-11-15 01:27 - 2017-10-12 00:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-15 01:27 - 2017-10-12 00:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-15 01:27 - 2017-10-12 00:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-11-15 01:27 - 2017-10-12 00:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-11-15 01:27 - 2017-10-12 00:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-11-15 01:27 - 2017-10-12 00:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-11-15 01:27 - 2017-10-12 00:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-11-15 01:27 - 2017-10-12 00:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-11-15 01:27 - 2017-10-12 00:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-11-15 01:27 - 2017-10-12 00:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-11-15 01:27 - 2017-10-12 00:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-11-15 01:27 - 2017-10-12 00:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-11-15 01:27 - 2017-10-12 00:37 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-11-15 01:27 - 2017-10-12 00:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-11-15 01:27 - 2017-10-12 00:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-11-15 01:27 - 2017-10-12 00:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-11-15 01:27 - 2017-10-12 00:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-11-15 01:27 - 2017-10-12 00:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-11-15 01:27 - 2017-10-12 00:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-11-15 01:27 - 2017-10-12 00:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-11-15 01:27 - 2017-10-12 00:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-11-15 01:27 - 2017-10-12 00:16 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-11-15 01:27 - 2017-10-12 00:14 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-15 01:27 - 2017-09-07 13:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-15 01:27 - 2017-09-07 13:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-11-15 01:27 - 2017-09-07 13:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-11-15 01:27 - 2017-09-07 13:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-15 01:27 - 2017-09-07 13:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-11-15 01:27 - 2017-09-07 13:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-15 01:27 - 2017-09-07 13:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-15 01:27 - 2017-09-07 13:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-15 01:27 - 2017-09-07 13:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-11-15 01:27 - 2017-09-07 13:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-11-15 01:27 - 2017-09-07 13:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-15 01:27 - 2017-09-07 13:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-11-15 01:27 - 2017-09-07 13:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-15 01:27 - 2017-09-07 13:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-15 01:27 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-15 01:27 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-15 01:27 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-15 01:27 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-11-15 01:27 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-15 01:27 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-15 01:27 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-15 01:27 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-11-15 01:27 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-11-13 11:56 - 2017-11-13 11:56 - 000637952 _____ () C:\Users\gwb16172\Downloads\Biograph (4).exe
2017-11-13 11:05 - 2017-11-13 11:05 - 000637952 _____ () C:\Users\gwb16172\Downloads\Biograph.exe
2017-11-13 11:05 - 2017-11-13 11:05 - 000637952 _____ () C:\Users\gwb16172\Downloads\Biograph (3).exe
2017-11-13 11:05 - 2017-11-13 11:05 - 000637952 _____ () C:\Users\gwb16172\Downloads\Biograph (2).exe
2017-11-13 11:05 - 2017-11-13 11:05 - 000637952 _____ () C:\Users\gwb16172\Downloads\Biograph (1).exe
2017-11-13 11:02 - 2017-11-13 11:10 - 000000000 ____D C:\Users\gwb16172\AppData\Local\Google
2017-11-13 09:18 - 2017-11-13 09:18 - 000637952 _____ () C:\Users\Locald\Downloads\Biograph.exe
2017-11-09 13:39 - 2017-11-09 13:39 - 006414848 _____ (Strathclyde Institute for Pharmacy & Biomedical Sciences) C:\Users\ppclass\Downloads\OBSim (1).exe
2017-11-09 09:47 - 2017-11-09 09:47 - 000042714 _____ C:\Users\ppclass\Downloads\Week 8 lab - Unknown drugs 2017-18.pdf
2017-11-09 09:38 - 2017-11-09 09:38 - 006414848 _____ (Strathclyde Institute for Pharmacy & Biomedical Sciences) C:\Users\ppclass\Downloads\OBSim.exe
2017-11-08 13:26 - 2017-11-09 09:40 - 000000000 ____D C:\Users\ppclass\AppData\Local\Google
2017-11-07 09:52 - 2017-11-07 09:52 - 000000000 ____D C:\Users\gvb15173\AppData\Roaming\EndNote
2017-11-07 09:43 - 2017-11-07 09:43 - 000000000 ____D C:\Users\gvb15173\AppData\Roaming\Sun
2017-11-07 09:43 - 2017-11-07 09:43 - 000000000 ____D C:\Users\gvb15173\AppData\LocalLow\Sun
2017-11-07 09:38 - 2017-11-07 09:38 - 000000000 ____D C:\Users\gvb15173\AppData\Roaming\McAfee
2017-11-07 09:38 - 2017-11-07 09:38 - 000000000 ____D C:\Users\gvb15173\AppData\Local\Conexant
2017-11-07 09:37 - 2017-11-07 09:45 - 000000000 ____D C:\Users\gvb15173\AppData\Local\Google
2017-11-07 09:37 - 2017-11-07 09:37 - 000001682 __RSH C:\Users\gvb15173\ntuser.pol
