Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Phising Scam redirect - Browsers Now Blocked fro Running


  • This topic is locked This topic is locked
6 replies to this topic

#1 Tokentim

Tokentim

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 18 June 2018 - 06:25 AM

Thanks for looking at this, my first post. I have a Windows 7 Pro PC which I use for banking etc. I logged in today but was redirected to a portal that looked like my bank but turned out to be a scam site. My own bank texted me to alert that I had set up a new payee and that £4000 was attempting to be lifted from my account. Scanned with antivirus and found a trojan that was removed. Downloaded Hitman Pro Alert, and it to found issues. I can scan now and find no issues but Hitman Pro Alert is blocking my browsers from opening as it is seeing a threat.

 

Mitigation   CallerCheck
 
Platform     6.1.7601/x64 v739 06_5e
PID          7312
Application  C:\Program Files\Mozilla Firefox\firefox.exe
Description  Firefox 60.0.2
 
Callee Type  CreateProcess
             C:\Program Files\Mozilla Firefox\firefox.exe
 
Stack Trace
#  Address          Module                   Location
-- ---------------- ------------------------ ----------------------------------------
1  00000000773B064C kernel32.dll            
 
2  0000000000063A5D (anonymous; allocated from 0000000004F49426 in explorer.exe:2448)
                    85c0                     TEST         EAX, EAX
                    8bd8                     MOV          EBX, EAX
                    7412                     JZ           0x63a75
                    448b842490000000         MOV          R8D, [RSP+0x90]
                    8bd5                     MOV          EDX, EBP
                    488bce                   MOV          RCX, RSI
                    e893280000               CALL         0x66308
                    488b6c2468               MOV          RBP, [RSP+0x68]
                    488b742470               MOV          RSI, [RSP+0x70]
                    8bc3                     MOV          EAX, EBX
                    488b5c2460               MOV          RBX, [RSP+0x60]
                    4883c450                 ADD          RSP, 0x50
                    5f                       POP          RDI
                    c3                       RET         
 
3  00460020006D0061 (unknown)               
4  00730065006C0069 (unknown)               
5  007A006F004D005C (unknown)               
6  0061006C006C0069 (unknown)               
 
Code Injection
0000000000060000-0000000000076000   88KB C:\Windows\explorer.exe [2448]
000000013F96D000-000000013F96E000    4KB
1  C:\Windows\explorer.exe [2448]
2  C:\Windows\System32\userinit.exe [3060]
3  C:\Windows\System32\winlogon.exe [636]
winlogon.exe
 
Process Trace
1  C:\Program Files\Mozilla Firefox\firefox.exe [7312]
2  C:\Windows\explorer.exe [2448]
3  C:\Windows\System32\userinit.exe [3060]
4  C:\Windows\System32\winlogon.exe [636]
winlogon.exe
 
Thumbprint
1de5725d72f0e2beb1d9e62d76160c822a572d7832d57b736e02a7376b29f92c
 
 
Please see the FRST logs below.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Alec (administrator) on DELL3040-PC (18-06-2018 12:01:02)
Running from C:\Users\Alec\Downloads
Loaded Profiles: Alec & MSSQL$SQLEXPRESS (Available Profiles: Alec & MSSQL$SQLEXPRESS)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe
(IRIS Group Ltd.) C:\IRIS\IRISIdService.exe
() C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
(QNAP Systems, Inc.) C:\Program Files\QNAP\NetBak\NetBak.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(QNAP Systems, Inc.) C:\Program Files\QNAP\NetBak\QVssService.exe
(Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe
(Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV23\sg50CtrlSvc_v23.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV24\sg50CtrlSvc_v24.exe
(Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe
(Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV23\sg50svc_v23.exe
(Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV24\sg50svc_v24.exe
(Microsoft) C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
(Sage UK Limited) C:\Program Files (x86)\Common Files\Sage\Shared\AutoUpdateManager\v2\Sage.Central.AutoUpdateManager.Service.exe
(Sage (UK) Limited) C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497880 2015-07-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-07-01] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323040 2015-11-17] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-09-26] (Intel Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-06-04] (Dropbox, Inc.)
HKU\S-1-5-21-537663157-2847806574-2192009422-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8A3D9493-4C33-4043-9DFE-E53CF4638C02}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-537663157-2847806574-2192009422-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
HKU\S-1-5-21-537663157-2847806574-2192009422-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-537663157-2847806574-2192009422-1000 -> DefaultScope {171A245D-FE7C-499D-A2B7-2B7D928DF1D1} URL = 
SearchScopes: HKU\S-1-5-21-537663157-2847806574-2192009422-1000 -> {171A245D-FE7C-499D-A2B7-2B7D928DF1D1} URL = 
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-537663157-2847806574-2192009422-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-537663157-2847806574-2192009422-1000 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-31.1.6-6/support/ieatgpc1.cab
 
