This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Troj/JenxLnk-B not removed by Sophos Clean

Hello.

My USB key got infected by a virus that Sophos identifies as Troj/JenxLnk-B. It creates a link named System Volume information.lnk in the root dir of my key.

I ran Sophos Clean to remove it, and it apparently found it but couldn't clean/temove it. No virus was detected instead on my hard disk. 

I managed to remove the lnk file by using rd /s /q "e:\System Volume information" command but the lnk file reappears any time I insert my USB key in my computer. Also, the virus spreads to any orther (previously clean) USB key I insert. This might mean that the virus seats on my PC, although undetected. Any suggestion on how to get rid of it?

My PC runs Win 10 Pro 64 bit.

Thank you and regards

Dario 



This thread was automatically locked due to age.
Parents
  • Hello Dario,

    I'd suggest to use the Source Of Infection tool to find out which process writes the rogue .lnk.
    Did Sophos Clean tell that it failed to clean/remove it (what does it say in the log) or did it claim success and the .lnk was still there.

    Christian 

  • Hi, Christian.

    Sophos says 

    2017-09-26 23:54:06.876 File "F:\System Volume Information.lnk" has been cleaned up

    I don't know if it's important but Sophos Removal Tool is unable to access any of the files in C:\System Volume Information\

    I'm running SoI (with no switch) but it takes forever. Is that normal? Will it stop or should I terminate it?

    Thank you and regards

    Dario

  • Hello Dario,

    the tool will collect information until it is interrupted by Ctrl-C
    and -n -a "e:\" should filter out the interesting events (assuming the drives are on E:).

    Christian

  • Running with switches I get an empty csv file. This is instead what you get upon insertion of the usb key when running SoI with no switch:

    Date/Time,File path,Process/Network,Process path/Machine name
    "2017/10/03 10:49:02","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:02","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:03","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:49:03","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:49:03","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:49:04","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003084904-020b-event-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:49:04","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:06","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003084906-020c-status-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:49:06","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:06","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:06","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:06","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:06","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:07","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:08","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:08","C:\Windows\Prefetch\DLLHOST.EXE-7D5CE0CA.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:49:08","C:\Windows\Prefetch\PRINTISOLATIONHOST.EXE-3DD89C8E.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:49:09","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:10","E:\System Volume Information.lnk","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:49:10","E:\System Volume Information.lnk","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:49:10","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:11","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:11","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:12","C:\Windows\Prefetch\SVCHOST.EXE-FB759C0F.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:49:12","C:\Windows\Prefetch\WUDFHOST.EXE-DEBBE5F1.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:49:12","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:14","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:14","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:14","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\1c7f9051-4bd8-40cd-8a7b-b42df4ac3541.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:49:14","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\1c7f9051-4bd8-40cd-8a7b-b42df4ac3541.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:49:14","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF4a4f5e6.TMP","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:49:14","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\Preferences","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:49:14","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\1c7f9051-4bd8-40cd-8a7b-b42df4ac3541.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:49:14","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:15","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\ObjectNames","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:49:15","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\ObjectNames","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:49:16","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:16","C:\ProgramData\Sophos\Sophos Anti-Virus\Temp\4f0c0001.$$$","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:49:16","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003084916-020d-status-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:49:16","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:16","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:16","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:16","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:16","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:17","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:17","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:18","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:19","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:21","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:21","C:\ProgramData\Sophos\Sophos Network Threat Protection\Config\Status\status.xml","Process","C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe"
    "2017/10/03 10:49:21","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:21","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:23","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:23","C:\ProgramData\Sophos\Sophos Anti-Virus\Safestore\Safestore.db-journal","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:49:23","E:\System Volume Information.lnk","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:49:23","C:\ProgramData\Sophos\Sophos Anti-Virus\Temp\4f0c0001.$$$","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:49:24","C:\ProgramData\Sophos\Sophos Anti-Virus\Safestore\Safestore.db","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:49:24","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003084924-020e-event-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:49:24","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003084924-020f-event-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:49:24","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:24","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:24","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:25","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003084925-0210-event-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:49:26","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003084926-0211-status-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:49:26","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:26","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:26","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:26","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:26","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:26","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:27","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:28","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:28","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:29","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:31","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:31","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:31","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:31","C:\Windows\Prefetch\TEXTPAD.EXE-BC9068F7.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:49:32","E:\System Volume Information.lnk","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:49:32","E:\System Volume Information.lnk","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:49:33","C:\Windows\Prefetch\SVCHOST.EXE-DB342D66.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:49:33","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:34","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:34","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:35","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:36","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003084936-0212-status-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:49:36","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:36","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:36","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:36","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:36","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:36","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:37","C:\ProgramData\Sophos\Sophos Anti-Virus\Temp\4f210001.$$$","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:49:38","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:38","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:38","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:39","C:\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-wal","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:49:39","C:\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:49:40","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:41","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:41","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:42","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:43","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:43","C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:49:44","C:\ProgramData\Sophos\Sophos Anti-Virus\Safestore\Safestore.db-journal","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:49:44","E:\System Volume Information.lnk","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:49:44","C:\ProgramData\Sophos\Sophos Anti-Virus\Temp\4f210001.$$$","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:49:44","C:\ProgramData\Sophos\Sophos Anti-Virus\Safestore\Safestore.db","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:49:44","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003084944-0213-event-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:49:44","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003084944-0214-event-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:49:45","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:45","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:45","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:46","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003084946-0215-status-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:49:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\b03b1ea5-a623-4578-9119-3dd20685c36f.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:49:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\b03b1ea5-a623-4578-9119-3dd20685c36f.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:49:46","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003084946-0216-event-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:49:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF4a572c7.TMP","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:49:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:49:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\b03b1ea5-a623-4578-9119-3dd20685c36f.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:49:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:47","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:48","C:\Users\DarioNarducci\Google Drive UNIMIB\backup\Thunderbird Incremental Backup 2017-10-03 10;45;14 (Incremental).zip","Process","C:\Program Files (x86)\Cobian Backup 11\cbService.exe"
    "2017/10/03 10:49:48","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:49","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:49","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:49","C:\Windows\Prefetch\SVCHOST.EXE-97AAE991.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:49:49","C:\Windows\Prefetch\CONHOST.EXE-0C6456FB.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:49:49","C:\usr\snmp\persist\snmpapp.conf","Process","C:\Windows\System32\spool\drivers\x64\3\KACT2.EXE"
    "2017/10/03 10:49:49","C:\usr\snmp\persist\snmpapp.conf","Process","C:\Windows\System32\spool\drivers\x64\3\KACT2.EXE"
    "2017/10/03 10:49:49","C:\usr\snmp\persist\snmpapp.conf","Process","C:\Windows\System32\spool\drivers\x64\3\KACT2.EXE"