2017-11-07 09:37 - 2017-11-07 09:37 - 000001417 _____ C:\Users\gvb15173\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-11-07 09:37 - 2017-11-07 09:37 - 000000000 ____D C:\Users\gvb15173\AppData\Roaming\Adobe
2017-11-07 09:36 - 2017-11-07 09:37 - 000000000 ____D C:\Users\gvb15173
2017-11-07 09:36 - 2017-11-07 09:36 - 000000020 ___SH C:\Users\gvb15173\ntuser.ini
2017-11-07 09:36 - 2013-09-13 04:02 - 000000000 ____D C:\Users\gvb15173\AppData\Local\Microsoft Help
2017-11-07 09:36 - 2013-08-26 09:43 - 000000000 ____D C:\Users\gvb15173\Desktop\Phys & Pharm
2017-11-07 09:36 - 2013-08-26 09:43 - 000000000 ____D C:\Users\gvb15173\Desktop\Pharm sci
2017-11-07 09:36 - 2013-08-08 11:28 - 000001876 _____ C:\Users\gvb15173\Desktop\Minitab 16 Statistical Software.lnk
2017-11-07 09:36 - 2013-08-05 08:31 - 000001020 _____ C:\Users\gvb15173\Desktop\Pharmacy Manager.vbe
2017-11-07 09:36 - 2009-07-14 07:26 - 000000000 ____D C:\Users\gvb15173\AppData\Roaming\Media Center Programs
2017-11-06 11:19 - 2017-11-06 11:19 - 000000000 ____D C:\Users\yxb16177\AppData\Roaming\Sun
2017-11-06 11:19 - 2017-11-06 11:19 - 000000000 ____D C:\Users\yxb16177\AppData\LocalLow\Sun
2017-11-06 11:14 - 2017-11-06 11:14 - 000001417 _____ C:\Users\yxb16177\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-11-06 11:14 - 2017-11-06 11:14 - 000000000 ____D C:\Users\yxb16177\AppData\Roaming\McAfee
2017-11-06 11:14 - 2017-11-06 11:14 - 000000000 ____D C:\Users\yxb16177\AppData\Roaming\Adobe
2017-11-06 11:14 - 2017-11-06 11:14 - 000000000 ____D C:\Users\yxb16177\AppData\Local\Google
2017-11-06 11:14 - 2017-11-06 11:14 - 000000000 ____D C:\Users\yxb16177\AppData\Local\Conexant
2017-11-06 11:13 - 2017-11-06 11:14 - 000000000 ____D C:\Users\yxb16177
2017-11-06 11:13 - 2017-11-06 11:13 - 000001682 __RSH C:\Users\yxb16177\ntuser.pol
2017-11-06 11:13 - 2017-11-06 11:13 - 000000020 ___SH C:\Users\yxb16177\ntuser.ini
2017-11-06 11:13 - 2013-09-13 04:02 - 000000000 ____D C:\Users\yxb16177\AppData\Local\Microsoft Help
2017-11-06 11:13 - 2013-08-26 09:43 - 000000000 ____D C:\Users\yxb16177\Desktop\Phys & Pharm
2017-11-06 11:13 - 2013-08-26 09:43 - 000000000 ____D C:\Users\yxb16177\Desktop\Pharm sci
2017-11-06 11:13 - 2013-08-08 11:28 - 000001876 _____ C:\Users\yxb16177\Desktop\Minitab 16 Statistical Software.lnk
2017-11-06 11:13 - 2013-08-05 08:31 - 000001020 _____ C:\Users\yxb16177\Desktop\Pharmacy Manager.vbe
2017-11-06 11:13 - 2009-07-14 07:26 - 000000000 ____D C:\Users\yxb16177\AppData\Roaming\Media Center Programs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-06 15:45 - 2015-11-27 09:40 - 000000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1482476501-839522115-309770UA.job
2017-12-06 15:18 - 2017-10-18 10:31 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-12-06 15:17 - 2013-07-31 13:37 - 000000000 ____D C:\Users\pharmadmin
2017-12-06 15:16 - 2013-07-31 13:33 - 000000240 _____ C:\Windows\system32\config\netlogon.ftl
2017-12-06 13:27 - 2017-09-20 23:32 - 000000000 ____D C:\QUARANTINE
2017-12-06 13:20 - 2009-07-14 04:34 - 000015280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-06 13:20 - 2009-07-14 04:34 - 000015280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-06 13:16 - 2013-07-25 08:36 - 000819282 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-06 13:16 - 2009-07-14 02:37 - 000000000 ____D C:\Windows\inf
2017-12-06 13:12 - 2017-10-18 10:31 - 000000000 ____D C:\ProgramData\sccomm
2017-12-06 13:12 - 2009-07-14 04:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-06 10:30 - 2017-10-18 11:31 - 000170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-12-06 09:45 - 2015-11-27 09:40 - 000000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1482476501-839522115-309770Core.job
2017-12-05 19:12 - 2009-07-14 04:52 - 000000000 ____D C:\Windows\Performance
2017-12-05 16:50 - 2017-10-24 12:25 - 000000016 _____ C:\lastver
2017-12-04 10:22 - 2013-07-31 13:37 - 000001682 __RSH C:\Users\pharmadmin\ntuser.pol
2017-12-01 10:36 - 2015-12-17 08:57 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-30 11:26 - 2017-10-20 11:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2017-11-30 11:26 - 2017-10-18 10:31 - 000000000 ____D C:\Program Files\Malwarebytes' Managed Client
2017-11-30 11:26 - 2017-10-18 10:31 - 000000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2017-11-27 12:36 - 2013-08-01 13:05 - 000000000 ____D C:\PMBackup
2017-11-20 14:48 - 2009-07-14 04:46 - 000001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-11-17 12:53 - 2009-07-14 02:37 - 000000000 ____D C:\Windows\rescache
2017-11-17 12:16 - 2009-07-14 04:33 - 000403696 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-17 10:21 - 2013-08-26 09:17 - 000109336 _____ C:\Users\Locald\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-15 21:22 - 2017-09-13 13:02 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-15 21:22 - 2017-09-13 13:02 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-15 09:13 - 2017-10-26 05:13 - 005996544 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2017-11-15 09:13 - 2013-08-08 09:31 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-11-15 09:13 - 2013-08-08 09:31 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-11-15 09:13 - 2013-08-08 09:31 - 000000000 ____D C:\Windows\system32\Macromed
2017-11-06 12:36 - 2009-07-14 02:37 - 000000000 ____D C:\Windows\tracing