FireFox:
========
FF DefaultProfile: u9ipkni1.default
FF ProfilePath: C:\Users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\u9ipkni1.default [2018-06-18]
FF Homepage: Mozilla\Firefox\Profiles\u9ipkni1.default -> hxxps://www.google.co.uk
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Alec\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-05-06] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR Profile: C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default [2018-06-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Cisco Webex Extension) - C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-06-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-20]
CHR Extension: (Chrome Media Router) - C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-08]
CHR HKU\S-1-5-21-537663157-2847806574-2192009422-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-02-17] ()
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-17] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-06-04] (Dropbox, Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4621448 2018-06-18] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19424 2015-11-17] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359848 2015-09-11] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2672328 2014-07-30] (Invincea, Inc.)
R2 IRISIdService; C:\IRIS\IRISIdService.exe [39296 2017-10-10] (IRIS Group Ltd.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 QVssService; C:\Program Files\QNAP\NetBak\QVssService.exe [2203448 2017-02-20] (QNAP Systems, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-19] (Realtek Semiconductor)
R2 Sage 50 Accounts Control v22; C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe [2396672 2016-06-13] (Sage (UK) Ltd.) [File not signed]
R2 Sage 50 Accounts Control v23; C:\Program Files (x86)\Sage\AccountsServiceV23\sg50CtrlSvc_v23.exe [2686464 2017-07-19] (Sage (UK) Ltd.) [File not signed]
R2 Sage 50 Accounts Control v24; C:\Program Files (x86)\Sage\AccountsServiceV24\sg50CtrlSvc_v24.exe [2831872 2018-05-15] (Sage (UK) Ltd.) [File not signed]
R2 Sage 50 Accounts Service v22; C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe [3474944 2016-06-13] (Sage (UK) Ltd.) [File not signed]
R2 Sage 50 Accounts Service v23; C:\Program Files (x86)\Sage\AccountsServiceV23\sg50svc_v23.exe [4209152 2017-07-19] (Sage (UK) Ltd.) [File not signed]
R2 Sage 50 Accounts Service v24; C:\Program Files (x86)\Sage\AccountsServiceV24\sg50svc_v24.exe [4794368 2018-05-15] (Sage (UK) Ltd.) [File not signed]
R2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2015-08-24] (Microsoft) [File not signed]
R2 Sage AutoUpdate Manager Service v2; C:\Program Files (x86)\Common Files\Sage\Shared\AutoUpdateManager\v2\Sage.Central.AutoUpdateManager.Service.exe [8192 2017-10-12] (Sage UK Limited) [File not signed]
R2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [43008 2017-06-30] (Sage (UK) Limited) [File not signed]
S2 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [173256 2014-07-30] (Invincea, Inc.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2065808 2016-01-04] (SoftThinks SAS)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757552 2018-02-26] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-03-10] (Microsoft Corporation)
S2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [298232 2018-06-18] (SurfRight B.V.)
R3 hmpnet; C:\Windows\system32\drivers\hmpnet.sys [92712 2018-06-18] (SurfRight B.V.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [31712 2015-11-24] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2542296 2015-07-11] (Realtek Semiconductor Corp.)
R3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [50696 2014-07-30] (Invincea, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2018-06-18] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [179456 2015-08-31] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKsld7a28e37; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E0C81918-DF56-45A3-A206-926E2350D184}\MpKsld7a28e37.sys [58120 2018-06-18] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S2 PMEM; C:\Windows\SysWOW64\drivers\pmemnt.sys [7168 1999-03-08] (Microsoft Corporation) [File not signed]
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [183304 2014-07-30] (Invincea, Inc.)
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X]
S1 oodzfkni; \??\C:\Windows\system32\drivers\oodzfkni.sys [X]
R3 QDrive; \??\C:\Users\Alec\AppData\Local\Temp\QDrive.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-18 12:01 - 2018-06-18 12:01 - 000018827 _____ C:\Users\Alec\Downloads\FRST.txt
2018-06-18 12:00 - 2018-06-18 12:01 - 000000000 ____D C:\FRST
2018-06-18 11:59 - 2018-06-18 11:59 - 002413056 _____ (Farbar) C:\Users\Alec\Downloads\FRST64.exe
2018-06-18 11:32 - 2018-06-18 11:32 - 000012134 _____ C:\Users\Alec\Desktop\hijackthis.txt
2018-06-18 11:09 - 2018-06-18 11:09 - 000388608 _____ (Trend Micro Inc.) C:\Users\Alec\Downloads\HijackThis.exe
2018-06-18 11:07 - 2018-06-18 11:55 - 000000000 ____D C:\Users\Alec\AppData\LocalLow\Mozilla
2018-06-18 11:07 - 2018-06-18 11:07 - 000000938 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-18 11:07 - 2018-06-18 11:07 - 000000926 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-06-18 11:07 - 2018-06-18 11:07 - 000000000 ____D C:\Users\Alec\AppData\Local\Mozilla
2018-06-18 11:07 - 2018-06-18 11:07 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-06-18 11:07 - 2018-06-18 11:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-18 11:05 - 2018-06-18 11:05 - 000313568 _____ (Mozilla) C:\Users\Alec\Desktop\Firefox Installer.exe
2018-06-18 10:30 - 2018-06-18 10:30 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2018-06-18 10:26 - 2018-06-18 12:00 - 000000000 ____D C:\Windows\CryptoGuard
2018-06-18 10:26 - 2018-06-18 10:56 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2018-06-18 10:26 - 2018-06-18 10:55 - 000000000 ____D C:\ProgramData\HitmanPro
2018-06-18 10:26 - 2018-06-18 10:26 - 001281160 _____ (SurfRight B.V.) C:\Windows\system32\hmpalert.dll
2018-06-18 10:26 - 2018-06-18 10:26 - 000868488 _____ (SurfRight B.V.) C:\Windows\SysWOW64\hmpalert.dll
2018-06-18 10:26 - 2018-06-18 10:26 - 000298232 _____ (SurfRight B.V.) C:\Windows\system32\Drivers\hmpalert.sys
2018-06-18 10:26 - 2018-06-18 10:26 - 000092712 _____ (SurfRight B.V.) C:\Windows\system32\Drivers\hmpnet.sys
2018-06-18 10:26 - 2018-06-18 10:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2018-06-18 10:26 - 2018-06-18 10:26 - 000000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2018-06-18 10:20 - 2018-06-18 10:20 - 004621448 _____ (SurfRight B.V.) C:\Users\Alec\Downloads\hmpalert3.exe
2018-06-18 10:10 - 2018-06-18 10:12 - 000000000 ____D C:\AdwCleaner
2018-06-18 10:10 - 2018-06-18 10:10 - 007372496 _____ (Malwarebytes) C:\Users\Alec\Downloads\adwcleaner_7.2.0.exe
2018-06-14 16:37 - 2018-06-14 16:37 - 000173568 _____ C:\Users\Alec\Desktop\FOR ALECK 17-18.xls
2018-06-13 19:57 - 2018-06-15 20:27 - 000000000 ____D C:\Users\Alec\AppData\Local\KTTmp
2018-06-13 12:55 - 2018-06-13 12:55 - 000003575 _____ C:\Users\Alec\Downloads\INV-04490105 (1).zip
2018-06-13 12:53 - 2018-06-13 12:53 - 000003575 _____ C:\Users\Alec\Downloads\INV-04490105.zip
2018-06-13 08:25 - 2018-06-13 08:25 - 000007419 _____ C:\Users\Alec\Downloads\top_fp (1).html
2018-06-12 20:38 - 2018-05-29 21:36 - 000396960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-06-12 20:38 - 2018-05-29 20:40 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-06-12 20:38 - 2018-05-29 03:43 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-06-12 20:38 - 2018-05-29 03:41 - 005577408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-06-12 20:38 - 2018-05-29 03:41 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-06-12 20:38 - 2018-05-29 03:41 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-06-12 20:38 - 2018-05-29 03:41 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-06-12 20:38 - 2018-05-29 03:41 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-06-12 20:38 - 2018-05-29 03:35 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 004050624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-06-12 20:38 - 2018-05-29 03:32 - 003962048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-06-12 20:38 - 2018-05-29 03:32 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:25 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 03:03 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-06-12 20:38 - 2018-05-29 03:03 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-06-12 20:38 - 2018-05-29 03:03 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-06-12 20:38 - 2018-05-29 03:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-06-12 20:38 - 2018-05-29 03:03 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-06-12 20:38 - 2018-05-29 02:59 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-06-12 20:38 - 2018-05-29 02:59 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-06-12 20:38 - 2018-05-29 02:59 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-06-12 20:38 - 2018-05-29 02:59 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-06-12 20:38 - 2018-05-29 02:59 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-06-12 20:38 - 2018-05-29 02:59 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-06-12 20:38 - 2018-05-29 02:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-06-12 20:38 - 2018-05-29 02:58 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-06-12 20:38 - 2018-05-29 02:58 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 02:58 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 02:58 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 02:58 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-06-12 20:38 - 2018-05-29 02:56 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-06-12 20:38 - 2018-05-29 02:55 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-06-12 20:38 - 2018-05-29 02:55 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-06-12 20:38 - 2018-05-29 02:54 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-06-12 20:38 - 2018-05-29 02:54 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-06-12 20:38 - 2018-05-29 01:04 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-06-12 20:38 - 2018-05-25 06:10 - 025742848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-06-12 20:38 - 2018-05-25 05:59 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-06-12 20:38 - 2018-05-25 05:59 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-06-12 20:38 - 2018-05-25 05:46 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-06-12 20:38 - 2018-05-25 05:45 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-06-12 20:38 - 2018-05-25 05:44 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-06-12 20:38 - 2018-05-25 05:44 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-06-12 20:38 - 2018-05-25 05:44 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-06-12 20:38 - 2018-05-25 05:43 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-06-12 20:38 - 2018-05-25 05:38 - 005779968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-06-12 20:38 - 2018-05-25 05:37 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-06-12 20:38 - 2018-05-25 05:36 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-06-12 20:38 - 2018-05-25 05:34 - 020286976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-06-12 20:38 - 2018-05-25 05:33 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-06-12 20:38 - 2018-05-25 05:32 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-06-12 20:38 - 2018-05-25 05:32 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-06-12 20:38 - 2018-05-25 05:32 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-06-12 20:38 - 2018-05-25 05:32 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-06-12 20:38 - 2018-05-25 05:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-06-12 20:38 - 2018-05-25 05:24 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-06-12 20:38 - 2018-05-25 05:21 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-06-12 20:38 - 2018-05-25 05:16 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-06-12 20:38 - 2018-05-25 05:16 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-06-12 20:38 - 2018-05-25 05:15 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-06-12 20:38 - 2018-05-25 05:15 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-06-12 20:38 - 2018-05-25 05:14 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-06-12 20:38 - 2018-05-25 05:14 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-06-12 20:38 - 2018-05-25 05:14 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-06-12 20:38 - 2018-05-25 05:13 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-06-12 20:38 - 2018-05-25 05:12 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-06-12 20:38 - 2018-05-25 05:10 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-06-12 20:38 - 2018-05-25 05:10 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-06-12 20:38 - 2018-05-25 05:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-06-12 20:38 - 2018-05-25 05:08 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-06-12 20:38 - 2018-05-25 05:08 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-06-12 