    "2017/10/03 10:49:49","C:\Windows\Prefetch\KACT2.EXE-669B6ED3.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:49:50","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:51","C:\ProgramData\Sophos\Sophos Network Threat Protection\Config\Status\status.xml","Process","C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe"
    "2017/10/03 10:49:51","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:52","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:52","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:52","E:\System Volume Information.lnk","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:49:52","E:\System Volume Information.lnk","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:49:54","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:55","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:55","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:55","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:56","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003084956-0217-status-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:49:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:49:57","C:\Windows\Prefetch\PRINTISOLATIONHOST.EXE-3DD89C8E.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:49:57","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:58","C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-69C456C3.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:49:58","C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-44162447.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:49:58","C:\ProgramData\Sophos\Sophos Anti-Virus\Temp\4f360001.$$$","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:49:58","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:49:58","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:49:59","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:50:00","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132213111312.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132213111312.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132213111312.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132213111312.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:01","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:50:01","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:50:01","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:50:01","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:50:01","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:50:01","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:50:01","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:50:01","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:50:01","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:50:01","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:50:01","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:50:02","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:50:02","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:50:02","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:50:03","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:50:03","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:50:03","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:50:03","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:50:03","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:50:03","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:50:03","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:50:03","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:50:04","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:50:05","C:\ProgramData\Sophos\Sophos Anti-Virus\Safestore\Safestore.db-journal","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:50:05","C:\ProgramData\Sophos\Sophos Anti-Virus\Temp\4f360001.$$$","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:50:05","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:50:05","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:50:05","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:50:06","C:\ProgramData\Sophos\Sophos Anti-Virus\Safestore\Safestore.db","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:50:06","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003085006-0218-event-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:50:06","C:\Users\DarioNarducci\AppData\Local\TileDataLayer\Database\EDB.chk","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:07","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:50:08","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:50:12","C:\Users\DarioNarducci\AppData\Roaming\Helios\TextPad\8\GUIState-1001.xml","Process","C:\Program Files\TextPad 8\TextPad.exe"
    "2017/10/03 10:50:12","C:\Users\DarioNarducci\AppData\Roaming\Helios\TextPad\8\GUIState-1001.xml","Process","C:\Program Files\TextPad 8\TextPad.exe"
    "2017/10/03 10:50:12","C:\Users\DarioNarducci\AppData\Roaming\Helios\TextPad\8\ConfigState.xml","Process","C:\Program Files\TextPad 8\TextPad.exe"
    "2017/10/03 10:50:16","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003085016-0219-status-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:50:16","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:50:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:17","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\ObjectNames","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:50:17","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\ObjectNames","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:50:21","C:\ProgramData\Sophos\Sophos Network Threat Protection\Config\Status\status.xml","Process","C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe"
    "2017/10/03 10:50:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:30","C:\Program Files (x86)\Cobian Backup 11\DB\{0BF76BDE-95A9-432F-B4C0-E67AB74783CC}.cbu","Process","C:\Program Files (x86)\Cobian Backup 11\cbService.exe"
    "2017/10/03 10:50:30","C:\Program Files (x86)\Cobian Backup 11\Logs\log 2017-10-03.txt","Process","C:\Program Files (x86)\Cobian Backup 11\cbService.exe"
    "2017/10/03 10:50:31","C:\Program Files (x86)\Cobian Backup 11\Logs\log 2017-10-03.txt","Process","C:\Program Files (x86)\Cobian Backup 11\cbService.exe"
    "2017/10/03 10:50:31","C:\Program Files (x86)\Cobian Backup 11\Logs\log 2017-10-03.txt","Process","C:\Program Files (x86)\Cobian Backup 11\cbService.exe"
    "2017/10/03 10:50:31","C:\Program Files (x86)\Cobian Backup 11\Logs\log 2017-10-03.txt","Process","C:\Program Files (x86)\Cobian Backup 11\cbService.exe"
    "2017/10/03 10:50:31","C:\Program Files (x86)\Cobian Backup 11\Logs\log 2017-10-03.txt","Process","C:\Program Files (x86)\Cobian Backup 11\cbService.exe"
    "2017/10/03 10:50:31","C:\Program Files (x86)\Cobian Backup 11\Logs\log 2017-10-03.txt","Process","C:\Program Files (x86)\Cobian Backup 11\cbService.exe"
    "2017/10/03 10:50:31","C:\Program Files (x86)\Cobian Backup 11\Logs\log 2017-10-03.txt","Process","C:\Program Files (x86)\Cobian Backup 11\cbService.exe"
    "2017/10/03 10:50:31","C:\Program Files (x86)\Cobian Backup 11\Logs\log 2017-10-03.txt","Process","C:\Program Files (x86)\Cobian Backup 11\cbService.exe"
    "2017/10/03 10:50:31","C:\Program Files (x86)\Cobian Backup 11\Logs\log 2017-10-03.txt","Process","C:\Program Files (x86)\Cobian Backup 11\cbService.exe"
    "2017/10/03 10:50:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:43","C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:50:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\21bdcacf-248a-4852-adf9-a5249e4eaebf.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:50:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\21bdcacf-248a-4852-adf9-a5249e4eaebf.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:50:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF4a65d56.TMP","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:50:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:50:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\21bdcacf-248a-4852-adf9-a5249e4eaebf.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:50:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:51","C:\ProgramData\Sophos\Sophos Network Threat Protection\Config\Status\status.xml","Process","C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe"
    "2017/10/03 10:50:53","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\e06e3690-1cf8-4e85-9b86-1f9fbf5cf0a7.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:50:53","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\e06e3690-1cf8-4e85-9b86-1f9fbf5cf0a7.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:50:53","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF4a679b8.TMP","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:50:53","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\Preferences","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:50:53","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\e06e3690-1cf8-4e85-9b86-1f9fbf5cf0a7.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:50:56","C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp","Process","C:\Windows\System32\SearchIndexer.exe"
    "2017/10/03 10:50:56","C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp","Process","C:\Windows\System32\SearchIndexer.exe"
    "2017/10/03 10:50:56","C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp","Process","C:\Windows\System32\SearchIndexer.exe"
    "2017/10/03 10:50:56","C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbtmp.jtx","Process","C:\Windows\System32\SearchIndexer.exe"
    "2017/10/03 10:50:56","C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbtmp.jtx","Process","C:\Windows\System32\SearchIndexer.exe"
    "2017/10/03 10:50:56","C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbtmp.jtx","Process","C:\Windows\System32\SearchIndexer.exe"
    "2017/10/03 10:50:56","C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp","Process","C:\Windows\System32\SearchIndexer.exe"
    "2017/10/03 10:50:56","C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbtmp.jtx","Process","C:\Windows\System32\SearchIndexer.exe"
    "2017/10/03 10:50:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:50:57","C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp","Process","C:\Windows\System32\SearchIndexer.exe"