==================== Files in the root of some directories =======

2017-11-30 11:33 - 2017-11-30 11:33 - 000278528 _____ () C:\ProgramData\l.exe
2017-12-04 14:59 - 2017-12-04 14:59 - 000240640 _____ (MuleSoft) C:\ProgramData\wTnQYGgV.exe

Some files in TEMP:
====================
2015-02-24 18:32 - 2015-02-24 18:32 - 000561576 _____ (Oracle Corporation) C:\Users\dkb13193\AppData\Local\Temp\jre-8u40-windows-au.exe
2014-07-11 21:12 - 2014-07-11 21:12 - 000918952 _____ (Oracle Corporation) C:\Users\Locald\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
2016-07-22 08:30 - 2016-07-22 08:30 - 000741440 _____ (Oracle Corporation) C:\Users\Locald\AppData\Local\Temp\jre-8u101-windows-au.exe
2017-07-19 03:58 - 2017-07-19 03:58 - 000739904 _____ (Oracle Corporation) C:\Users\Locald\AppData\Local\Temp\jre-8u141-windows-au.exe
2017-07-31 03:58 - 2017-07-31 03:58 - 000740416 _____ (Oracle Corporation) C:\Users\Locald\AppData\Local\Temp\jre-8u144-windows-au.exe
2014-12-18 17:29 - 2014-12-18 17:29 - 000641448 _____ (Oracle Corporation) C:\Users\Locald\AppData\Local\Temp\jre-8u31-windows-au.exe
2015-04-30 23:37 - 2015-04-30 23:37 - 000562272 _____ (Oracle Corporation) C:\Users\Locald\AppData\Local\Temp\jre-8u45-windows-au.exe
2015-06-12 22:21 - 2015-06-12 22:21 - 000563808 _____ (Oracle Corporation) C:\Users\Locald\AppData\Local\Temp\jre-8u51-windows-au.exe
2015-10-22 11:41 - 2015-10-22 11:41 - 000585824 _____ (Oracle Corporation) C:\Users\Locald\AppData\Local\Temp\jre-8u65-windows-au.exe
2016-06-28 08:30 - 2016-06-28 08:30 - 000739904 _____ (Oracle Corporation) C:\Users\Locald\AppData\Local\Temp\jre-8u91-windows-au.exe
2017-12-06 15:43 - 2017-09-13 15:10 - 001310528 _____ (Microsoft Corporation) C:\Users\pharmadmin\AppData\Local\Temp\dllnt_dump.dll
2016-02-05 21:34 - 2016-02-05 21:34 - 000736352 _____ (Oracle Corporation) C:\Users\pkb14181\AppData\Local\Temp\jre-8u73-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-29 00:28

==================== End of FRST.txt ============================

 

 

Addition Text:

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-11-2017
Ran by pharmadmin (06-12-2017 15:49:05)
Running from C:\Users\pharmadmin\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2013-07-25 08:32:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1395167171-484323596-84503876-500 - Administrator - Disabled) => C:\Users\Administrator
ASPNET (S-1-5-21-1395167171-484323596-84503876-1004 - Limited - Enabled)
Dominion (S-1-5-21-1395167171-484323596-84503876-1000 - Administrator - Enabled) => C:\Users\Dominion
Guest (S-1-5-21-1395167171-484323596-84503876-501 - Limited - Disabled)
Locald (S-1-5-21-1395167171-484323596-84503876-1001 - Limited - Enabled) => C:\Users\Locald
pharmacy (S-1-5-21-1395167171-484323596-84503876-1002 - Administrator - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{61B4684A-F09D-49D5-ADD8-7EA95D8EC790}) (Version: 18.1.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Accelrys Discovery Studio 4.0 Client (HKLM\...\{B7383E3D-8925-496F-9FFD-26B566603EE0}) (Version: 4.00.0000 - Accelrys Software Inc.)
Accelrys License Pack (HKLM\...\{AA408BFD-57B6-4F65-88AD-025DB3095C42}) (Version: 7.6.8 - Accelrys Software Inc.)
Accelrys MS Visual C++ Libraries 8.0 For Client (HKLM\...\{DE251188-957C-4693-99EE-B4096E925767}) (Version: 8.0.0.0 - Accelrys Software Inc.)
Accelrys Pipeline Pilot Client 9.2 (HKLM\...\{96DCBBF2-99F7-4EFF-9A2E-3760EC1A4260}) (Version: 9.2.0.0 - Accelrys Software Inc.)
Adapter Foundation Package (HKLM\...\{7132181D-3F5A-4067-8B90-396B688793B7}) (Version: 1.0.0 - NHS Scotland ePharmacy)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.2.602 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform) <==== ATTENTION
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.5.51 - Conexant)
EndNote X6 (HKLM\...\{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}) (Version: 16.0.0.6348 - Thomson Reuters)
Google Chrome (HKLM\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Chrome (HKU\S-1-5-21-1060284298-1482476501-839522115-309770\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
IBM SPSS Smartreader 19 (HKLM\...\{EF0D5825-2FDE-4F02-9B92-A4DB1D7599C8}) (Version: 19.0.0 - IBM)
IBM SPSS Statistics 24 (HKLM\...\{4762AE15-E5A3-43BF-8822-1CFC70FB147A}) (Version: 24.0.0.0 - IBM Corp)
ImageJ 1.47v (HKLM\...\ImageJ_is1) (Version:  - NIH)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Visual Fortran Redistributables on IA-32 (HKLM\...\{F4DA0EDD-E9AC-4808-8B64-8FD33C51BD0F}) (Version: 14.0.237 - Intel Corporation)
Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Malwarebytes Anti-Exploit version 1.10.2.41 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.10.2.41 - Malwarebytes)
Malwarebytes' Managed Client (HKLM\...\{C66E1FC2-3EFD-4750-80F9-BE26294B1D86}) (Version: 1.8.0.3443 - Malwarebytes)
McAfee Agent (HKLM\...\{D107EA80-023A-443C-AA79-1C4B0CB2E227}) (Version: 4.6.0.2988 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.02004 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Minitab 17 (HKLM\...\{F14DC15E-2394-4FE4-99B5-8BD5C4F1965F}) (Version: 17.3.1.0 - Minitab, Inc.) Hidden
Minitab 17 (HKLM\...\Minitab 17 17.3.1.0) (Version: 17.3.1.0 - Minitab, Inc.)
Mozilla Firefox 55.0.3 (x86 en-GB) (HKLM\...\Mozilla Firefox 55.0.3 (x86 en-GB)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Origin90 (HKLM\...\{685A89CB-DF27-42D6-A623-34F40DBBFFB2}) (Version: 9.00.00 - OriginLab Corporation)
Pharmacy Manager (HKLM\...\NDC Pharmacy) (Version:  - )
PMR Adapter 3.4 (HKLM\...\{93494F46-E069-4771-BF19-AA35BF671D1A}) (Version: 0.0.0 - NHS Scotland ePharmacy)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0019 - Realtek)
ResearchSoft Direct Export Helper (HKLM\...\ResearchSoft Direct Export Helper) (Version:  - )
Service Pack 1 for SQL Server 2008 (KB968369) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sql Server Customer Experience Improvement Program (HKLM\...\{C965F01C-76EA-4BD7-973E-46236AE312D7}) (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Umetrics MODDE 10.1 (HKLM\...\{796F732A-A032-4635-87D2-F7143EDB88ED}) (Version: 10.1.0.427 - Umetrics AB)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-12-05] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [VirusScan] -> {cda2863e-2497-4c49-9b89-06840e070a87} => C:\Program Files\McAfee\VirusScan Enterprise\shext.dll [2012-08-14] (McAfee, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [2016-02-09] (Malwarebytes Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [VirusScan] -> {cda2863e-2497-4c49-9b89-06840e070a87} => C:\Program Files\McAfee\VirusScan Enterprise\shext.dll [2012-08-14] (McAfee, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-02-22] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-12-05] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [2016-02-09] (Malwarebytes Corporation)
ContextMenuHandlers6: [VirusScan] -> {cda2863e-2497-4c49-9b89-06840e070a87} => C:\Program Files\McAfee\VirusScan Enterprise\shext.dll [2012-08-14] (McAfee, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03CCDE88-F86E-4CF3-BE9D-8D9E67D22C54} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-09-13] (Google Inc.)
Task: {1E3DE0D7-73FE-49D2-9217-D4FB936D6E42} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
Task: {3C92A378-0050-4C76-987C-0FA9A26A8E46} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {44AB389B-2B55-424A-94A2-7FDDF6FD6459} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1482476501-839522115-309770UA => C:\Users\prb15172\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-27] (Google Inc.)