20:38 - 2018-05-25 05:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-06-12 20:38 - 2018-05-25 05:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-06-12 20:38 - 2018-05-25 05:06 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-06-12 20:38 - 2018-05-25 05:05 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-06-12 20:38 - 2018-05-25 05:05 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-06-12 20:38 - 2018-05-25 04:57 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-06-12 20:38 - 2018-05-25 04:57 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-06-12 20:38 - 2018-05-25 04:55 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-06-12 20:38 - 2018-05-25 04:55 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-06-12 20:38 - 2018-05-25 04:53 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-06-12 20:38 - 2018-05-25 04:53 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-06-12 20:38 - 2018-05-25 04:53 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-06-12 20:38 - 2018-05-25 04:52 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-06-12 20:38 - 2018-05-25 04:52 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-06-12 20:38 - 2018-05-25 04:51 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-06-12 20:38 - 2018-05-25 04:49 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-06-12 20:38 - 2018-05-25 04:48 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-06-12 20:38 - 2018-05-25 04:47 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-06-12 20:38 - 2018-05-25 04:45 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-06-12 20:38 - 2018-05-25 04:42 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-06-12 20:38 - 2018-05-25 04:40 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-06-12 20:38 - 2018-05-25 04:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-06-12 20:38 - 2018-05-25 04:39 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-06-12 20:38 - 2018-05-25 04:38 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-06-12 20:38 - 2018-05-25 04:38 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-06-12 20:38 - 2018-05-25 04:37 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-06-12 20:38 - 2018-05-25 04:29 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-06-12 20:38 - 2018-05-25 04:19 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-06-12 20:38 - 2018-05-25 04:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-06-12 20:38 - 2018-05-25 04:15 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-06-12 20:38 - 2018-05-25 04:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-06-12 20:38 - 2018-05-15 05:16 - 001681088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-06-12 20:38 - 2018-05-15 04:44 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2018-06-12 20:38 - 2018-05-15 04:44 - 001159680 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2018-06-12 20:38 - 2018-05-15 04:44 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-06-12 20:38 - 2018-05-15 04:44 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2018-06-12 20:38 - 2018-05-15 04:24 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2018-06-12 20:38 - 2018-05-15 04:23 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2018-06-12 20:38 - 2018-05-15 04:13 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2018-06-12 20:38 - 2018-05-15 04:13 - 000782848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2018-06-12 20:38 - 2018-05-15 04:13 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-06-12 20:38 - 2018-05-15 04:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2018-06-12 20:38 - 2018-05-15 04:01 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2018-06-12 20:38 - 2018-05-15 04:01 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2018-06-12 20:38 - 2018-05-15 02:20 - 000467856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-06-12 20:38 - 2018-05-15 02:20 - 000459632 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-06-12 20:38 - 2018-05-12 03:07 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-06-12 20:38 - 2018-05-12 03:07 - 000033152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-06-12 20:38 - 2018-05-12 03:07 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-06-12 20:38 - 2018-05-11 22:19 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-06-12 20:38 - 2018-05-11 22:19 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2018-06-12 20:38 - 2018-05-11 22:19 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-06-12 20:38 - 2018-05-11 01:40 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-06-12 20:38 - 2018-05-11 01:40 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2018-06-12 20:38 - 2018-05-11 01:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2018-06-12 20:38 - 2018-04-06 17:39 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-06-12 20:38 - 2018-04-06 17:38 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-06-08 12:33 - 2018-06-08 12:33 - 000231760 _____ C:\Users\Alec\Downloads\CrucialUKScan.exe
2018-06-07 10:55 - 2018-06-07 10:55 - 022989408 _____ (Sage (UK) Limited) C:\Users\Alec\Downloads\PayrollBackgroundUpdate24.1.103.exe
2018-06-05 20:31 - 2018-06-05 20:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-06-05 19:38 - 2018-06-05 19:38 - 000002226 _____ C:\Users\Alec\Desktop\Weekly - Shortcut.lnk
2018-06-04 15:57 - 2018-06-04 16:06 - 000002439 _____ C:\Users\Public\Desktop\Sage 50 Accounts v24.lnk
2018-06-04 15:46 - 2018-06-04 15:49 - 423726696 _____ (Sage (UK) Limited) C:\Users\Alec\Downloads\Sage50Accounts_V24.exe
2018-06-04 11:18 - 2018-06-04 11:18 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-06-04 11:18 - 2018-06-04 11:18 - 000050232 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-06-04 11:18 - 2018-06-04 11:18 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-06-04 11:18 - 2018-06-04 11:18 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-05-29 09:36 - 2018-05-29 09:44 - 000011056 _____ C:\Users\Alec\Desktop\Backdated Contributions.xlsx
2018-05-29 08:28 - 2018-05-29 08:28 - 000104477 _____ C:\Users\Alec\Downloads\MyVodafoneBill_2018-05-24.pdf
2018-05-24 16:32 - 2018-05-24 16:35 - 425566024 _____ (Sage (UK) Limited) C:\Users\Alec\Downloads\PayrollSetup.exe
2018-05-24 16:15 - 2018-05-24 16:15 - 001447320 _____ (Microsoft Corporation) C:\Users\Alec\Downloads\NDP472-KB4054531-Web.exe
2018-05-24 15:19 - 2018-05-24 15:26 - 000000640 _____ C:\Windows\SysWOW64\SGLCH32.USR
2018-05-22 20:59 - 2018-05-22 20:59 - 003044809 _____ C:\Users\Alec\Desktop\James Henderson Year End March 2018.001
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-18 11:45 - 2016-08-17 08:40 - 000000528 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-537663157-2847806574-2192009422-1000.job
2018-06-18 11:25 - 2018-01-17 23:15 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-06-18 11:07 - 2016-05-06 13:20 - 000000000 ____D C:\Users\Alec\AppData\Roaming\Mozilla
2018-06-18 11:05 - 2009-07-14 05:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-18 11:05 - 2009-07-14 05:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-18 11:04 - 2016-03-09 22:44 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2018-06-18 11:00 - 2009-07-14 06:13 - 000908914 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-18 11:00 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-06-18 10:56 - 2018-01-17 23:15 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-06-18 10:56 - 2016-05-03 22:08 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-06-18 10:56 - 2016-05-03 22:08 - 000000000 __SHD C:\Users\Alec\IntelGraphicsProfiles
2018-06-18 10:56 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-18 10:46 - 2016-05-07 19:20 - 000000000 ____D C:\Users\Alec\AppData\Local\CrashDumps
2018-06-18 10:33 - 2016-08-17 08:40 - 000000624 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-537663157-2847806574-2192009422-1000.job
2018-06-18 10:32 - 2016-05-06 00:04 - 000000000 ____D C:\Users\Alec\Documents\Outlook Files
2018-06-18 10:13 - 2016-11-19 15:56 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-06-18 08:19 - 2016-10-05 23:20 - 000003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D72969C1-D11F-4796-9B39-26AD0F2CB1F7}
2018-06-15 20:26 - 2017-04-18 21:40 - 000005306 _____ C:\Users\Alec\AppData\Local\temp.xml
2018-06-13 19:53 - 2017-04-14 13:44 - 000000000 ____D C:\Program Files (x86)\Keytime
2018-06-13 19:52 - 2016-05-05 17:42 - 000000000 ____D C:\Users\Alec\AppData\Local\Downloaded Installations
2018-06-13 13:32 - 2017-02-01 02:06 - 000000000 ____D C:\Windows\rescache
2018-06-12 22:41 - 2016-05-03 23:29 - 000000000 ____D C:\Windows\system32\MRT
2018-06-12 22:40 - 2017-10-12 03:03 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-06-12 22:39 - 2016-05-03 23:29 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-06-12 22:37 - 2016-05-03 22:08 - 000000000 ____D C:\Users\Alec
2018-06-12 19:14 - 2016-05-04 01:26 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-12 19:14 - 2016-05-04 01:26 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-11 11:09 - 2016-05-12 16:45 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-06-11 09:45 - 2017-07-08 06:47 - 000000000 ____D C:\Users\Alec\AppData\Local\GoToMeeting
2018-06-11 08:15 - 2016-08-17 08:40 - 000003654 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-537663157-2847806574-2192009422-1000
2018-06-11 08:15 - 2016-08-17 08:40 - 000003558 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-537663157-2847806574-2192009422-1000
2018-06-08 08:47 - 2016-03-09 22:36 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-06-08 08:47 - 2016-03-09 22:36 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-08 08:47 - 2016-03-09 22:36 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-06-08 08:47 - 2016-03-09 22:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-06-08 08:47 - 2016-03-09 22:36 - 000000000 ____D C:\Windows\system32\Macromed
2018-06-07 10:56 - 2016-05-05 11:51 - 000000000 ____D C:\Program Files (x86)\Sage Payroll
2018-06-07 10:45 - 2016-05-06 13:20 - 000000000 ____D C:\Users\Alec\AppData\LocalLow\WebEx
2018-06-07 10:45 - 2016-05-06 13:20 - 000000000 ____D C:\ProgramData\WebEx
2018-06-05 20:31 - 2018-01-17 23:15 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-06-04 16:09 - 2016-05-05 11:51 - 000000547 _____ C:\Windows\ODBC.INI
2018-06-04 16:09 - 2016-05-03 22:19 - 000000840 _____ C:\Windows\ODBCINST.INI
2018-06-04 16:06 - 2016-05-05 12:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage Accounts
2018-06-04 16:01 - 2016-03-09 22:38 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-04 15:55 - 2017-01-24 17:33 - 000004154 _____ C:\Windows\System32\Tasks\Sage.Global.Services.OverDrive.Core#Housekeeping
2018-06-04 15:55 - 2016-05-05 12:00 - 000000000 ____D C:\SageBackups
2018-06-04 15:52 - 2016-05-05 11:59 - 000000000 ____D C:\Program Files (x86)\Sage
2018-06-01 08:31 - 2016-05-09 10:48 - 000000000 ____D C:\ProgramData\CanonIJPLM
2018-05-24 16:52 - 2016-05-12 16:45 - 000000973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2018-05-24 16:52 - 2016-05-12 16:45 - 000000961 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2018-05-24 16:37 - 2016-05-06 09:26 - 000000060 _____ C:\Windows\Payroll.ini
2018-05-24 16:37 - 2016-05-05 11:51 - 000000000 ____D C:\ProgramData\Sage
2018-05-24 16:37 - 2016-03-09 22:38 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-05-24 16:17 - 2011-02-10 15:33 - 000879326 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-05-24 15:21 - 2016-06-10 11:06 - 000000000 ____D C:\Users\Alec\AppData\Roaming\webex
2018-05-22 11:34 - 2018-05-14 12:18 - 000052500 _____ C:\Users\Alec\Desktop\AK Feb-April.xlsx
2018-05-19 03:20 - 2018-01-17 23:15 - 000003900 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2018-05-19 03:20 - 2018-01-17 23:15 - 000003648 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2016-05-06 00:28 - 2016-05-06 00:53 - 000038413 _____ () C:\Users\Alec\AppData\Roaming\Comma Separated Values (Windows).ADR
2016-06-17 07:53 - 2016-06-17 07:53 - 000000287 _____ () C:\Users\Alec\AppData\Roaming\connection.png
2016-06-17 07:53 - 2016-06-17 07:53 - 000001164 _____ () C:\Users\Alec\AppData\Roaming\default.float.class.xml
2016-06-17 07:53 - 2016-06-17 07:53 - 000000027 _____ () C:\Users\Alec\AppData\Roaming\GMT+9
2017-06-06 11:11 - 2017-06-06 11:11 - 018227200 _____ (Keytime Systems) C:\Users\Alec\AppData\Roaming\KeytimeFinalAccounts.exe
2016-12-20 15:06 - 2016-12-20 15:06 - 000292957 _____ () C:\Users\Alec\AppData\Roaming\Urodele.mX
2017-05-05 09:03 - 2017-05-05 09:03 - 000000096 _____ () C:\Users\Alec\AppData\Local\accper.dat
2017-05-05 09:03 - 2017-05-05 09:03 - 000000013 _____ () C:\Users\Alec\AppData\Local\LAUNCHSUBST.BAT
2017-04-14 13:56 - 2017-07-05 16:38 - 000055572 _____ () C:\Users\Alec\AppData\Local\LicenceDownload.rtf
2017-05-05 09:03 - 2017-05-05 09:03 - 000001020 _____ () C:\Users\Alec\AppData\Local\otass.out
2015-04-07 09:07 - 2015-04-07 09:07 - 003145728 _____ () C:\Users\Alec\AppData\Local\PSCTPrintDetails.mdb
2015-08-13 10:25 - 2018-03-08 18:36 - 005373952 _____ () C:\Users\Alec\AppData\Local\PSCTPrintDetailsV3.mdb
2017-04-18 21:40 - 2018-06-15 20:26 - 000005306 _____ () C:\Users\Alec\AppData\Local\temp.xml
 