    "2017/10/03 10:51:02","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:51:02","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:51:02","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:51:02","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:51:02","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:51:02","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:51:02","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:51:02","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:51:02","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:51:02","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:51:02","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:51:02","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:51:02","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:51:02","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:51:02","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:51:02","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:51:02","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:51:02","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:51:02","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:51:02","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:51:02","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:51:02","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:51:02","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:51:02","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:51:02","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:51:02","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:51:02","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:51:02","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:51:02","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:51:02","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:51:05","C:\Windows\Prefetch\EXPLORER.EXE-D5E97654.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:51:05","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:51:05","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:51:06","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:51:06","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:51:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:09","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat","Process","C:\Windows\System32\backgroundTaskHost.exe"
    "2017/10/03 10:51:09","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.LOG1","Process","C:\Windows\System32\backgroundTaskHost.exe"
    "2017/10/03 10:51:09","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.LOG2","Process","C:\Windows\System32\backgroundTaskHost.exe"
    "2017/10/03 10:51:15","C:\Windows\Prefetch\SMARTSCREEN.EXE-EACC1250.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:51:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:20","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\ObjectNames","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:51:20","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\ObjectNames","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:51:21","C:\ProgramData\Sophos\Sophos Network Threat Protection\Config\Status\status.xml","Process","C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe"
    "2017/10/03 10:51:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:43","C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:51:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\3043e5fc-022f-4ca2-ba29-8a76dfd05afb.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:51:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\3043e5fc-022f-4ca2-ba29-8a76dfd05afb.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:51:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF4a747c6.TMP","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:51:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:51:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\3043e5fc-022f-4ca2-ba29-8a76dfd05afb.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:51:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:51","C:\ProgramData\Sophos\Sophos Network Threat Protection\Config\Status\status.xml","Process","C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe"
    "2017/10/03 10:51:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:51:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:03","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:03","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132213111312.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:03","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:03","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:03","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132213111312.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:03","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:03","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:03","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:03","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:03","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:03","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:03","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:03","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:03","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:03","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:03","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:03","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:03","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:03","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:03","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:04","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:52:04","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:52:04","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:52:04","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:52:04","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:52:04","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:52:04","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:52:04","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:52:04","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:52:04","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:52:04","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:52:04","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:52:04","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:52:04","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:52:04","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:52:04","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:52:04","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:52:04","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:52:04","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:52:04","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:52:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:14","C:\Users\DarioNarducci\AppData\Local\Box Sync\Logs\Icon Overlay-2017-10-03-2017-10-03.log","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:52:16","C:\Windows\Prefetch\DLLHOST.EXE-7D5CE0CA.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:20","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_001a42","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:52:20","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_001a42","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:52:20","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\LOG.old~RF4a7cbab.TMP","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:52:20","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\LOG.old","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:52:20","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\LOG","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:52:20","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_001a43","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:52:20","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_001a43","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:52:21","C:\ProgramData\Sophos\Sophos Network Threat Protection\Config\Status\status.xml","Process","C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe"
    "2017/10/03 10:52:22","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\ObjectNames","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:52:22","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\ObjectNames","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:52:25","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\File System\008\p\.usage","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:52:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:29","C:\Windows\Prefetch\DLLHOST.EXE-DE997741.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:30","C:\Windows\Prefetch\CHROME.EXE-5349D2D8.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:36","C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\~FontCache-S-1-5-18.dat","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:36","C:\Windows\Prefetch\CONSENT.EXE-40419367.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:37","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db","Process","C:\Windows\System32\dllhost.exe"
    "2017/10/03 10:52:37","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db","Process","C:\Windows\System32\dllhost.exe"
    "2017/10/03 10:52:37","C:\Users\DarioNarducci\AppData\Local\Box Sync\Logs\Icon Overlay-2017-10-03-2017-10-03.log","Process","C:\Windows\System32\dllhost.exe"
    "2017/10/03 10:52:37","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\LOCK","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:52:37","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\MANIFEST-000001","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:52:37","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\000209.log","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:52:37","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\LOG","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:52:39","C:\Users\DarioNarducci\AppData\Local\Sophos\Sophos Anti-Virus\logs\RightClickScan.txt","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:52:39","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:52:39","C:\Windows\Prefetch\SOPHOSUI.EXE-C6452879.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:41","C:\Windows\Prefetch\DLLHOST.EXE-95797F8F.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:41","C:\Windows\Prefetch\DLLHOST.EXE-95797F8F.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:42","C:\Users\DarioNarducci\AppData\Local\Sophos\Sophos Anti-Virus\Config\user.xml","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:52:43","C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:52:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\24665350-986b-4842-8adf-71e0818be4cc.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:52:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\24665350-986b-4842-8adf-71e0818be4cc.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:52:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF4a83206.TMP","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:52:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:52:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\24665350-986b-4842-8adf-71e0818be4cc.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:52:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:51","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Crashpad\metadata","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:52:51","C:\ProgramData\Sophos\Sophos Network Threat Protection\Config\Status\status.xml","Process","C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe"