Task: {56B1D63A-8977-4526-AAA1-CE2B7F3146F9} - System32\Tasks\MssUpdater => C:\Program Files\Minitab\Minitab 17\MssUpdater.exe [2016-02-19] (Minitab, Inc.)
Task: {82A56684-FAD6-44DB-8814-E58DF9CCFC98} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-15] (Adobe Systems Incorporated)
Task: {86F7F274-76E1-466E-8232-66F4F3C4FFC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-09-13] (Google Inc.)
Task: {D36F15EA-B472-41E0-A097-DCCB704F2C16} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1482476501-839522115-309770Core => C:\Users\prb15172\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1482476501-839522115-309770Core.job => C:\Users\prb15172\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1482476501-839522115-309770UA.job => C:\Users\prb15172\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2007-04-18 19:30 - 2007-04-18 19:30 - 000393216 _____ () C:\Program Files\McAfee\Common Framework\cryptocme2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 000471040 _____ () C:\Program Files\McAfee\Common Framework\ccme_base.dll
2012-08-14 19:08 - 2012-08-14 19:08 - 000150328 _____ () C:\Program Files\McAfee\VirusScan Enterprise\WscAv.dll
2014-01-14 11:21 - 2014-01-14 11:21 - 003379200 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_22add864\mscorlib.dll
2014-01-14 11:21 - 2014-01-14 11:21 - 001953792 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_43b07973\system.dll
2014-01-14 11:21 - 2014-01-14 11:21 - 002088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_585c51d9\system.xml.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 008801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-12-05 14:33 - 2017-12-05 14:33 - 000131952 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2013-07-25 14:04 - 2013-02-22 13:43 - 000094208 _____ () C:\Windows\System32\IccLibDll.dll
2013-07-25 14:07 - 2011-06-24 10:12 - 000965760 _____ () C:\Program Files\Conexant\SAII\SmartAudio.Desktop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\pharmadmin\Desktop\rkill.exe:com.apple.metadatakMDItemWhereFroms [210]
AlternateDataStreams: C:\Users\pharmadmin\Desktop\rkill.exe:com.apple.quarantine [58]
AlternateDataStreams: C:\Users\pharmadmin\Desktop\Zemana.AntiMalware.Setup.exe:com.apple.metadatakMDItemWhereFroms [300]
AlternateDataStreams: C:\Users\pharmadmin\Desktop\Zemana.AntiMalware.Setup.exe:com.apple.quarantine [58]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:04 - 2009-06-10 21:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1060284298-1482476501-839522115-10972\Control Panel\Desktop\\Wallpaper -> C:\Users\eas96120\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-10991\Control Panel\Desktop\\Wallpaper -> C:\Users\eas97118\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-189466\Control Panel\Desktop\\Wallpaper -> C:\Users\gwb09135\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-191509\Control Panel\Desktop\\Wallpaper -> C:\Users\srb09136\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-204306\Control Panel\Desktop\\Wallpaper -> C:\Users\gfb10123\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-241226\Control Panel\Desktop\\Wallpaper -> C:\Users\jrb12154\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-241234\Control Panel\Desktop\\Wallpaper -> C:\Users\yyb12160\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-249084\Control Panel\Desktop\\Wallpaper -> C:\Users\cwb12192\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-26076\Control Panel\Desktop\\Wallpaper -> C:\Users\pharmadmin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-262457\Control Panel\Desktop\\Wallpaper -> C:\Users\nwb13148\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-264133\Control Panel\Desktop\\Wallpaper -> C:\Users\qdb13154\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-264136\Control Panel\Desktop\\Wallpaper -> C:\Users\xdb13142\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-264140\Control Panel\Desktop\\Wallpaper -> C:\Users\nqb13151\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-26544\Control Panel\Desktop\\Wallpaper -> C:\Users\eas02104\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-265887\Control Panel\Desktop\\Wallpaper -> C:\Users\mkb13172\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-266290\Control Panel\Desktop\\Wallpaper -> C:\Users\xsb13189\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-267204\Control Panel\Desktop\\Wallpaper -> C:\Users\fsb13168\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-267514\Control Panel\Desktop\\Wallpaper -> C:\Users\xmb13168\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-267556\Control Panel\Desktop\\Wallpaper -> C:\Users\dkb13176\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-267578\Control Panel\Desktop\\Wallpaper -> C:\Users\pkb13174\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-267585\Control Panel\Desktop\\Wallpaper -> C:\Users\kqb13178\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-267587\Control Panel\Desktop\\Wallpaper -> C:\Users\mkb13180\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-267663\Control Panel\Desktop\\Wallpaper -> C:\Users\kwb13168\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-267672\Control Panel\Desktop\\Wallpaper -> C:\Users\xqb13169\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-267703\Control Panel\Desktop\\Wallpaper -> C:\Users\jwb13184\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-267788\Control Panel\Desktop\\Wallpaper -> C:\Users\wjb13173\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-268850\Control Panel\Desktop\\Wallpaper -> C:\Users\kqb13184\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-269316\Control Panel\Desktop\\Wallpaper -> C:\Users\dkb13193\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-269406\Control Panel\Desktop\\Wallpaper -> C:\Users\nqb13191\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-272143\Control Panel\Desktop\\Wallpaper -> C:\Users\gpb13199\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-278902\Control Panel\Desktop\\Wallpaper -> C:\Users\wrb14105\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-284636\Control Panel\Desktop\\Wallpaper -> C:\Users\ksb14129\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-285427\Control Panel\Desktop\\Wallpaper -> C:\Users\isb14165\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-285429\Control Panel\Desktop\\Wallpaper -> C:\Users\hwb14169\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-286034\Control Panel\Desktop\\Wallpaper -> C:\Users\yyb14148\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-286750\Control Panel\Desktop\\Wallpaper -> C:\Users\syb14156\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-286968\Control Panel\Desktop\\Wallpaper -> C:\Users\tmb14155\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-288235\Control Panel\Desktop\\Wallpaper -> C:\Users\rqb14187\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-288239\Control Panel\Desktop\\Wallpaper -> C:\Users\jjb14185\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-288241\Control Panel\Desktop\\Wallpaper -> C:\Users\pkb14181\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-289790\Control Panel\Desktop\\Wallpaper -> C:\Users\rkb14179\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-289791\Control Panel\Desktop\\Wallpaper -> C:\Users\vib14179\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-289802\Control Panel\Desktop\\Wallpaper -> C:\Users\njb14165\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-289809\Control Panel\Desktop\\Wallpaper -> C:\Users\ftb14172\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-289813\Control Panel\Desktop\\Wallpaper -> C:\Users\ksb14165\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-289817\Control Panel\Desktop\\Wallpaper -> C:\Users\gwb14176\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-289821\Control Panel\Desktop\\Wallpaper -> C:\Users\xdb14175\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-289822\Control Panel\Desktop\\Wallpaper -> C:\Users\wyb14166\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-289823\Control Panel\Desktop\\Wallpaper -> C:\Users\jrb14165\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-289824\Control Panel\Desktop\\Wallpaper -> C:\Users\bwb14167\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-289838\Control Panel\Desktop\\Wallpaper -> C:\Users\nxb14161\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-289841\Control Panel\Desktop\\Wallpaper -> C:\Users\ixb14163\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-289843\Control Panel\Desktop\\Wallpaper -> C:\Users\ehb14187\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-289845\Control Panel\Desktop\\Wallpaper -> C:\Users\prb14175\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-289846\Control Panel\Desktop\\Wallpaper -> C:\Users\szb14190\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-290046\Control Panel\Desktop\\Wallpaper -> C:\Users\kxb14179\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-290740\Control Panel\Desktop\\Wallpaper -> C:\Users\pjb14193\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-290745\Control Panel\Desktop\\Wallpaper -> C:\Users\ypb14174\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-291804\Control Panel\Desktop\\Wallpaper -> C:\Users\nqb14204\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-306119\Control Panel\Desktop\\Wallpaper -> C:\Users\fmb15129\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-308922\Control Panel\Desktop\\Wallpaper -> C:\Users\dsb15163\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-309515\Control Panel\Desktop\\Wallpaper -> C:\Users\yhb15177\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-309686\Control Panel\Desktop\\Wallpaper -> C:\Users\njb15177\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-309722\Control Panel\Desktop\\Wallpaper -> C:\Users\ftb15170\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-309769\Control Panel\Desktop\\Wallpaper -> C:\Users\alb15170\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-309770\Control Panel\Desktop\\Wallpaper -> C:\Users\prb15172\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-311333\Control Panel\Desktop\\Wallpaper -> C:\Users\mlb15170\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-311373\Control Panel\Desktop\\Wallpaper -> C:\Users\ykb15169\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-311383\Control Panel\Desktop\\Wallpaper -> C:\Users\isb15160\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-311386\Control Panel\Desktop\\Wallpaper -> C:\Users\jrb15158\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-311430\Control Panel\Desktop\\Wallpaper -> C:\Users\gvb15173\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-311454\Control Panel\Desktop\\Wallpaper -> C:\Users\kwb15156\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-311804\Control Panel\Desktop\\Wallpaper -> C:\Users\seb15166\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-312624\Control Panel\Desktop\\Wallpaper -> C:\Users\seb15172\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-312625\Control Panel\Desktop\\Wallpaper -> C:\Users\mlb15179\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-312752\Control