Some files in TEMP:
====================
2018-06-18 10:26 - 2018-06-18 11:41 - 011609024 _____ (SurfRight B.V.) C:\Users\Alec\AppData\Local\Temp\HitmanPro_x64.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-07 13:12
 
==================== End of FRST.txt ============================
 
Additional Logs
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Alec (18-06-2018 12:01:27)
Running from C:\Users\Alec\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-05-03 21:08:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-537663157-2847806574-2192009422-500 - Administrator - Disabled)
Alec (S-1-5-21-537663157-2847806574-2192009422-1000 - Administrator - Enabled) => C:\Users\Alec
Guest (S-1-5-21-537663157-2847806574-2192009422-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 30 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Brother MFL-Pro Suite MFC-7360N (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)
Canon iX6800 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iX6800_series) (Version:  - Canon Inc.)
Canon iX6800 series User Registration (HKLM-x32\...\Canon iX6800 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.1.1 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 4.0.18189 - Invincea, Inc.)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 51.4.66 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
DYMO Label Software (HKLM-x32\...\DYMO Label Software) (Version:  - )
DYMO LabelWriter Drivers (HKLM\...\{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6}) (Version: 8.3.0.443 - Sanford L.P.)
Epic Games Launcher (HKLM-x32\...\{FE3CD7B8-14D4-46E9-A206-2C8F2C0E6F1F}) (Version: 1.1.139.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{351B54B2-1AFC-42A7-A8C0-9E05C26F0D1E}) (Version: 1.0.470 - LogMeIn, Inc.)
GoToMeeting 8.29.1.8953 (HKU\S-1-5-21-537663157-2847806574-2192009422-1000\...\GoToMeeting) (Version: 8.29.1.8953 - LogMeIn, Inc.)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.7.6.739 - SurfRight B.V.)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4279 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.1.1043 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.2.42 - Intel Corporation)
Internet Submissions (HKLM-x32\...\{241179CA-4600-4B6E-8860-9E0F921BE600}) (Version: 4.0.0.0 - Sage (UK) Ltd)
Keytime Suite 2016 (HKLM-x32\...\{2BE43FC0-C53F-41F3-8952-124EF58428CE}) (Version: 210.16.0000 - Keytime Objective)
Keytime Suite 2017 (HKLM-x32\...\{A96C3B9E-3E7E-43ED-AAA8-FB6F65CA937C}) (Version: 210.17.0003 - Keytime Objective)
Keytime Suite 2017 Update (HKLM-x32\...\{10F39D3A-6EF4-4F31-998E-ED90B48F0B7E}) (Version: 210.17.0015 - Keytime Objective)
Keytime Suite 2017 Update (HKLM-x32\...\{4D0579C5-6288-421A-9488-4088F975641D}) (Version: 210.17.0025 - Keytime Objective)
Keytime Suite 2017 Update (HKLM-x32\...\{848F669E-2B9C-43DC-9088-46B114917B18}) (Version: 210.17.0022 - Keytime Objective)
Keytime Suite 2017 Update (HKLM-x32\...\{8E291B36-7E77-4364-8F8A-4BCC3A46D351}) (Version: 210.17.0016 - Keytime Objective)
Keytime Suite 2017 Update (HKLM-x32\...\{91004136-365D-43CF-97F9-3DDD712A3DBB}) (Version: 210.17.0007 - Keytime Objective)
Keytime Suite 2017 Update (HKLM-x32\...\{94A0F145-7C56-4160-83CA-896F8F7E3EAC}) (Version: 210.17.0013 - Keytime Objective)
Keytime Suite 2017 Update (HKLM-x32\...\{D22D39F0-4CBF-49B4-BA8D-8AACADE331F8}) (Version: 210.17.0027 - Keytime Objective)
Keytime Suite 2017 Update (HKLM-x32\...\{D4900AD5-6881-4BA9-9452-78E41CA8997E}) (Version: 210.17.0017 - Keytime Objective)
Keytime Suite 2017 Update (HKLM-x32\...\{DF1A0CC8-8C14-45F9-930B-FBFBAF2D0702}) (Version: 210.17.0021 - Keytime Objective)
Keytime Suite 2018 (HKLM-x32\...\{6202A365-4732-46F4-A7F0-82AB2B11511D}) (Version: 210.18.010 - Keytime Objective)
Keytime Suite 2018 Update (HKLM-x32\...\{20D7D248-60D6-4590-8E2C-14DC8A218D57}) (Version: 210.18.0011 - Keytime Objective)
Keytime Suite 2018 Update (HKLM-x32\...\{EAEEA3E1-DD20-4769-8A91-6EDCCA35FEA6}) (Version: 210.18.0024 - Keytime Objective)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lotus NotesSQL 3.01 driver (HKLM-x32\...\{113EECD6-9A04-11D4-811D-00805F923B86}) (Version:  - )
Lotus SmartSuite - English (HKLM-x32\...\{536D6172-7453-7569-7465-392E38300409}) (Version: 9.8.0 - Lotus Development Corporation)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6331.1 - Waves Audio Ltd.) Hidden
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Mozilla Firefox 60.0.2 (x64 en-GB) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-GB)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Payroll for Windows (HKLM-x32\...\{0478E3E6-9EBC-4AE6-A678-2D7918ECF523}) (Version: 22.04 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{1871BF81-07C1-45C8-B076-46F04E3378E8}) (Version: 23.02 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{36FCF533-C372-4BC2-9F89-2959462D37AD}) (Version: 22.00 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{38F5A8E8-B095-4E0D-86F1-278A95960929}) (Version: 23.00 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{3A4DC42C-BC6E-4F16-828B-9B8B50C38248}) (Version: 24.01 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{401B343A-5167-41FF-BD56-D0176EE467B7}) (Version: 23.00 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{451F0344-EAB7-4C4A-B58A-98D7E13FF6DE}) (Version: 22.00 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{67D219B9-E6A3-45B4-B486-946227553F3B}) (Version: 22.04 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{83D568DD-D02D-44D0-B7FB-E31F550E81DB}) (Version: 23.00 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{86B8D2D3-88A8-4AE8-ABF9-560B75BF9934}) (Version: 22.00 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{8CB92BB7-902C-4C14-8838-AF93343B38C0}) (Version: 23.00 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{8DB28140-6E17-4137-BA40-F44E5C39B0F8}) (Version: 23.00 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{90AEB775-7616-4827-A387-D320CDCFACE9}) (Version: 23.02 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{91691CC6-BF92-44B5-BD01-4BB488A6C06D}) (Version: 23.02 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{9A6ADB29-DD37-4A6E-9126-D0603164B4BA}) (Version: 24.01 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{9DA2FF25-A39C-4914-86C7-08C08DC893A6}) (Version: 22.04 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{A41EB9E9-CD2C-4508-A8F6-756352FF4F2A}) (Version: 23.00 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{A52FD783-1121-4435-B218-9D744059FDA8}) (Version: 24.01 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{A54EC5AD-1D2D-4EF4-9D63-588F504AE7F8}) (Version: 23.00 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{A6C0F932-43C4-404F-8748-90682CE7DE2A}) (Version: 22.00 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{B30178D6-2955-4D2C-8F37-9C91AAD6B778}) (Version: 20.01 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{B537827E-BB83-4CC7-A0A3-0E7191300AE1}) (Version: 23.02 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{B8E6B217-E4B3-4C96-906F-555E9CE2257E}) (Version: 23.00 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{C71D12E5-1C0E-4B0F-A089-EA7038356733}) (Version: 23.02 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{C773E3B5-D3AE-4C9F-ACB8-B1E5AA3A6D2C}) (Version: 24.01 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{D29BA226-72CF-4A9C-AB10-144F0039BAD8}) (Version: 22.04 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{D5ACD8FE-4063-412B-8B7C-33820856D127}) (Version: 24.01 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{E3E26B45-6CD7-4142-9630-A103D7161982}) (Version: 22.00 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{E5CBEEC6-B6AC-4855-8C8A-E8369973A9CF}) (Version: 22.04 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{EC98615F-E59D-4842-B1C5-AFCA9C78EB35}) (Version: 23.00 - Sage (UK) Limited) Hidden
Payroll for Windows (HKLM-x32\...\{EE706708-386A-488D-BB66-F7588F7BC5D8}) (Version: 23.00 - Sage (UK) Limited) Hidden
PTP Accounts (HKLM-x32\...\{C6BADF82-FFFA-4B75-AD8C-D334AC4C7970}) (Version: 17.3.0.1062 - IRIS Software Ltd)
QNAP NetBak Replicator (HKLM-x32\...\NetBak) (Version: 4.5.3.0220 - QNAP Systems, Inc.)
QNAP Qfinder Pro (HKLM-x32\...\QNAP_FINDER) (Version: 5.2.1.1224 - QNAP Systems, Inc.)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6076 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Sage 50 Accounts (HKLM-x32\...\{75da8592-b395-4d98-8196-3be12aacc384}) (Version: 24.0.68.0 - Sage (UK) Ltd.)
Sage 50 Accounts (HKLM-x32\...\{7ECBAB60-486B-4CE6-A727-05B0149B3DDC}) (Version: 24.2.228.0 - Sage (UK) Ltd) Hidden
Sage 50 Accounts (HKLM-x32\...\{984d9724-7dcd-4296-8463-cf2cceab0a15}) (Version: 23.0.3.140 - Sage (UK) Ltd.) Hidden
Sage 50 Accounts (HKLM-x32\...\{d41078c1-5f86-44f1-a447-0c365a84e5fe}) (Version: 24.2.228.0 - Sage (UK) Ltd.)
Sage 50 Accounts Data Access Components (HKLM-x32\...\{D59AB1C7-AE84-44BF-AF19-EFCFA87D6DD1}) (Version: 24.2.228.0 - Sage (UK) Ltd) Hidden
Sage 50 Accounts ODBC 64 bit (HKLM\...\{2F117DD5-6206-436D-8154-94CF4A44F3A7}) (Version: 24.2.228.0 - Sage (UK) Ltd) Hidden
Sage 50 Accounts Report Pack (HKLM-x32\...\{48BD7141-1008-4FFF-952B-4B3D99A76175}) (Version: 24.2.228.0 - Sage (UK) Ltd) Hidden
Sage 50 Accounts v23 (HKLM-x32\...\{299DBA1C-5CDF-4CC8-A3FD-5817D57A2BEE}) (Version: 23.0.3.140 - Sage (UK) Ltd)
Sage 50 Payroll (HKLM-x32\...\{043FD1D6-9E71-4FE8-8727-C4290B8312EA}) (Version: 24.01 - Sage (UK) Ltd.)
Sage 50 Payroll (HKLM-x32\...\{27652A4B-113E-4856-A8ED-EE5E553A2A8F}) (Version: 20.01 - Sage (UK) Ltd.)
Sage 50 Payroll (HKLM-x32\...\{30025878-6AB7-49BD-9B5A-9636C6FCBD3D}) (Version: 23.02 - Sage (UK) Ltd.)
Sage 50 Payroll (HKLM-x32\...\{414917A1-473F-4BEF-B8DA-52EB5B9A95E2}) (Version: 23.00 - Sage (UK) Ltd.)
Sage 50 Payroll (HKLM-x32\...\{5A155B37-8B9A-4D9F-A407-41779147743A}) (Version: 24.01 - Sage (UK) Ltd.)
Sage 50 Payroll (HKLM-x32\...\{5E1BA59F-3041-4B14-B083-C31DA9C5A4F8}) (Version: 23.00 - Sage (UK) Ltd.)
Sage 50 Payroll (HKLM-x32\...\{B2BDC428-2229-430F-BC4F-BDDE1CCFC365}) (Version: 22.04 - Sage (UK) Ltd.)
Sage 50 Payroll (HKLM-x32\...\{FC8660DC-A563-4878-A33C-F7F2F1719FD6}) (Version: 22.00 - Sage (UK) Ltd.)
Sage Data Exchange (HKLM-x32\...\{8FC1714D-E15D-446E-AF21-50FC06E4EA1F}) (Version: 1.0.0.0 - Sage) Hidden
Sage Data Exchange (HKLM-x32\...\{D5DF25E1-DB67-4311-BFEB-ECF806DD87FE}) (Version: 1.0.0.0 - Sage) Hidden
Sage Data Exchange Excel Connectivity Adapter (HKLM-x32\...\{2AB2EC65-05BA-456E-A638-075826517AEC}) (Version: 1.0.0.0 - Sage) Hidden
Sage Data Exchange Excel Connectivity Adapter (HKLM-x32\...\{E57D18B4-C757-4AD8-B82A-323BA4C4DF6C}) (Version: 1.0.0.0 - Sage) Hidden
Sage50AccountsV23ReportDesigner (HKLM-x32\...\{A2F33449-F0CF-452C-AB2F-6DF6FFAA6BA1}) (Version: 23.2.4.278 - Sage (UK) Ltd) Hidden
SBDDesktopUpdateInstaller (HKLM-x32\...\{DD16B9AD-FEE2-405D-9E4C-62D44042C422}) (Version: 12.1.586.0 - SBDDesktopUpdateInstaller) Hidden
SDataConfigAddInInstaller (HKLM-x32\...\{FE71361E-8B8F-4A1B-8D4D-B00C7A082428}) (Version: 12.1.586.0 - SDataConfigAddInInstaller) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (HKLM\...\{26BFF1F1-5C03-4C55-9C7C-FD65889AFA70}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (HKLM\...\{A7037EB2-F953-4B12-B843-195F4D988DA1}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{BED1EA3D-592D-4305-9D1F-20F03726EFC1}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.93231 - TeamViewer)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-537663157-2847806574-2192009422-1000_Classes\CLSID\{0358B920-0AC7-461F-98F4-58E32CD89148}\InprocServer32 -> C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Thrnfo\Magicen.dll ()
CustomCLSID: HKU\S-1-5-21-537663157-2847806574-2192009422-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Alec\AppData\Local\GoToMeeting\8473\G2MOutlookAddin64.dll (LogMeIn, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2011-05-28] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2011-05-28] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-09-11] (Intel Corporation)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2011-05-28] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2011-05-28] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03116D25-552A-4B35-8FB5-B37193C04531} - System32\Tasks\Backup Maintenance - IRIS => C:\IRIS\Iris.ScheduleTasks.bat [Argument = RENAME]
Task: {07419A89-E711-4E10-8EAC-4D216A2B10FC} - System32\Tasks\Backup Database - IRIS => C:\IRIS\Iris.ScheduleTasks.bat [Argument = BACKUP]
Task: {0E245E91-362E-4AE6-B405-6436A2998F88} - System32\Tasks\G2MUploadTask-S-1-5-21-537663157-2847806574-2192009422-1000 => C:\Users\Alec\AppData\Local\GoToMeeting\8953\g2mupload.exe [2018-06-11] (LogMeIn, Inc.)
Task: {105AC6ED-7C1E-465B-A438-F9D514018FE4} - System32\Tasks\Sage.Global.Services.OverDrive.Core#Housekeeping => C:\Program Files (x86)\Common Files\Sage Data Exchange\Sage.Data.Exchange.Client.exe [2017-11-08] ()
Task: {119292BF-F6DC-487D-8C6E-3C42EDAA2A45} - System32\Tasks\iSCSIAgentAutoStartup => C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe [2015-12-24] ()
Task: {2E37B114-C5F7-4230-89F1-566D6AEA40A0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-01-17] (Dropbox, Inc.)
Task: {64FFDC81-2DF8-4CE1-9707-5964B9D17103} - System32\Tasks\Rebuild Index - IRIS => C:\IRIS\Iris.ScheduleTasks.bat [Argument = REINDEX]
Task: {6B4E5990-574F-43FB-A816-7ECBF90087D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-04] (Google Inc.)
Task: {715EA479-0A9A-4108-B524-1010F3D809FF} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-01] (Realtek Semiconductor)
Task: {80189B15-4DF6-400C-A5FE-C942707CE4C5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-01-17] (Dropbox, Inc.)
Task: {A753A5CF-3727-4DFC-ACC3-F3ED36D7B5A7} - System32\Tasks\G2MUpdateTask-S-1-5-21-537663157-2847806574-2192009422-1000 => C:\Users\Alec\AppData\Local\GoToMeeting\8953\g2mupdate.exe [2018-06-11] (LogMeIn, Inc.)
Task: {AA3A8694-4817-4493-8A1F-ECC6AD1E07B1} - System32\Tasks\{A0BB4959-0FCF-451A-8CE3-3DDF701CF81E} => D:\setup.exe
Task: {BB5FE7DB-0564-4B15-B6C0-14C8396CCEFC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {C2F754B0-8E2D-4EE3-8D19-B068989B4608} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-04] (Google Inc.)
Task: {D1D6B2C0-F858-4F4D-AE7E-E94B48F1F9A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-08] (Adobe Systems Incorporated)
Task: {DEC34291-264D-4DB7-9FD7-B0D7E8B425E7} - System32\Tasks\NetBak-Dell3040-PC-Alec-AutoStartup => C:\Program Files\QNAP\NetBak\NetBak.exe [2017-02-20] (QNAP Systems, Inc.)