    "2017/10/03 10:52:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:52:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132213111312.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132213111312.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132213111312.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:06","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:53:06","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:53:06","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:53:06","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:53:06","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:53:06","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:53:06","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:53:06","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:53:06","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:53:06","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:53:06","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:53:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:17","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:17","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:17","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:17","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:17","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:17","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:17","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:17","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:17","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:17","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:17","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:17","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:17","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:17","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:17","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:17","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:18","C:\Windows\Temp\SwiAE52.tmp","Process","C:\Program Files\Sierra Wireless Inc\Utils\SwiService.exe"
    "2017/10/03 10:53:18","C:\ProgramData\Sierra Wireless\Persistent Logging\354078075736395__9902940 05.06__005.017_002__SWI9X15C_05.05.47.00 r24787 carmd-fwbuild1 2014_09_25 08_39_40.log","Process","C:\Program Files\Sierra Wireless Inc\Utils\SwiService.exe"
    "2017/10/03 10:53:21","C:\ProgramData\Sophos\Sophos Network Threat Protection\Config\Status\status.xml","Process","C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe"
    "2017/10/03 10:53:23","C:\Users\DarioNarducci\AppData\Roaming\Thunderbird\Profiles\bcfu17f1.default\datareporting\aborted-session-ping.tmp","Process","C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"
    "2017/10/03 10:53:24","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:53:24","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003085324-021a-event-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:53:24","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:53:24","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:24","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:24","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\ObjectNames","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:53:24","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\ObjectNames","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:53:24","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:24","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:26","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003085326-021b-status-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:53:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:27","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:53:28","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:53:29","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:53:30","E:\System Volume Information.lnk","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:53:30","E:\System Volume Information.lnk","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:53:31","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:53:32","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:53:32","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:53:32","C:\Users\DarioNarducci\AppData\Roaming\Helios\TextPad\8\GUIState-1001.xml","Process","C:\Program Files\TextPad 8\TextPad.exe"
    "2017/10/03 10:53:32","C:\Users\DarioNarducci\AppData\Roaming\Helios\TextPad\8\GUIState-1001.xml","Process","C:\Program Files\TextPad 8\TextPad.exe"
    "2017/10/03 10:53:32","C:\Users\DarioNarducci\AppData\Roaming\Helios\TextPad\8\ConfigState.xml","Process","C:\Program Files\TextPad 8\TextPad.exe"
    "2017/10/03 10:53:33","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:53:33","C:\Windows\Prefetch\SVCHOST.EXE-FB759C0F.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:33","C:\Windows\Prefetch\WUDFHOST.EXE-DEBBE5F1.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:34","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:34","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:34","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:34","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:34","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:34","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:34","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:35","C:\ProgramData\Sophos\Sophos Anti-Virus\Temp\500f0001.$$$","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:53:35","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:53:35","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:53:36","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:53:36","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003085336-021c-status-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:53:36","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:53:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:38","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:53:39","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:53:39","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:53:40","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\EDZX3468\www.bing[1].xml","Process","C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"
    "2017/10/03 10:53:40","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk","Process","C:\Windows\System32\dllhost.exe"
    "2017/10/03 10:53:40","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log","Process","C:\Windows\System32\dllhost.exe"
    "2017/10/03 10:53:40","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk","Process","C:\Windows\System32\dllhost.exe"
    "2017/10/03 10:53:40","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log","Process","C:\Windows\System32\dllhost.exe"
    "2017/10/03 10:53:40","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log","Process","C:\Windows\System32\dllhost.exe"
    "2017/10/03 10:53:40","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb","Process","C:\Windows\System32\dllhost.exe"
    "2017/10/03 10:53:40","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb","Process","C:\Windows\System32\dllhost.exe"
    "2017/10/03 10:53:40","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:53:41","C:\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-wal","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:41","C:\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:42","C:\ProgramData\Sophos\Sophos Anti-Virus\Safestore\Safestore.db-journal","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:53:42","E:\System Volume Information.lnk","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:53:42","C:\Windows\Prefetch\TOKENBROKERCOOKIES.EXE-33D475C4.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:42","C:\Windows\Prefetch\TOKENBROKERCOOKIES.EXE-33D475C4.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:42","C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies\R76O9RRV.cookie","Process","C:\Windows\System32\TokenBrokerCookies.exe"
    "2017/10/03 10:53:42","C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies\R76O9RRV.cookie","Process","C:\Windows\System32\TokenBrokerCookies.exe"
    "2017/10/03 10:53:42","C:\Windows\Prefetch\TOKENBROKERCOOKIES.EXE-33D475C4.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:42","C:\Windows\Prefetch\TOKENBROKERCOOKIES.EXE-33D475C4.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:42","C:\Windows\Prefetch\TOKENBROKERCOOKIES.EXE-33D475C4.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:42","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:53:42","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\LocalState\u_98hm77duq6iafc4ac6ah5bgm\c_b4ru66lvganfq5nd07icemea\a_k0d3p7ef9etr0bab3ndnhosd","Process","C:\Windows\System32\backgroundTaskHost.exe"
    "2017/10/03 10:53:42","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\LocalState\u_98hm77duq6iafc4ac6ah5bgm\c_b4ru66lvganfq5nd07icemea\a_k0d3p7ef9etr0bab3ndnhosd.~tmp","Process","C:\Windows\System32\backgroundTaskHost.exe"
    "2017/10/03 10:53:42","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\LocalState\u_98hm77duq6iafc4ac6ah5bgm\c_b4ru66lvganfq5nd07icemea\a_k0d3p7ef9etr0bab3ndnhosd~RF4a90cd6.TMP","Process","C:\Windows\System32\backgroundTaskHost.exe"
    "2017/10/03 10:53:42","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\LocalState\u_98hm77duq6iafc4ac6ah5bgm\c_b4ru66lvganfq5nd07icemea\a_k0d3p7ef9etr0bab3ndnhosd","Process","C:\Windows\System32\backgroundTaskHost.exe"
    "2017/10/03 10:53:42","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\LocalState\u_98hm77duq6iafc4ac6ah5bgm\c_b4ru66lvganfq5nd07icemea\a_k0d3p7ef9etr0bab3ndnhosd.~tmp","Process","C:\Windows\System32\backgroundTaskHost.exe"
    "2017/10/03 10:53:42","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:53:42","C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp","Process","C:\Windows\System32\SearchIndexer.exe"
    "2017/10/03 10:53:42","C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies\HKPSCO0I.cookie","Process","C:\Windows\System32\TokenBrokerCookies.exe"
    "2017/10/03 10:53:42","C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies\HKPSCO0I.cookie","Process","C:\Windows\System32\TokenBrokerCookies.exe"
    "2017/10/03 10:53:42","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat","Process","C:\Windows\System32\backgroundTaskHost.exe"
    "2017/10/03 10:53:42","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1","Process","C:\Windows\System32\backgroundTaskHost.exe"
    "2017/10/03 10:53:42","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2","Process","C:\Windows\System32\backgroundTaskHost.exe"
    "2017/10/03 10:53:42","C:\Windows\Prefetch\TOKENBROKERCOOKIES.EXE-33D475C4.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:42","C:\Windows\Prefetch\TOKENBROKERCOOKIES.EXE-33D475C4.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:42","C:\Windows\Prefetch\TOKENBROKERCOOKIES.EXE-33D475C4.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:42","C:\Windows\Prefetch\TOKENBROKERCOOKIES.EXE-33D475C4.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:42","C:\Windows\Prefetch\TOKENBROKERCOOKIES.EXE-33D475C4.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:42","C:\Windows\Prefetch\BACKGROUNDTASKHOST.EXE-08B3A5D7.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:42","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\TokenBroker\Cache\cb48d827e979803705ff97d5f559269405c467b9.tbres","Process","C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"
    "2017/10/03 10:53:43","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\NJCVA9EM.cookie","Process","C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"
    "2017/10/03 10:53:43","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\NJCVA9EM.cookie","Process","C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"