Panel\Desktop\\Wallpaper -> C:\Users\rqb15183\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-315469\Control Panel\Desktop\\Wallpaper -> C:\Users\wjb15207\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-328177\Control Panel\Desktop\\Wallpaper -> C:\Users\cxb16141\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-331566\Control Panel\Desktop\\Wallpaper -> C:\Users\ngb16161\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-333412\Control Panel\Desktop\\Wallpaper -> C:\Users\npb16169\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-333454\Control Panel\Desktop\\Wallpaper -> C:\Users\yxb16177\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-333457\Control Panel\Desktop\\Wallpaper -> C:\Users\tjb16173\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-333462\Control Panel\Desktop\\Wallpaper -> C:\Users\gwb16172\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-333465\Control Panel\Desktop\\Wallpaper -> C:\Users\kfb16185\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-333468\Control Panel\Desktop\\Wallpaper -> C:\Users\psb16199\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-334120\Control Panel\Desktop\\Wallpaper -> C:\Users\fsb16191\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-334602\Control Panel\Desktop\\Wallpaper -> C:\Users\npb16187\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-344859\Control Panel\Desktop\\Wallpaper -> C:\Users\vib17115\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-350956\Control Panel\Desktop\\Wallpaper -> C:\Users\prb17147\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-356235\Control Panel\Desktop\\Wallpaper -> C:\Users\xnb17192\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-36363\Control Panel\Desktop\\Wallpaper -> C:\Users\ppclass\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-61304\Control Panel\Desktop\\Wallpaper -> C:\Users\eas03104\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1060284298-1482476501-839522115-6965\Control Panel\Desktop\\Wallpaper -> C:\Users\cecs06\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1395167171-484323596-84503876-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dominion\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1395167171-484323596-84503876-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Locald\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1395167171-484323596-84503876-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 130.159.248.50 - 130.159.228.50
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5409E406-ADA1-460D-80DB-BBA05A3CDC7E}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{77F65FE5-E4C5-436D-AE2E-E5C716AE89A8}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{57D5F2C4-D1C3-4564-8A86-00CA445709D1}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{BA0DDFBD-05CD-4E92-893E-9AD3937DCE85}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{74E2C56E-49A6-4BE0-8F4B-1829E521CDA8}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{555B6408-0A58-44B8-AC75-3749D802A7F9}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [TCP Query User{939E6D48-C664-483A-B2EC-83D8F79B62F9}C:\program files\ndc\pharmacy\bin\sunrisepmr.exe] => (Allow) C:\program files\ndc\pharmacy\bin\sunrisepmr.exe
FirewallRules: [UDP Query User{F4D14CCD-321E-442A-97FC-BE3CFC3D42EA}C:\program files\ndc\pharmacy\bin\sunrisepmr.exe] => (Allow) C:\program files\ndc\pharmacy\bin\sunrisepmr.exe
FirewallRules: [TCP Query User{61ED0F8B-A7C2-47E1-8E5D-1601E41F1219}C:\program files\ndc\pharmacy\bin\sunrisepmr.exe] => (Allow) C:\program files\ndc\pharmacy\bin\sunrisepmr.exe
FirewallRules: [UDP Query User{C99C09E5-83F0-4198-9E14-3F1E06334704}C:\program files\ndc\pharmacy\bin\sunrisepmr.exe] => (Allow) C:\program files\ndc\pharmacy\bin\sunrisepmr.exe
FirewallRules: [TCP Query User{80DCFBC3-5CA8-4F94-AEC5-E94EE950BF6A}C:\program files\imagej\imagej.exe] => (Allow) C:\program files\imagej\imagej.exe
FirewallRules: [UDP Query User{ED849764-8C3C-4427-8654-CB6A82BA7D3A}C:\program files\imagej\imagej.exe] => (Allow) C:\program files\imagej\imagej.exe
FirewallRules: [{4396826D-F9C5-4671-9990-AE1AE32AA0C0}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{D39415F1-517D-4244-92D7-EB25E69E3122}C:\program files\ndc\pharmacy\bin\sunrisecentral.exe] => (Allow) C:\program files\ndc\pharmacy\bin\sunrisecentral.exe
FirewallRules: [UDP Query User{0240779D-9677-48DC-A6EE-8F74CAB39F05}C:\program files\ndc\pharmacy\bin\sunrisecentral.exe] => (Allow) C:\program files\ndc\pharmacy\bin\sunrisecentral.exe
FirewallRules: [{D3CE0F8D-3653-4375-9663-360F6920C303}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B64BB2EA-53BE-4928-9B69-9F15CFEA7A0F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A165B5CA-4075-4D92-96C9-93087338A66E}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\stats.exe
FirewallRules: [{9797A1F7-6C7B-4C95-A6AA-C451CBFCA60A}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\stats.com
FirewallRules: [{E22E963D-00AD-453A-B3CA-6670C79ACCE6}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\WinWrapIDE.exe
FirewallRules: [{16470F34-8537-4C6A-A80B-5FDC97E52F09}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\stats.exe
FirewallRules: [{E64C6C5B-7079-4784-A330-6BE3D4A7B330}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\stats.com
FirewallRules: [{1F3BDA0E-2190-414C-9177-89DBD2EEE1CD}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\WinWrapIDE.exe
FirewallRules: [{57BE8864-A1E7-46A7-BB31-6EB4BC5C8BB2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