Task: {FF972EE0-17C8-4F59-A15C-C8D970EBBAF4} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-537663157-2847806574-2192009422-1000.job => C:\Users\Alec\AppData\Local\GoToMeeting\8953\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-537663157-2847806574-2192009422-1000.job => C:\Users\Alec\AppData\Local\GoToMeeting\8953\g2mupload.exe
Task: C:\Windows\Tasks\NetBak-Dell3040-PC-Alec-Job1.job => C:\Program Files\QNAP\NetBak\NetBak.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-05-09 14:29 - 2018-06-15 08:25 - 000248560 _____ () C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Thrnfo\Magicen.dll
2016-05-09 10:54 - 2013-06-28 15:28 - 000084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2016-05-05 13:55 - 2015-12-24 05:29 - 001739952 _____ () C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
2017-02-20 12:10 - 2017-02-20 12:10 - 000142136 _____ () C:\Program Files\QNAP\NetBak\RdiffDll.dll
2016-03-10 07:07 - 2015-09-11 07:25 - 000405416 _____ () C:\Windows\system32\igfxTray.exe
2016-05-09 10:57 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2018-06-05 20:31 - 2018-06-04 11:18 - 001107272 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-06-05 20:31 - 2018-06-04 11:18 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-05-14 23:46 - 2018-06-04 11:21 - 000106816 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2018-01-17 23:17 - 2018-06-04 11:20 - 000025408 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2018-01-17 23:17 - 2018-06-04 11:20 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2018-05-14 23:46 - 2018-06-04 11:21 - 000042312 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2018-01-17 23:17 - 2018-06-04 11:20 - 000700736 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-06-05 20:30 - 2018-06-04 11:19 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2018-05-14 23:46 - 2018-06-04 11:21 - 000137032 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-06-05 20:30 - 2018-06-04 11:19 - 001845600 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-06-05 20:30 - 2018-06-04 11:19 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-06-05 20:31 - 2018-06-04 11:20 - 000123200 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2018-01-17 23:17 - 2018-06-04 11:20 - 000112448 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2018-05-14 23:46 - 2018-06-04 11:21 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-06-05 20:31 - 2018-06-04 11:19 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2018-01-17 23:17 - 2018-06-04 11:20 - 000031040 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-06-05 20:31 - 2018-06-04 11:19 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-06-05 20:31 - 2018-06-04 11:20 - 000399168 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2018-05-14 23:46 - 2018-06-04 11:21 - 000049984 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2018-06-05 20:31 - 2018-06-04 11:19 - 000027456 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2018-01-17 23:17 - 2018-06-04 11:20 - 000131392 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2018-05-14 23:46 - 2018-06-04 11:21 - 000120648 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-01-17 23:17 - 2018-06-04 11:20 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2018-05-14 23:46 - 2018-06-04 11:21 - 000028000 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-01-17 23:17 - 2018-06-04 11:20 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2018-01-17 23:17 - 2018-06-04 11:20 - 000182080 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2018-01-17 23:17 - 2018-06-04 11:20 - 000036672 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2018-01-17 23:17 - 2018-06-04 11:20 - 000032576 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2018-05-14 23:46 - 2018-06-04 11:21 - 000055104 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2018-01-17 23:17 - 2018-06-04 11:20 - 000064320 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-05-14 23:46 - 2018-06-04 11:21 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-06-05 20:30 - 2018-06-04 11:19 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2018-06-05 20:30 - 2018-06-04 11:19 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2018-05-14 23:46 - 2018-06-04 11:21 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-05-14 23:46 - 2018-06-04 11:21 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-06-05 20:31 - 2018-06-04 11:19 - 000152384 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-06-05 20:31 - 2018-06-04 11:20 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-01-17 23:17 - 2018-06-04 11:20 - 000091448 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-06-05 20:31 - 2018-06-04 11:20 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-06-05 20:31 - 2018-06-04 11:20 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-05-14 23:46 - 2018-06-04 11:21 - 000035136 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-06-05 20:31 - 2018-06-04 11:20 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-06-05 20:31 - 2018-06-04 11:20 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-06-05 20:31 - 2018-06-04 11:20 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-06-05 20:31 - 2018-06-04 11:20 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-06-05 20:31 - 2018-06-04 11:20 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-06-05 20:31 - 2018-06-04 11:20 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-06-05 20:31 - 2018-06-04 11:20 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2018-01-17 23:17 - 2018-06-04 11:21 - 000067392 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2018-05-14 23:46 - 2018-06-04 11:21 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2018-05-14 23:46 - 2018-06-04 11:21 - 000030528 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2018-05-14 23:46 - 2018-06-04 11:21 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2018-05-14 23:46 - 2018-06-04 11:21 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-05-14 23:46 - 2018-06-04 11:21 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2018-05-14 23:46 - 2018-06-04 11:21 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-06-05 20:31 - 2018-06-04 11:19 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-05-14 23:46 - 2018-06-04 11:21 - 000355648 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2018-05-14 23:46 - 2018-06-04 11:21 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-06-05 20:31 - 2018-06-04 11:19 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-06-05 20:31 - 2018-06-04 11:18 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-05-14 23:46 - 2018-06-04 11:21 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-06-05 20:31 - 2018-06-04 11:19 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-05-14 23:46 - 2018-06-04 11:21 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-06-05 20:31 - 2018-06-04 11:19 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-06-05 20:31 - 2018-06-04 11:19 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-05-14 23:46 - 2018-06-04 11:21 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-06-05 20:31 - 2018-06-04 11:20 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-06-05 20:31 - 2018-06-04 11:20 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-08-13 16:21 - 2016-06-13 09:17 - 001382048 ____N () C:\Program Files (x86)\Sage\AccountsServiceV22\cpprest100_1_2.dll
2015-09-04 20:34 - 2015-09-04 20:34 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-01-05 17:17 - 2015-12-18 23:52 - 001607920 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2016-03-09 22:44 - 2012-11-25 22:19 - 001153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2016-03-09 22:44 - 2014-02-18 14:12 - 000117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1035 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1080 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:835 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:876 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:974 [0]
AlternateDataStreams: C:\Users\Alec\Documents\Image.jpg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Alec\Documents\Image.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Public\AppData:CSM [466]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2018-06-18 11:14 - 000000826 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-537663157-2847806574-2192009422-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lotus Organizer EasyClip.lnk => C:\Windows\pss\Lotus Organizer EasyClip.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lotus QuickStart.lnk => C:\Windows\pss\Lotus QuickStart.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lotus SmartCenter.lnk => C:\Windows\pss\Lotus SmartCenter.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lotus SuiteStart.lnk => C:\Windows\pss\Lotus SuiteStart.lnk.CommonStartup
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: WavesSvc => "C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5DB49A4D-ED22-462E-AC8E-65B4961BE162}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E34E015C-7C25-4EC0-AC8C-C37418C26A5A}] => (Allow) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe
FirewallRules: [{9D062186-1ECC-4DEB-B6F6-A4BFE72DBAC7}] => (Allow) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe
FirewallRules: [TCP Query User{8642B033-F14D-4320-BBC7-95523F260C2A}C:\program files (x86)\qnap\qfinder\qfinderpro.exe] => (Allow) C:\program files (x86)\qnap\qfinder\qfinderpro.exe
FirewallRules: [UDP Query User{6897A04F-FD62-4A4C-BCFD-8378ACA02B6F}C:\program files (x86)\qnap\qfinder\qfinderpro.exe] => (Allow) C:\program files (x86)\qnap\qfinder\qfinderpro.exe
FirewallRules: [TCP Query User{5C16C5CF-11F5-4309-92DD-D39A13BE40C1}C:\users\alec\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\alec\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{F1A4B5DB-1949-455C-96DB-238F97FE4A55}C:\users\alec\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\alec\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{B5A1CB9B-D971-4C78-B0A8-1D1BA2125694}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{3AB2A7F7-5ECE-4875-A7B1-69FF140519E7}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{6EBDC659-FE2E-4725-BD3F-38015028ED2C}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{0B2063C2-5E4C-49F4-8504-20AD0FEFEF27}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{DF4F000E-9CB0-4ED5-93F8-8BD3DD532FFB}C:\users\alec\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\alec\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{A1C83827-B7DD-4C4C-9C67-8B206B659CB7}C:\users\alec\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\alec\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{85870EC9-4E98-45A0-B489-BEF008EFC00E}C:\users\alec\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe] => (Allow) C:\users\alec\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{0584B99F-0A2D-460A-883E-7D513703F4F2}C:\users\alec\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe] => (Allow) C:\users\alec\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{24208B49-3A9E-4118-94A2-0ECD923B5680}C:\program files (x86)\qnap\qfinder\qfinderpro.exe] => (Allow) C:\program files (x86)\qnap\qfinder\qfinderpro.exe
FirewallRules: [UDP Query User{A5F87E34-C67E-4C4E-A508-F805026B27B9}C:\program files (x86)\qnap\qfinder\qfinderpro.exe] => (Allow) C:\program files (x86)\qnap\qfinder\qfinderpro.exe
FirewallRules: [{009D33BF-5123-411B-8157-0011B3935374}] => (Allow) C:\Users\Alec\Documents\Steam\Steam.exe
FirewallRules: [{CB980901-065F-4D15-8194-BBF0C9A6E177}] => (Allow) C:\Users\Alec\Documents\Steam\Steam.exe
FirewallRules: [{7F51A970-0FFA-4A37-BEB2-8E1BEC22628F}] => (Allow) C:\Users\Alec\Documents\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7BB72685-BD9B-44B6-926B-81AA7026C90F}] => (Allow) C:\Users\Alec\Documents\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{287C8623-4815-4DF7-8A98-49753B33B900}] => (Allow) C:\Program Files (x86)\Sage\AccountsServiceV23\sg50svc_v23.exe
FirewallRules: [{B3AD2632-A72B-4920-BCF0-1424E3DA3196}] => (Allow) C:\Program Files (x86)\Sage\AccountsServiceV23\sg50CtrlSvc_v23.exe
FirewallRules: [TCP Query User{3B3DD243-C928-411B-AEB5-BD6ACDB674F1}C:\program files\qnap\netbak\netbak.exe] => (Allow) C:\program files\qnap\netbak\netbak.exe
FirewallRules: [UDP Query User{BF18151F-A139-47CE-AE90-A9D913CCB6FA}C:\program files\qnap\netbak\netbak.exe] => (Allow) C:\program files\qnap\netbak\netbak.exe
FirewallRules: [TCP Query User{00BEB99A-32FF-4AC7-A0E2-725573E459D9}C:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{30DCC3A5-6ACB-499D-9F80-2E9CBF75D700}C:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{3C41C0F2-11F8-4A4D-9543-A2F5F424BC8E}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{411CF896-EAFB-4373-A3C8-C2E5B9A51D78}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{22FAC0E7-E8BA-442A-BD9E-AF5D4E2C43AC}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{D83CD9F8-3F9F-440A-858A-F62E383C268F}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{7F11F6E5-4F7D-4657-8AAB-26CA09F472D6}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{E58DE4E3-7E5D-4249-A502-F48FEF066635}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{F6CEDDD5-208B-427C-892B-115D2D2AD371}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{56125F8B-0A70-4174-B22E-628C332A9A09}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E474096F-61F9-4D54-9CAC-B2417792A31C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AF3E0D64-CC3C-4EB7-962C-8B3D1AFF5CEA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{22018E7C-56C8-4699-90AE-6F35CDCB12DE}] => (Allow) C:\Program Files (x86)\Sage\AccountsServiceV24\sg50svc_v24.exe
FirewallRules: [{7ADC0D82-C426-4305-A0E2-4F499987C45C}] => (Allow) C:\Program Files (x86)\Sage\AccountsServiceV24\sg50CtrlSvc_v24.exe
FirewallRules: [{954C322C-A212-468C-BA3E-487451305774}] => (Allow) C:\Program Files (x86)\Common Files\Sage SBD\SbdDesktop\V14\SBDDesktop.exe
FirewallRules: [{BF10C614-668E-43B9-80C7-6137C62FDA43}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{188FB105-DC5D-41E0-A548-F5BE3E69E58C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B1F656DE-C17D-41C2-80E0-137AFD036F27}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{820C227D-DA6F-4D68-B532-DC730F40B414}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
 