    "2017/10/03 10:53:43","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:53:43","E:\System Volume Information.lnk","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:53:43","C:\ProgramData\Sophos\Sophos Anti-Virus\Temp\500f0001.$$$","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:53:43","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\EDZX3468\www.bing[1].xml","Process","C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"
    "2017/10/03 10:53:43","C:\ProgramData\Sophos\Sophos Anti-Virus\Safestore\Safestore.db","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:53:43","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003085343-021d-event-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:53:43","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003085343-021e-event-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:53:43","C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:44","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:53:45","E:\System Volume Information.lnk","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:53:45","E:\System Volume Information.lnk","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:53:45","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\EDZX3468\www.bing[1].xml","Process","C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"
    "2017/10/03 10:53:46","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:53:46","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\EDZX3468\www.bing[1].xml","Process","C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"
    "2017/10/03 10:53:46","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:53:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\8f7612d3-227b-4c44-a55d-3acdca053981.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:53:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\8f7612d3-227b-4c44-a55d-3acdca053981.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:53:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF4a91c57.TMP","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:53:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:53:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\8f7612d3-227b-4c44-a55d-3acdca053981.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:53:46","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:53:47","C:\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-shm","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:47","C:\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-wal","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:47","C:\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:47","C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\~FontCache-S-1-5-18.dat","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:47","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:47","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:53:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:47","C:\Windows\Prefetch\DLLHOST.EXE-C7F45418.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:48","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:53:49","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:53:49","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:53:50","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:53:50","C:\ProgramData\Sophos\Sophos Anti-Virus\Temp\501e0001.$$$","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:53:51","C:\ProgramData\Sophos\Sophos Network Threat Protection\Config\Status\status.xml","Process","C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe"
    "2017/10/03 10:53:51","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:53:52","C:\Windows\Prefetch\DLLHOST.EXE-95797F8F.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:52","C:\Windows\Prefetch\DLLHOST.EXE-95797F8F.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:52","C:\Windows\Prefetch\SVCHOST.EXE-9903B513.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:53","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:53:53","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:53:53","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:53:55","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:53:55","C:\ProgramData\Sophos\Sophos Anti-Virus\Safestore\Safestore.db-journal","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:53:55","E:\System Volume Information.lnk","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:53:55","C:\ProgramData\Sophos\Sophos Anti-Virus\Temp\501e0001.$$$","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:53:56","C:\ProgramData\Sophos\Sophos Anti-Virus\Safestore\Safestore.db","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:53:56","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003085356-021f-event-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:53:56","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003085356-0220-event-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:53:56","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:53:57","C:\Windows\Prefetch\BACKGROUNDTASKHOST.EXE-0A7848BC.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:57","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:53:57","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:53:57","C:\Windows\Prefetch\CMD.EXE-0BD30981.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:57","C:\Windows\Prefetch\CONHOST.EXE-0C6456FB.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:53:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:53:58","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003085358-0221-event-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:53:58","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:53:59","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Profile 1\b446cb75-e704-4597-b3fd-1fa017349b66.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:53:59","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Profile 1\b446cb75-e704-4597-b3fd-1fa017349b66.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:53:59","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences~RF4a94ed1.TMP","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:53:59","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:53:59","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Profile 1\b446cb75-e704-4597-b3fd-1fa017349b66.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:54:00","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:54:00","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:54:00","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:54:00","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:54:01","C:\Users\DarioNarducci\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\20fa31568759e05b.automaticDestinations-ms","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:54:01","C:\Users\DarioNarducci\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:54:01","C:\Users\DarioNarducci\AppData\Roaming\Microsoft\Windows\Recent\Clean.txt.lnk","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:54:01","C:\Users\DarioNarducci\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:54:02","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:54:03","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:54:04","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:54:04","E:\System Volume Information.lnk","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:54:04","E:\System Volume Information.lnk","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:54:05","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:54:05","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:54:05","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:54:05","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:54:05","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:54:05","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:54:05","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:54:05","C:\Users\DarioNarducci\AppData\Local\Box Sync\Logs\Context Menu-2017-10-03-2017-10-03.log","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:54:05","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:54:05","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:54:05","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:54:06","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003085406-0222-status-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:54:07","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:07","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132213111312.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132213111312.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:07","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:54:07","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:54:07","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:54:07","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:54:07","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:54:07","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:54:07","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:54:07","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:54:07","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:54:07","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:54:07","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:54:08","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\7ea68b02-7abf-4cee-abda-75a83db756d5.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:54:08","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\7ea68b02-7abf-4cee-abda-75a83db756d5.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:54:09","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF4a973ae.TMP","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:54:09","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\Preferences","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:54:09","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\7ea68b02-7abf-4cee-abda-75a83db756d5.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:54:09","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:54:09","C:\ProgramData\Sophos\Sophos Anti-Virus\Temp\50310001.$$$","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:54:10","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:54:10","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:54:10","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:54:11","C:\Windows\Prefetch\TEXTPAD.EXE-BC9068F7.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:12","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:54:13","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:54:14","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:54:14","C:\ProgramData\Sophos\Sophos Anti-Virus\Safestore\Safestore.db-journal","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:54:14","E:\System Volume Information.lnk","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:54:15","C:\ProgramData\Sophos\Sophos Anti-Virus\Temp\50310001.$$$","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:54:15","C:\ProgramData\Sophos\Sophos Anti-Virus\Safestore\Safestore.db","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:54:15","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003085415-0223-event-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:54:15","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003085415-0224-event-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:54:15","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:54:16","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:54:16","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003085416-0225-status-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:54:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:17","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:54:18","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:54:20","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:54:20","C:\Users\DarioNarducci\AppData\Roaming\Thunderbird\Profiles\bcfu17f1.default\Mail\pop.unimib-2.it\popstate.dat","Process","C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"
