Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2014 01
Ran by presentation (administrator) on QHSE on 31-10-2014 23:42:00
Running from C:\Users\presentation\Desktop
Loaded Profile: presentation (Available profiles: presentation)
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
( ) C:\Windows\System32\lxeccoms.exe
( ) C:\Windows\System32\slmdmsr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
() C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
() C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Akamai Technologies, Inc.) C:\Users\presentation\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\presentation\AppData\Local\Akamai\netsession_win.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [SoundMan] => C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [lxecmon.exe] => C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe [770728 2010-05-17] ()
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe [148280 2010-05-17] ()
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM Group Policy restriction on software: <====== ATTENTION
HKLM Group Policy restriction on software: <====== ATTENTION
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2352433161-3608982554-448722011-1000\...\Run: [Mobile Partner] => C:\Program Files\3MobileWiFi\3MobileWiFi
HKU\S-1-5-21-2352433161-3608982554-448722011-1000\...\Run: [Akamai NetSession Interface] => C:\Users\presentation\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2352433161-3608982554-448722011-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
ShortcutTarget: AutoCAD Startup Accelerator.lnk -> C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9F44847E62ECCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll ()
Toolbar: HKLM - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\presentation\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\presentation\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-10]
CHR Extension: (Google Drive) - C:\Users\presentation\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\presentation\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (YouTube) - C:\Users\presentation\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-10]
CHR Extension: (Google Search) - C:\Users\presentation\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-10]
CHR Extension: (HP Smart Print) - C:\Users\presentation\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpaiomihcebnclahoknbodeiaiohcdi [2014-04-10]
CHR Extension: (Google Wallet) - C:\Users\presentation\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
CHR Extension: (Gmail) - C:\Users\presentation\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-10]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 lxec_device; C:\Windows\system32\lxeccoms.exe [598696 2010-04-14] ( )
R2 SLService; C:\Windows\system32\slmdmsr.exe [61440 2005-05-10] ( )
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-13] (VIA Technologies, Inc. )
R3 Mtlmnt5; C:\Windows\System32\DRIVERS\SLDRV\Mtlmnt5.sys [237616 2005-05-10] ( )
S3 Mtlstrm; C:\Windows\System32\DRIVERS\SLDRV\Mtlstrm.sys [1464912 2005-06-21] ( )
R0 RecAgent; C:\Windows\System32\DRIVERS\SLDRV\RecAgent.sys [14680 2005-05-10] ( )
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [801896 2011-04-08] (Realtek Semiconductor Corporation )
R3 Slntamr; C:\Windows\System32\DRIVERS\SLDRV\slntamr.sys [698848 2005-05-10] ( )
S3 SlNtHal; C:\Windows\System32\DRIVERS\SLDRV\Slnthal.sys [101512 2005-10-19] ( )
R3 SlWdmSup; C:\Windows\System32\DRIVERS\SLDRV\SlWdmSup.sys [13248 2005-05-10] ( )
S3 catchme; \??\C:\Users\PRESEN~1\AppData\Local\Temp\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-31 23:42 - 2014-10-31 23:42 - 00009850 _____ () C:\Users\presentation\Desktop\FRST.txt
2014-10-31 23:41 - 2014-10-31 23:42 - 00000000 ____D () C:\FRST
2014-10-31 23:39 - 2014-10-31 23:39 - 01105408 _____ (Farbar) C:\Users\presentation\Desktop\FRST.exe
2014-10-31 23:36 - 2014-10-31 23:36 - 00001036 _____ () C:\Users\presentation\Desktop\JRT.txt
2014-10-31 23:33 - 2014-10-31 23:33 - 00000000 ____D () C:\Windows\ERUNT
2014-10-31 23:30 - 2014-10-31 23:30 - 01706144 _____ (Thisisu) C:\Users\presentation\Desktop\JRT.exe
2014-10-31 23:23 - 2014-10-31 23:25 - 00000000 ____D () C:\AdwCleaner
2014-10-31 23:22 - 2014-10-31 23:22 - 01375089 _____ () C:\Users\presentation\Desktop\adwcleaner_3.311.exe
2014-10-31 22:59 - 2014-10-31 22:59 - 00008742 _____ () C:\ComboFix.txt
2014-10-31 20:39 - 2014-10-31 22:59 - 00000000 ____D () C:\Qoobox