==================== Restore Points =========================
 
12-06-2018 22:37:14 Windows Update
13-06-2018 19:52:52 Installed Keytime Suite 2018 Update.
16-06-2018 08:26:41 Windows Update
18-06-2018 10:30:16 Checkpoint by HitmanPro
 
==================== Faulty Device Manager Devices =============
 
Name: SboxDrv
Description: SboxDrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SboxDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/18/2018 11:55:48 AM) (Source: HitmanPro.Alert) (EventID: 911) (User: )
Description: Mitigation   CallerCheck
 
Platform     6.1.7601/x64 v739 06_5e
PID          1068
Application  C:\Program Files\Mozilla Firefox\firefox.exe
Description  Firefox 60.0.2
 
Callee Type  CreateProcess
             C:\Program Files\Mozilla Firefox\firefox.exe
 
Stack Trace
#  Address          Module                   Location
-- ---------------- ------------------------ ----------------------------------------
1  00000000773B064C kernel32.dll            
 
2  0000000000063A5D (anonymous; allocated from 0000000004F49426 in explorer.exe:2448)
                    85c0                     TEST         EAX, EAX
                    8bd8                     MOV          EBX, EAX
                    7412                     JZ           0x63a75
                    448b842490000000         MOV          R8D, [RSP+0x90]
                    8bd5                     MOV          EDX, EBP
                    488bce                   MOV          RCX, RSI
                    e893280000               CALL         0x66308
                    488b6c2468               MOV          RBP, [RSP+0x68]
                    488b742470               MOV          RSI, [RSP+0x70]
                    8bc3                     MOV          EAX, EBX
                    488b5c2460               MOV          RBX, [RSP+0x60]
                    4883c450                 ADD          RSP, 0x50
                    5f                       POP          RDI
                    c3                       RET         
 
3  00460020006D0061 (unknown)               
4  00730065006C0069 (unknown)               
5  007A006F004D005C (unknown)               
6  0061006C006C0069 (unknown)               
 
Code Injection
0000000000060000-0000000000076000   88KB C:\Windows\explorer.exe [2448]
000000013FA7D000-000000013FA7E000    4KB
1  C:\Windows\explorer.exe [2448]
2  C:\Windows\System32\userinit.exe [3060]
3  C:\Windows\System32\winlogon.exe [636]
winlogon.exe
 
Process Trace
1  C:\Program Files\Mozilla Firefox\firefox.exe [1068]
2  C:\Windows\explorer.exe [2448]
3  C:\Windows\System32\userinit.exe [3060]
4  C:\Windows\System32\winlogon.exe [636]
winlogon.exe
 
Thumbprint
1de5725d72f0e2beb1d9e62d76160c822a572d7832d57b736e02a7376b29f92c
 
Error: (06/18/2018 11:53:28 AM) (Source: HitmanPro.Alert) (EventID: 911) (User: )
Description: Mitigation   CallerCheck
 
Platform     6.1.7601/x64 v739 06_5e
PID          7748
Application  C:\Program Files\Mozilla Firefox\firefox.exe
Description  Firefox 60.0.2
 
Callee Type  CreateProcess
             C:\Program Files\Mozilla Firefox\firefox.exe
 
Stack Trace
#  Address          Module                   Location
-- ---------------- ------------------------ ----------------------------------------
1  00000000773B064C kernel32.dll            
 
2  0000000000063A5D (anonymous; allocated from 0000000004F49426 in explorer.exe:2448)
                    85c0                     TEST         EAX, EAX
                    8bd8                     MOV          EBX, EAX
                    7412                     JZ           0x63a75
                    448b842490000000         MOV          R8D, [RSP+0x90]
                    8bd5                     MOV          EDX, EBP
                    488bce                   MOV          RCX, RSI
                    e893280000               CALL         0x66308
                    488b6c2468               MOV          RBP, [RSP+0x68]
                    488b742470               MOV          RSI, [RSP+0x70]
                    8bc3                     MOV          EAX, EBX
                    488b5c2460               MOV          RBX, [RSP+0x60]
                    4883c450                 ADD          RSP, 0x50
                    5f                       POP          RDI
                    c3                       RET         
 