    "2017/10/03 10:54:20","C:\Users\DarioNarducci\AppData\Roaming\Thunderbird\Profiles\bcfu17f1.default\Mail\pop.unimib-2.it\popstate-1.dat","Process","C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"
    "2017/10/03 10:54:21","C:\ProgramData\Sophos\Sophos Network Threat Protection\Config\Status\status.xml","Process","C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe"
    "2017/10/03 10:54:25","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:54:27","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\ObjectNames","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:54:27","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\ObjectNames","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:54:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:30","E:\System Volume Information\WPSettings.dat","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:31","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:54:31","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:54:32","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003085432-0226-event-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:54:32","E:\System Volume Information\IndexerVolumeGuid","Process","C:\Windows\System32\SearchIndexer.exe"
    "2017/10/03 10:54:34","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:54:35","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:54:36","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003085436-0227-status-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:54:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:38","E:\ntuser.vbe","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:54:38","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:54:38","E:\System Volume Information.lnk","Process","C:\Windows\System32\wscript.exe"
    "2017/10/03 10:54:39","E:\System Volume Information.lnk","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:54:39","E:\System Volume Information.lnk","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:54:40","C:\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Deployment.srd-shm","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:40","C:\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Deployment.srd-wal","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:40","C:\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Deployment.srd","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:40","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:54:41","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:54:43","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:54:43","C:\ProgramData\Sophos\Sophos Anti-Virus\Safestore\Safestore.db","Process","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
    "2017/10/03 10:54:43","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003085443-0228-event-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:54:43","C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:54:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\65051e2b-5cda-4303-8b87-aa468cbe1d6b.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:54:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\65051e2b-5cda-4303-8b87-aa468cbe1d6b.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:54:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF4aa06c6.TMP","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:54:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:54:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\65051e2b-5cda-4303-8b87-aa468cbe1d6b.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:54:46","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\20171003085446-0229-status-SAV.xml","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:54:46","C:\Users\DarioNarducci\AppData\Roaming\Thunderbird\Profiles\bcfu17f1.default\Mail\pop.mater.unimib.it\popstate.dat","Process","C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"
    "2017/10/03 10:54:46","C:\Users\DarioNarducci\AppData\Roaming\Thunderbird\Profiles\bcfu17f1.default\Mail\pop.mater.unimib.it\popstate-1.dat","Process","C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"
    "2017/10/03 10:54:46","C:\Users\DarioNarducci\AppData\Roaming\Thunderbird\Profiles\bcfu17f1.default\Mail\pop.mater.unimib.it\popstate.dat","Process","C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"
    "2017/10/03 10:54:46","C:\Users\DarioNarducci\AppData\Roaming\Thunderbird\Profiles\bcfu17f1.default\Mail\pop.mater.unimib.it\popstate-1.dat","Process","C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"
    "2017/10/03 10:54:47","C:\Users\DarioNarducci\AppData\Roaming\Thunderbird\Profiles\bcfu17f1.default\Mail\pop.tiscali.it\popstate.dat","Process","C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"
    "2017/10/03 10:54:47","C:\Users\DarioNarducci\AppData\Roaming\Thunderbird\Profiles\bcfu17f1.default\Mail\pop.tiscali.it\popstate-1.dat","Process","C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"
    "2017/10/03 10:54:47","C:\Users\DarioNarducci\AppData\Roaming\Thunderbird\Profiles\bcfu17f1.default\Mail\pop.tiscali.it\popstate.dat","Process","C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"
    "2017/10/03 10:54:47","C:\Users\DarioNarducci\AppData\Roaming\Thunderbird\Profiles\bcfu17f1.default\Mail\pop.tiscali.it\popstate-1.dat","Process","C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"
    "2017/10/03 10:54:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:47","C:\Users\DarioNarducci\AppData\Roaming\Helios\TextPad\8\GUIState-1001.xml","Process","C:\Program Files\TextPad 8\TextPad.exe"
    "2017/10/03 10:54:47","C:\Users\DarioNarducci\AppData\Roaming\Helios\TextPad\8\GUIState-1001.xml","Process","C:\Program Files\TextPad 8\TextPad.exe"
    "2017/10/03 10:54:47","C:\Users\DarioNarducci\AppData\Roaming\Helios\TextPad\8\ConfigState.xml","Process","C:\Program Files\TextPad 8\TextPad.exe"
    "2017/10/03 10:54:47","C:\ProgramData\Sophos\Sophos Home\Logs\SophosHome.log","Process","C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe"
    "2017/10/03 10:54:51","C:\ProgramData\Sophos\Sophos Network Threat Protection\Config\Status\status.xml","Process","C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe"
    "2017/10/03 10:54:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:57","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:54:59","C:\Windows\Prefetch\DLLHOST.EXE-7D5CE0CA.pf","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:55:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:07","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132213111312.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Microsoft\Windows\LfSvc\Cache\Wifi12022132300211203.tile","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:55:09","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:55:09","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:55:09","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:55:09","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:55:09","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:55:09","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:55:09","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:55:09","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:55:09","C:\Windows\System32\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:55:09","C:\Users\DarioNarducci\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:55:09","C:\ProgramData\Intel\Wireless\WLANProfiles\ITProfil.enc","Process","C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    "2017/10/03 10:55:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:17","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:21","C:\ProgramData\Sophos\Sophos Network Threat Protection\Config\Status\status.xml","Process","C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe"
    "2017/10/03 10:55:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:27","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:29","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\ObjectNames","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:55:29","C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\ObjectNames","Process","C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe"
    "2017/10/03 10:55:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:37","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:41","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:55:41","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:55:41","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:55:41","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:55:41","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:55:41","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:55:41","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:55:41","C:\Users\DarioNarducci\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db","Process","C:\Windows\explorer.exe"
    "2017/10/03 10:55:43","C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat","Process","C:\Windows\System32\svchost.exe"
    "2017/10/03 10:55:45","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.jfm","Process","C:\Windows\System32\dllhost.exe"
    "2017/10/03 10:55:45","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb","Process","C:\Windows\System32\dllhost.exe"
    "2017/10/03 10:55:45","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk","Process","C:\Windows\System32\dllhost.exe"
    "2017/10/03 10:55:45","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk","Process","C:\Windows\System32\dllhost.exe"
    "2017/10/03 10:55:45","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk","Process","C:\Windows\System32\dllhost.exe"
    "2017/10/03 10:55:45","C:\Users\DarioNarducci\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log","Process","C:\Windows\System32\dllhost.exe"
    "2017/10/03 10:55:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\2d652d76-c865-4472-9668-fe096e9715c2.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:55:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\2d652d76-c865-4472-9668-fe096e9715c2.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:55:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF4aaf146.TMP","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:55:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:55:46","C:\Users\DarioNarducci\AppData\Local\Google\Chrome\User Data\Default\2d652d76-c865-4472-9668-fe096e9715c2.tmp","Process","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    "2017/10/03 10:55:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"
    "2017/10/03 10:55:47","C:\ProgramData\Logishrd\registry.json","Process","C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe"