2014-10-31 20:39 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-31 20:39 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-31 20:39 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-31 20:39 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-31 20:39 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-31 20:39 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-31 20:39 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-31 20:39 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-31 20:38 - 2014-10-31 21:04 - 00000000 ____D () C:\Windows\erdnt
2014-10-31 20:38 - 2014-10-31 20:32 - 05591672 ____R (Swearware) C:\Users\presentation\Desktop\ComboFix.exe
2014-10-31 10:13 - 2014-10-31 10:13 - 00001055 _____ () C:\Users\presentation\Desktop\mbam-complete2.txt
2014-10-31 09:06 - 2014-10-31 09:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-30 23:37 - 2014-10-31 09:30 - 00000000 ____D () C:\Users\presentation\Desktop\mbar
2014-10-30 23:31 - 2014-10-30 23:27 - 14349744 _____ (Malwarebytes Corp.) C:\Users\presentation\Desktop\mbar-1.07.0.1012.exe
2014-10-30 23:29 - 2014-10-30 23:29 - 00003429 _____ () C:\Users\presentation\Desktop\RKreport_DEL_10302014_232831.log
2014-10-30 23:18 - 2014-10-30 23:18 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-30 23:17 - 2014-10-30 23:17 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-30 23:16 - 2014-10-30 23:12 - 14670424 _____ () C:\Users\presentation\Desktop\RogueKiller.exe
2014-10-30 23:13 - 2014-10-30 23:13 - 00009514 _____ () C:\Users\presentation\Desktop\dds.txt
2014-10-30 09:08 - 2014-10-30 09:08 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-10-30 09:06 - 2014-10-30 08:54 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\presentation\Desktop\tdsskiller.exe
2014-10-29 16:03 - 2014-10-29 16:03 - 00001586 _____ () C:\Users\presentation\Desktop\mbam2.txt
2014-10-29 14:53 - 2014-10-29 14:53 - 00000000 ___HD () C:\Windows\PIF
2014-10-29 11:42 - 2014-10-30 23:13 - 00008173 _____ () C:\Users\presentation\Desktop\attach.txt
2014-10-29 11:04 - 2014-10-29 09:45 - 00688992 ____R (Swearware) C:\Users\presentation\Desktop\dds.com
2014-10-29 11:02 - 2014-10-29 11:02 - 00001306 _____ () C:\Users\presentation\Desktop\mbam-complete.txt
2014-10-29 11:01 - 2014-10-29 11:01 - 00001286 _____ () C:\Users\presentation\Desktop\mbam.txt
2014-10-29 10:09 - 2014-10-31 09:32 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-29 10:09 - 2014-10-31 09:01 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-29 10:09 - 2014-10-29 10:09 - 00001063 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-29 10:09 - 2014-10-29 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-29 10:09 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-29 10:09 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-29 10:00 - 2014-10-29 09:50 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\presentation\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-29 09:26 - 2014-10-29 09:27 - 00000000 ____D () C:\Users\presentation\Desktop\Printer
2014-10-28 15:52 - 2014-10-06 08:10 - 10113336 _____ (Malwarebytes Corporation ) C:\Users\presentation\Desktop\mbam-rules.exe
2014-10-28 15:50 - 2014-10-28 15:40 - 07747104 _____ (Malwarebytes Corporation ) C:\Users\presentation\Desktop\mbam-rules3.exe
2014-10-27 14:27 - 2014-10-27 13:22 - 94494994 _____ () C:\Users\presentation\Desktop\u15iavi8462il.bin
2014-10-27 10:46 - 2014-10-24 14:59 - 2692162560 _____ () C:\Users\presentation\Desktop\backup.pst
2014-10-27 10:33 - 2014-10-28 16:54 - 00000000 ____D () C:\Users\presentation\Desktop\New folder
2014-10-24 13:43 - 2014-10-24 13:43 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-10-24 11:42 - 2014-10-23 11:01 - 2389197824 _____ () C:\Users\presentation\Desktop\Outlook.pst
2014-10-24 08:48 - 2014-10-29 14:58 - 00000000 ____D () C:\Windows\pss
2014-10-23 15:34 - 2014-10-29 10:09 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-23 15:25 - 2014-10-29 10:02 - 00000000 ____D () C:\Users\presentation\AppData\Roaming\Malwarebytes
2014-10-23 15:25 - 2014-10-29 10:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-23 13:37 - 2014-10-23 13:37 - 00000000 ____D () C:\Users\presentation\AppData\Roaming\AVG2015
2014-10-23 13:33 - 2014-10-23 13:33 - 00000000 ____D () C:\Users\presentation\AppData\Roaming\TuneUp Software
2014-10-23 13:06 - 2014-10-29 13:54 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-23 13:06 - 2014-10-29 13:06 - 00000000 ____D () C:\$AVG