3  00460020006D0061 (unknown)               
4  00730065006C0069 (unknown)               
5  007A006F004D005C (unknown)               
6  0061006C006C0069 (unknown)               
 
Code Injection
0000000000060000-0000000000076000   88KB C:\Windows\explorer.exe [2448]
000000013F2FD000-000000013F2FE000    4KB
1  C:\Windows\explorer.exe [2448]
2  C:\Windows\System32\userinit.exe [3060]
3  C:\Windows\System32\winlogon.exe [636]
winlogon.exe
 
Process Trace
1  C:\Program Files\Mozilla Firefox\firefox.exe [7748]
2  C:\Windows\explorer.exe [2448]
3  C:\Windows\System32\userinit.exe [3060]
4  C:\Windows\System32\winlogon.exe [636]
winlogon.exe
 
Thumbprint
1de5725d72f0e2beb1d9e62d76160c822a572d7832d57b736e02a7376b29f92c
 
Error: (06/18/2018 11:51:26 AM) (Source: HitmanPro.Alert) (EventID: 911) (User: )
Description: Mitigation   CallerCheck
 
Platform     6.1.7601/x64 v739 06_5e
PID          5420
Application  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Description  Google Chrome 67
 
Callee Type  CreateProcess
             C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Stack Trace
#  Address          Module                   Location
-- ---------------- ------------------------ ----------------------------------------
1  00000000773B064C kernel32.dll            
 
2  0000000000063A5D (anonymous; allocated from 0000000004F49426 in explorer.exe:2448)
                    85c0                     TEST         EAX, EAX
                    8bd8                     MOV          EBX, EAX
                    7412                     JZ           0x63a75
                    448b842490000000         MOV          R8D, [RSP+0x90]
                    8bd5                     MOV          EDX, EBP
                    488bce                   MOV          RCX, RSI
                    e893280000               CALL         0x66308
                    488b6c2468               MOV          RBP, [RSP+0x68]
                    488b742470               MOV          RSI, [RSP+0x70]
                    8bc3                     MOV          EAX, EBX
                    488b5c2460               MOV          RBX, [RSP+0x60]
                    4883c450                 ADD          RSP, 0x50
                    5f                       POP          RDI
                    c3                       RET         
 
3  000007FED5E56BB0 chrome_elf.dll          
4  0000000000000040 (unknown)               
5  000007FEFD4C2D50 KernelBase.dll           InitializeProcThreadAttributeList()
6  000007FED5E007DB chrome_elf.dll          
7  000000000006C39C (anonymous; allocated from 0000000004F49426 in explorer.exe:2448)
 
Code Injection
0000000000060000-0000000000076000   88KB C:\Windows\explorer.exe [2448]
000000013F733000-000000013F734000    4KB
1  C:\Windows\explorer.exe [2448]
2  C:\Windows\System32\userinit.exe [3060]
3  C:\Windows\System32\winlogon.exe [636]
winlogon.exe
 
Process Trace
1  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [5420]
2  C:\Windows\explorer.exe [2448]
3  C:\Windows\System32\userinit.exe [3060]
4  C:\Windows\System32\winlogon.exe [636]
winlogon.exe
 
Thumbprint
dc399a6feac6bfb01023b2defcd3c456816ddf827fc9dfe4568c8452e1c2f528
 
Error: (06/18/2018 11:50:24 AM) (Source: HitmanPro.Alert) (EventID: 911) (User: )
Description: Mitigation   CallerCheck
 
Platform     6.1.7601/x64 v739 06_5e
PID          6972
Application  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Description  Google Chrome 67
 
Callee Type  CreateProcess
             C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Stack Trace
#  Address          Module                   Location
-- ---------------- ------------------------ ----------------------------------------
1  00000000773B064C kernel32.dll            
 
2  0000000000063A5D (anonymous; allocated from 0000000004F49426 in explorer.exe:2448)
                    85c0                     TEST         EAX, EAX
                    8bd8                     MOV          EBX, EAX
                    7412                     JZ           0x63a75
                    448b842490000000         MOV          R8D, [RSP+0x90]
                    8bd5                     MOV          EDX, EBP
                    488bce                   MOV          RCX, RSI
                    e893280000               CALL         0x66308
                    488b6c2468               MOV          RBP, [RSP+0x68]
                    488b742470               MOV          RSI, [RSP+0x70]
                    8bc3                     MOV          EAX, EBX
                    488b5c2460               MOV          RBX, [RSP+0x60]
                    4883c450                 ADD          RSP, 0x50
                    5f                       POP          RDI
                    c3                       RET         
 
3  000007FED5F36BB0 chrome_elf.dll          
4  0000000000000040 (unknown)               
5  000007FEFD4C2D50 KernelBase.dll           InitializeProcThreadAttributeList()
6  000007FED5EE07DB chrome_elf.dll          
7  000000000006C39C (anonymous; allocated from 0000000004F49426 in explorer.exe:2448)
 
Code Injection
0000000000060000-0000000000076000   88KB C:\Windows\explorer.exe [2448]
000000013FA23000-000000013FA24000    4KB
1  C:\Windows\explorer.exe [2448]
2  C:\Windows\System32\userinit.exe [3060]
3  C:\Windows\System32\winlogon.exe [636]
winlogon.exe
 
Process Trace
1  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [6972]
2  C:\Windows\explorer.exe [2448]
3  C:\Windows\System32\userinit.exe [3060]
4  C:\Windows\System32\winlogon.exe [636]
winlogon.exe
 
Thumbprint
dc399a6feac6bfb01023b2defcd3c456816ddf827fc9dfe4568c8452e1c2f528
 
Error: (06/18/2018 11:43:21 AM) (Source: HitmanPro.Alert) (EventID: 911) (User: )
Description: Mitigation   CallerCheck
 
Platform     6.1.7601/x64 v739 06_5e
PID          4104
Application  C:\Program Files\Mozilla Firefox\firefox.exe
Description  Firefox 60.0.2
 
Callee Type  CreateProcess
             C:\Program Files\Mozilla Firefox\firefox.exe
 
Stack Trace
#  Address          Module                   Location
-- ---------------- ------------------------ ----------------------------------------
1  00000000773B064C kernel32.dll            
 
2  0000000000063A5D (anonymous; allocated from 0000000004F49426 in explorer.exe:2448)
                    85c0                     TEST         EAX, EAX
                    8bd8                     MOV          EBX, EAX
                    7412                     JZ           0x63a75
                    448b842490000000         MOV          R8D, [RSP+0x90]
                    8bd5                     MOV          EDX, EBP
                    488bce                   MOV          RCX, RSI
                    e893280000               CALL         0x66308
                    488b6c2468               MOV          RBP, [RSP+0x68]
                    488b742470               MOV          RSI, [RSP+0x70]
                    8bc3                     MOV          EAX, EBX
                    488b5c2460               MOV          RBX, [RSP+0x60]
                    4883c450                 ADD          RSP, 0x50
                    5f                       POP          RDI
                    c3                       RET         
 
3  000000000A6C4C18 (anonymous)             
4  0000000008AD17F0 (anonymous)             
5  0000000004A9EB80 (anonymous)             
6  000007FED62B5160 xul.dll                 
7  0000000004A9EAF0 (anonymous)             
8  000000000A64A000 (anonymous)             
9  000000000006C39C (anonymous; allocated from 0000000004F49426 in explorer.exe:2448)
 
Code Injection
0000000000060000-0000000000076000   88KB C:\Windows\explorer.exe [2448]
000000013FD8D000-000000013FD8E000    4KB
1  C:\Windows\explorer.exe [2448]
2  C:\Windows\System32\userinit.exe [3060]
3  C:\Windows\System32\winlogon.exe [636]
winlogon.exe
 
Process Trace
1  C:\Program Files\Mozilla Firefox\firefox.exe [4104]
2  C:\Windows\explorer.exe [2448]
3  C:\Windows\System32\userinit.exe [3060]
4  C:\Windows\System32\winlogon.exe [636]
winlogon.exe
 
Thumbprint
1de5725d72f0e2beb1d9e62d76160c822a572d7832d57b736e02a7376b29f92c
 
Error: (06/18/2018 11:43:16 AM) (Source: HitmanPro.Alert) (EventID: 911) (User: )
Description: Mitigation   CallerCheck
 
Platform     6.1.7601/x64 v739 06_5e
PID          4856
Application  C:\Program Files\Mozilla Firefox\firefox.exe
Description  Firefox 60.0.2
 
Callee Type  CreateProcess
             C:\Program Files\Mozilla Firefox\firefox.exe
 
Stack Trace
#  Address          Module                   Location
-- ---------------- ------------------------ ----------------------------------------
1  00000000773B064C kernel32.dll            
 
2  0000000000063A5D (anonymous; allocated from 0000000004F49426 in explorer.exe:2448)
                    85c0                     TEST         EAX, EAX
                    8bd8                     MOV          EBX, EAX
                    7412                     JZ           0x63a75
                    448b842490000000         MOV          R8D, [RSP+0x90]
                    8bd5                     MOV          EDX, EBP
                    488bce                   MOV          RCX, RSI
                    e893280000               CALL         0x66308
                    488b6c2468               MOV          RBP, [RSP+0x68]
                    488b742470               MOV          RSI, [RSP+0x70]
                    8bc3                     MOV          EAX, EBX
                    488b5c2460               MOV          RBX, [RSP+0x60]
                    4883c450                 ADD          RSP, 0x50
                    5f                       POP          RDI
                    c3                       RET         
 
3  0000000005CC4C18 (anonymous)             
4  0000000009893440 (anonymous)             
5  0000000000000187 (unknown)               
6  000007FEDA815160 xul.dll                 
7  000000000550E7F0 (anonymous)             
8  0000000005C4A000 (anonymous)             
9  000000000006C39C (anonymous; allocated from 0000000004F49426 in explorer.exe:2448)
 
Code Injection
0000000000060000-0000000000076000   88KB C:\Windows\explorer.exe [2448]
000000013F76D000-000000013F76E000    4KB
1  C:\Windows\explorer.exe [2448]
2  C:\Windows\System32\userinit.exe [3060]
3  C:\Windows\System32\winlogon.exe [636]
winlogon.exe
 
Process Trace
1  C:\Program Files\Mozilla Firefox\firefox.exe [4856]
2  C:\Windows\explorer.exe [2448]
3  C:\Windows\System32\userinit.exe [3060]
4  C:\Windows\System32\winlogon.exe [636]
winlogon.exe
 