14-11-2017 08:15:50 Scheduled Checkpoint
15-11-2017 05:00:23 Windows Update
27-11-2017 13:00:25 Scheduled Checkpoint
29-11-2017 05:00:11 Windows Update
04-12-2017 15:50:17 Malwarebytes Anti-Rootkit Restore Point
06-12-2017 15:42:18 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/06/2017 03:47:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 30.11.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9a8

Start Time: 01d36ea938cdac80

Termination Time: 13

Application Path: C:\Users\pharmadmin\Desktop\FRST.exe

Report Id: b3ca946a-da9c-11e7-b9a2-a41f72781367

Error: (12/06/2017 03:45:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 30.11.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 16f8

Start Time: 01d36ea917a127ed

Termination Time: 11

Application Path: C:\Users\pharmadmin\Desktop\FRST.exe

Report Id:

Error: (12/06/2017 03:42:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "U:\staff\sipb-it-temp\HitmanPro_x64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/06/2017 01:12:46 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (12/06/2017 10:38:26 AM) (Source: McLogEvent) (EventID: 259) (User: NT AUTHORITY)
Description: The file C:\USERS\PHARMADMIN\APPDATA\LOCAL\TEMP\setup.exe contains the RDN/Generic.hbg Trojan. Undetermined clean error, deleted successfully. Detected using Scan engine version 5900.7806 DAT version 8736.0000.

Error: (12/06/2017 12:32:50 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack.dll".Error in manifest or policy file "C:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack.dll" on line 19.
The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (12/06/2017 12:31:20 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack200.exe".Error in manifest or policy file "C:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack200.exe" on line 19.
The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (12/06/2017 01:12:21 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (12/06/2017 01:12:20 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.

Error: (12/06/2017 01:12:21 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain DS due to the following:
There are currently no logon servers available to service the logon request.


This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (12/05/2017 07:41:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee McShield service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (12/05/2017 03:36:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TechnicalSvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/05/2017 03:36:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TechnicalSvc service to connect.

Error: (12/05/2017 03:11:25 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (12/05/2017 03:11:25 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain DS due to the following:
There are currently no logon servers available to service the logon request.


This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (12/05/2017 12:28:06 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (12/05/2017 12:28:05 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain DS due to the following:
There are currently no logon servers available to service the logon request.


This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.


==================== Memory info ===========================

Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 70%
Total physical RAM: 3496.08 MB
Available physical RAM: 1044.44 MB
Total Virtual: 6990.48 MB
Available Virtual: 4272.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:171.7 GB) NTFS
Drive u: () (Network) (Total:416.54 GB) (Free:193.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 1C055900)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 



BC AdBot (Login to Remove)

 


#2 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,207 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:37 PM

Posted 10 December 2017 - 10:15 AM

Hi strathuni,

 

My name is Tenis. I'll be assisting you with your problem.

 

Few notes before we get started:

  • I am currently in training and analyzing logs takes time.My reply need to be approved by instructor so my responses might be delayed. I will generally reply within 48 hours - if this is not possible, I will let you know.

  • Please do not seek assistance elsewhere without letting me know.

  • Please do not run any malware removal tools unless directed.

  • Make sure to read my instructions fully before attempting a step.

  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you.If you don't reply after 5 days, it'll be closed.

  • Please understand that I am a volunteer, so I may get busy in real life, and that can further delay my responses

  • Backup your data! Malware removal can be tricky and can result in unpredictable behaviour including losing all your data!

  • Please copy and paste all logs in plain text straight into your reply, do not quote or attach logs

---------

Mean while i'm analyzing your log, please post new fresh log as current log is a week old.

 

Farbar's Recovery Scan Tool

  • Download FRSTchoose your OS version and save it to your desktop.
  • Right click on FRST.exe, select Run as administrator.(Windows Vista, 7, 8, and 10 users).
  • Make sure Addition.txt is checked.Then press the Scan button
  • Please copy and paste the contents of FRST.txt and Addition.txt in your reply.


#3 strathuni

strathuni
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 11 December 2017 - 06:43 AM

Hi Tenis,

 

Thanks for the message.  It looks like we may have got some control back, the PCs have not been flagging up any issues since 6th December, think we have found the problem computer that was reinfecting the other PCs.  Perhaps we should just monitor the situation for now until we notice any other strange activity. 

 

Cheers



#4 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,207 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:37 PM

Posted 13 December 2017 - 05:18 PM

Hi strathuni,

 

It is good that you are not getting any issue right now.

 

I would like to tell you that one or more entries in your log may indicate that you are infected with Trickbot Banking Trojan.

I strongly recommend that you don't perform any banking activity on this system.If you do any banking or other financial transactions on the this PC or if it should contain any other sensitive information, please get to a clean computer and change all passwords where applicable.

 

Please read more about Trickbot below.

https://www.scmagazineuk.com/trickbot-banking-trojan-a-significant-risk-to-financial-institutions/article/681263/

 

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

 

---------------------------

If you wish to continue with malware removal please let me know and post fresh FRST log.

 

-Tenis



#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:07 AM

Posted 16 December 2017 - 07:21 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users