2014-10-23 12:57 - 2014-10-29 13:54 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-23 12:57 - 2014-10-23 13:49 - 00000000 ____D () C:\Users\presentation\AppData\Local\Avg2015
2014-10-23 12:57 - 2014-10-23 12:57 - 00000000 ____D () C:\Users\presentation\AppData\Local\MFAData
2014-10-23 11:56 - 2014-10-23 11:56 - 00000000 ____D () C:\%APPDATA%
2014-10-23 11:49 - 2014-10-23 11:49 - 00001826 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2014-10-23 11:49 - 2014-10-23 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2014-10-23 11:49 - 2014-10-23 11:49 - 00000000 ____D () C:\Program Files\ImgBurn
2014-10-23 11:17 - 2014-10-23 11:17 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-10-22 09:11 - 2014-10-22 16:04 - 00078848 _____ () C:\Users\presentation\Documents\22-10-14.xls
2014-10-22 08:29 - 2014-10-22 08:29 - 00007605 _____ () C:\Users\presentation\AppData\Local\Resmon.ResmonCfg
2014-10-21 23:42 - 2014-10-23 07:29 - 00000000 _____ () C:\Users\presentation\AppData\Local\dfsmowas.log
2014-10-21 17:19 - 2014-10-21 17:19 - 00000000 _____ () C:\Users\presentation\AppData\Local\ijbvhmbg.log
2014-10-21 17:19 - 2014-10-21 17:19 - 00000000 _____ () C:\Users\presentation\AppData\Local\bqmsobwc.log
2014-10-21 17:18 - 2014-10-23 15:19 - 00000028 _____ () C:\Users\presentation\AppData\Local\fmxrcubc.log
2014-10-21 17:18 - 2014-10-21 17:18 - 00000064 _____ () C:\ProgramData\srroxsug.log
2014-10-20 11:07 - 2014-10-17 11:36 - 00078336 _____ () C:\Users\presentation\Documents\17-10-14 - Copy - Copy (2).xls
2014-10-20 11:06 - 2014-10-17 11:36 - 00078336 _____ () C:\Users\presentation\Documents\17-10-14 - Copy - Copy.xls
2014-10-17 07:42 - 2014-10-21 16:09 - 00081408 _____ () C:\Users\presentation\Documents\21-10-14 - Copy.xls
2014-10-15 08:01 - 2014-10-16 15:46 - 00078848 _____ () C:\Users\presentation\Documents\16-10-14.xls
2014-10-14 06:55 - 2014-10-14 06:55 - 00138824 _____ () C:\Windows\Minidump\101414-55265-01.dmp
2014-10-09 12:48 - 2014-10-09 12:48 - 00041129 _____ () C:\Users\presentation\Documents\BASL Proposed Revised Scope of Work as at 300614 - Progressed at 300914.zip
2014-10-08 09:55 - 2014-10-31 23:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-08 09:55 - 2014-10-08 09:55 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-08 09:55 - 2014-10-08 09:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-06 09:02 - 2014-10-06 09:02 - 10136960 _____ (Malwarebytes Corporation ) C:\Users\presentation\Desktop\mbam2-rules.exe
2014-10-02 11:15 - 2014-10-08 15:05 - 00045017 _____ () C:\Users\presentation\Documents\BASL Proposed Revised Scope of Work as at 300614 - Progressed at 300914.xlsx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-31 23:33 - 2009-07-14 04:34 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-31 23:33 - 2009-07-14 04:34 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-31 23:29 - 2011-02-04 16:47 - 01111802 _____ () C:\Windows\WindowsUpdate.log
2014-10-31 23:26 - 2013-12-18 15:57 - 00035090 _____ () C:\ProgramData\lxecscan.log
2014-10-31 23:26 - 2011-02-07 08:00 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-31 23:26 - 2011-02-07 07:52 - 00020702 _____ () C:\Windows\PFRO.log
2014-10-31 23:26 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-31 23:26 - 2009-07-14 04:39 - 00058042 _____ () C:\Windows\setupact.log
2014-10-31 23:10 - 2011-02-07 08:00 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-31 22:55 - 2009-07-14 02:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-31 22:38 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-31 22:38 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-10-31 21:08 - 2009-07-14 02:37 - 00000000 __RHD () C:\Users\Default
2014-10-31 21:08 - 2009-07-14 02:37 - 00000000 ___RD () C:\Users\Public
2014-10-29 13:11 - 2011-02-04 09:21 - 00717892 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-23 14:19 - 2014-06-09 15:29 - 00000000 ____D () C:\Users\presentation\AppData\Roaming\Ufno
2014-10-23 11:13 - 2011-02-04 09:15 - 00000000 ____D () C:\Users\presentation
2014-10-14 08:04 - 2011-02-04 10:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-14 06:55 - 2014-01-03 16:43 - 00000000 ____D () C:\Windows\Minidump
2014-10-02 15:58 - 2013-11-11 15:15 - 00000000 ____D () C:\Users\presentation\Documents\CV
Some content of TEMP:
====================
C:\Users\presentation\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-27 16:41
==================== End Of Log ============================