Thumbprint
1de5725d72f0e2beb1d9e62d76160c822a572d7832d57b736e02a7376b29f92c
 
Error: (06/18/2018 11:41:00 AM) (Source: HitmanPro.Alert) (EventID: 911) (User: )
Description: Mitigation   CallerCheck
 
Platform     6.1.7601/x64 v739 06_5e
PID          7232
Application  C:\Program Files\Mozilla Firefox\firefox.exe
Description  Firefox 60.0.2
 
Callee Type  CreateProcess
             C:\Program Files\Mozilla Firefox\firefox.exe
 
Stack Trace
#  Address          Module                   Location
-- ---------------- ------------------------ ----------------------------------------
1  00000000773B064C kernel32.dll            
 
2  0000000000063A5D (anonymous; allocated from 0000000004F49426 in explorer.exe:2448)
                    85c0                     TEST         EAX, EAX
                    8bd8                     MOV          EBX, EAX
                    7412                     JZ           0x63a75
                    448b842490000000         MOV          R8D, [RSP+0x90]
                    8bd5                     MOV          EDX, EBP
                    488bce                   MOV          RCX, RSI
                    e893280000               CALL         0x66308
                    488b6c2468               MOV          RBP, [RSP+0x68]
                    488b742470               MOV          RSI, [RSP+0x70]
                    8bc3                     MOV          EAX, EBX
                    488b5c2460               MOV          RBX, [RSP+0x60]
                    4883c450                 ADD          RSP, 0x50
                    5f                       POP          RDI
                    c3                       RET         
 
3  000000000A7C5C18 (anonymous)             
4  0000000008470780 (anonymous)             
5  0000000000000303 (unknown)               
6  000007FED62B5160 xul.dll                 
7  0000000004F4E9E0 (anonymous)             
8  000000000A74C000 (anonymous)             
9  000000000006C39C (anonymous; allocated from 0000000004F49426 in explorer.exe:2448)
 
Code Injection
0000000000060000-0000000000076000   88KB C:\Windows\explorer.exe [2448]
000000013FEDD000-000000013FEDE000    4KB
1  C:\Windows\explorer.exe [2448]
2  C:\Windows\System32\userinit.exe [3060]
3  C:\Windows\System32\winlogon.exe [636]
winlogon.exe
 
Process Trace
1  C:\Program Files\Mozilla Firefox\firefox.exe [7232]
2  C:\Windows\explorer.exe [2448]
3  C:\Windows\System32\userinit.exe [3060]
4  C:\Windows\System32\winlogon.exe [636]
winlogon.exe
 
Thumbprint
1de5725d72f0e2beb1d9e62d76160c822a572d7832d57b736e02a7376b29f92c
 
Error: (06/18/2018 11:40:56 AM) (Source: HitmanPro.Alert) (EventID: 911) (User: )
Description: Mitigation   CallerCheck
 
Platform     6.1.7601/x64 v739 06_5e
PID          940
Application  C:\Program Files\Mozilla Firefox\firefox.exe
Description  Firefox 60.0.2
 
Callee Type  CreateProcess
             C:\Program Files\Mozilla Firefox\firefox.exe
 
Stack Trace
#  Address          Module                   Location
-- ---------------- ------------------------ ----------------------------------------
1  00000000773B064C kernel32.dll            
 
2  0000000000063A5D (anonymous; allocated from 0000000004F49426 in explorer.exe:2448)
                    85c0                     TEST         EAX, EAX
                    8bd8                     MOV          EBX, EAX
                    7412                     JZ           0x63a75
                    448b842490000000         MOV          R8D, [RSP+0x90]
                    8bd5                     MOV          EDX, EBP
                    488bce                   MOV          RCX, RSI
                    e893280000               CALL         0x66308
                    488b6c2468               MOV          RBP, [RSP+0x68]
                    488b742470               MOV          RSI, [RSP+0x70]
                    8bc3                     MOV          EAX, EBX
                    488b5c2460               MOV          RBX, [RSP+0x60]
                    4883c450                 ADD          RSP, 0x50
                    5f                       POP          RDI
                    c3                       RET         
 
3  00000000055C7C78 (anonymous)             
4  0000000007E2AF10 (anonymous)             
5  000000000538EF60 (anonymous)             
6  000007FEDA815160 xul.dll                 
7  000000000538EED0 (anonymous)             
8  0000000005541000 (anonymous)             
9  000000000006C39C (anonymous; allocated from 0000000004F49426 in explorer.exe:2448)
 
Code Injection
0000000000060000-0000000000076000   88KB C:\Windows\explorer.exe [2448]
000000013F7CD000-000000013F7CE000    4KB
1  C:\Windows\explorer.exe [2448]
2  C:\Windows\System32\userinit.exe [3060]
3  C:\Windows\System32\winlogon.exe [636]
winlogon.exe
 
Process Trace
1  C:\Program Files\Mozilla Firefox\firefox.exe [940]
2  C:\Windows\explorer.exe [2448]
3  C:\Windows\System32\userinit.exe [3060]
4  C:\Windows\System32\winlogon.exe [636]
winlogon.exe
 
Thumbprint
1de5725d72f0e2beb1d9e62d76160c822a572d7832d57b736e02a7376b29f92c
 
 
System errors:
=============
Error: (06/18/2018 10:56:56 AM) (Source: SboxSvc) (EventID: 9234) (User: )
Description: SBOX9234 Service startup error level 9153 status=C0000001 error=-1073741823
 
9251;evt;err;01
SBOX9251 Port event creation failed
 
Error: (06/18/2018 10:56:51 AM) (Source: SboxDrv) (EventID: 1103) (User: )
Description: SBOX1103 Invincea Sandbox driver (SboxDrv) version 4.13.1 failed to start
 
Error: (06/18/2018 10:56:51 AM) (Source: SboxDrv) (EventID: 1113) (User: )
Description: SBOX1113 Cannot find Nt system service, reason AcceptConnectPort
 
Error: (06/18/2018 10:56:51 AM) (Source: SboxDrv) (EventID: 1113) (User: )
Description: SBOX1113 Cannot find Nt system service, reason MASTER TABLE
 
Error: (06/18/2018 10:56:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PMEM service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (06/18/2018 10:56:45 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWOW64\drivers\pmemnt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/18/2018 10:56:38 AM) (Source: SboxSvc) (EventID: 9234) (User: )
Description: SBOX9234 Service startup error level 9153 status=C0000001 error=-1073741823
 
9251;evt;err;01
SBOX9251 Port event creation failed
 
Error: (06/18/2018 10:56:35 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: 
The system cannot find the file specified.
 
 
CodeIntegrity:
===================================
 
Date: 2018-06-18 10:56:45.745
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-18 10:56:45.605
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-18 10:33:54.139
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-18 10:33:54.019
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-18 10:18:09.212
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-18 10:18:09.103
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-18 10:13:28.917
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-18 10:13:28.792
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 52%
Total physical RAM: 8074.42 MB
Available physical RAM: 3839.67 MB
Total Virtual: 16147.01 MB
Available Virtual: 11572.39 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:435.36 GB) (Free:236.91 GB) NTFS
Drive s: (Work) (Network) (Total:1375.65 GB) (Free:138.02 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:11.73 GB) (Free:1.82 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive z: (home) (Network) (Total:1375.65 GB) (Free:138.02 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 447.1 GB) (Disk ID: 6CE72E6B)
Partition 1: (Not Active) - (Size=40 MB) - (Type=DE)
Partition 2: (Active) - (Size=11.7 GB) - (Type=27)
Partition 3: (Not Active) - (Size=435.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
Thank you for your time any help would be greatly appreciated.

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 23 June 2018 - 06:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/679253 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Tokentim

Tokentim
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 23 June 2018 - 05:24 PM

This a customers PC. I am due to go back to their office on Monday morning UK time. I have no access to the PC until then. 

 

Detailed information:

 

There was no indication of any infection. Discovery came about when the customer logged into his online banking which looked genuine, however it was data grabber which captured his pin as he used his bank card reader to proceed to his account. His bank contacted him almost immediately to ask if he had set up a payment £4k. They locked down his account and advised to call in someone to check his PC. The pc appears to be working fine.

 

I scanned with ADW Cleaner, then hitman pro alert. Hitman Pro did find a Trojan which it deleted.

Hitman Pro alert is blocking use of IE and Chrome. I installed Firefox which initially was not blocked but was after a reboot. It is also blocking the opening of PDF files.

 

I posted the error in my initial post along with the FRST log. The PC has not been used since.

 

The system is Dell Optiplex 5040 running Windows 7 Pro, (64bit) downloaded from Dell when the PC was new last year, it has all updates installed. (Intel i5 6 series processor, 480 GB SSD)

I have access to all version of Windows

Ideally I would like to find the issue and fix it or at least find out if it is infecting data files so that I know if I can safely migrate data to another pc, then wipe and do a fresh install of Windows 10 on the infected one.

 

Thank you for looking at this.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:42 AM

Posted 30 June 2018 - 04:54 PM

Greetings Tokentim and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
  • The information will be copied invisibly and will be "pasted" into FRST automatically when you click Fix as instructed below
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-537663157-2847806574-2192009422-1000 -> DefaultScope {171A245D-FE7C-499D-A2B7-2B7D928DF1D1} URL = 
SearchScopes: HKU\S-1-5-21-537663157-2847806574-2192009422-1000 -> {171A245D-FE7C-499D-A2B7-2B7D928DF1D1} URL = 
Toolbar: HKU\S-1-5-21-537663157-2847806574-2192009422-1000 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
S1 oodzfkni; \??\C:\Windows\system32\drivers\oodzfkni.sys [X]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1035 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1080 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:835 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:876 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:974 [0]
AlternateDataStreams: C:\Users\Alec\Documents\Image.jpg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Alec\Documents\Image.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Public\AppData:CSM [466]
Folder: AppData\Local\KTTmp
File: C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Thrnfo\Magicen.dll
File: C:\Program Files\Mozilla Firefox\firefox.exe
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Copy/paste the following in the Search: box
*oodzfkni*
  • Click Search Files button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlist
  • Search.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 Tokentim

Tokentim
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 02 July 2018 - 01:28 PM

Thanks Gary, I downloaded Microsoft's msrt and it identified a dropper and another two infections. Once these were removed the PC is now behaving the way it should and is malware/virus free.

 

 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:42 AM

Posted 02 July 2018 - 01:32 PM

Great, thanks for letting me know.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:42 AM

Posted 05 July 2018 - 08:18 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users