  • Hello Dario,

    looks like there's a wscript.exe running which does something on the E: drive. And what's this E:\ntuser.vbe (from the extension it's an encoded VB script)?
    Does the AV-log %ProgramData%\Sophos\Sophos Anti-Virus\logs\SAV.txt show any detections?

    Christian

  • No idea. I see no ntuser.vbe file in my USB key, AV log says (in Italian?)

    20171003 093536 File "E:\System Volume Information.lnk" appartiene al virus/spyware 'Troj/JenxLnk-B'.
    20171003 093538 File "E:\System Volume Information.lnk" appartiene al virus/spyware 'Troj/JenxLnk-B'.
    20171003 093538 Lo scanner in accesso ha negato l'accesso alla cartella "E:\System Volume Information.lnk" per l'utente BICOCCA\dario.narducci
    .
    20171003 093539 File "E:\System Volume Information.lnk" appartiene al virus/spyware 'Troj/JenxLnk-B'.
    20171003 093539 File "E:\System Volume Information.lnk" appartiene al virus/spyware 'Troj/JenxLnk-B'.
    20171003 093541 File "E:\System Volume Information.lnk" appartiene al virus/spyware 'Troj/JenxLnk-B'.
    20171003 093541 Lo scanner in accesso ha negato l'accesso alla cartella "E:\System Volume Information.lnk" per l'utente BICOCCA\dario.narducci
    .
    20171003 093543 File "E:\System Volume Information.lnk" appartiene al virus/spyware 'Troj/JenxLnk-B'.
    20171003 093545 File "E:\System Volume Information.lnk" appartiene al virus/spyware 'Troj/JenxLnk-B'.
    20171003 093545 Lo scanner in accesso ha negato l'accesso alla cartella "E:\System Volume Information.lnk" per l'utente BICOCCA\dario.narducci
    .
    20171003 093547 File "E:\System Volume Information.lnk" è stato disinfettato.
    20171003 093547 La scansione di "E:\System Volume Information.lnk" ha generato l'errore 0xa0040210 di SAV Interfaccia: Impossibile accedere al file.
    20171003 093546 File "E:\System Volume Information.lnk" appartiene al virus/spyware 'Troj/JenxLnk-B'.
    20171003 093547 Virus/spyware 'Troj/JenxLnk-B' rimosso.

     

    However, "E:\System Volume Information.lnk"  keeps reappearing...

    What can I do?

    Thanks

    Dario

  • Hello Dario,

    keeps reappearing
    as said, SOI indicates that a wscript.exe process is writing the .lnk and also the ntuser.vbe that you can't find.
    I'd suggest that you use Process Explorer to find the offending wscript.exe process. It should show the command line used to start it and thus possibly the (rogue) script being executed.
    Kill the process and then check if the .lnk reappears or not. Did you ever reboot since the first detection? If the behaviour persists across reboots Autoruns should help to determine how this is achieved.

    Christian

  • Hi, Christian, done. ntuser.vbe was actually hidden, so I had first to change its attribs (HS), then stopped wscript process and finally could erase ntuser.vbe. Infection ended.

    Thank you so much! Wondering however why Sophos Virus Removal Tool couldn't take care of the problem in my place...

    Dario

  • Hello Dario,

    you should have submitted the ntuser.vbe as a sample. As you talked of more than one USB stick - any chance that you still have a copy?

    Christian

  • Christian,

    I do have a copy. How can I send it without spreading any infection?

Reply Children