Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016 Ran by HANNANs MAIN (administrator) on HANNANSMAIN-PC (24-01-2016 12:12:00) Running from C:\Users\HANNANs MAIN\Downloads Loaded Profiles: HANNANs MAIN (Available Profiles: HANNANs MAIN & INTERNET and EMAIL & Sony Reader #2) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: "C:\Users\HANNANs MAIN\AppData\Local\BrowserAir\Application\BrowserAir.exe" -- "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe () C:\ProgramData\Frarnuxof\1.0.7.1\nooxsovi.exe (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe (Copyright © Microsoft 2015) C:\Program Files (x86)\Microsoft.NET\v2.0.507237\msnetcore.exe (Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe () C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7\knscB556.tmpfs () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe (Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7\hnssF3E4.tmp () C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7\jnsxD49F.tmp (Ratio Applications) C:\ProgramData\NpKvXvKyf\nSnXqH.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe () C:\ProgramData\Frarnuxof\1.0.7.1\nooxsovi.exe (Gigabyte Technology CO.) C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe (Gigabyte) C:\Program Files (x86)\GIGABYTE\UpdManager\RunUpd.exe () C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (BitTorrent Inc.) C:\Users\INTERNET and EMAIL\AppData\Roaming\uTorrent\uTorrent.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (BitTorrent Inc.) C:\Users\INTERNET and EMAIL\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe (BitTorrent Inc.) C:\Users\INTERNET and EMAIL\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe (BitTorrent Inc.) C:\Users\INTERNET and EMAIL\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-03] (Realtek Semiconductor) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.) HKLM-x32\...\Run: [SmartViewAgent] => "C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe" HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation) HKLM-x32\...\Run: [STCAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe [776064 2011-01-21] (Splashtop Inc.) HKLM-x32\...\Run: [ZyngaGamesAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-10-24] (Sony Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-09] (Dropbox, Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [286992 2015-12-01] (RealNetworks, Inc.) HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [719632 2015-11-04] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKLM-x32\...\Run: [mbot_au_014010212] => [X] HKLM-x32\...\Run: [gmsd_au_005010215] => [X] HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2552320 2010-08-23] (Gigabyte Technology CO., LTD.) HKLM-x32\...\RunOnce: [GBTUpd] => C:\Program Files (x86)\GIGABYTE\UpdManager\PreRun.exe [297480 2008-04-03] (PreRun) HKLM-x32\...\RunOnce: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2014-07-02] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation) HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\Run: [uTorrent] => C:\Users\INTERNET and EMAIL\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-15] (BitTorrent Inc.) HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1445648 2015-12-14] (Lavasoft) HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\MountPoints2: {1cc10c15-01d6-11e4-ad2a-1c6f65ab92e7} - G:\unlock.exe autoplay=true HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries) AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => No File AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => No File ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-12] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-12-01] ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-12-14] (Lavasoft Limited) Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-12-14] (Lavasoft Limited) Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-12-14] (Lavasoft Limited) Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-12-14] (Lavasoft Limited) Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-12-14] (Lavasoft Limited) Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-14] (Lavasoft Limited) Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-14] (Lavasoft Limited) Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-14] (Lavasoft Limited) Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-14] (Lavasoft Limited) Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-14] (Lavasoft Limited) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.0.1 Tcpip\..\Interfaces\{F8B7F7CB-B4B6-4393-949C-21D52EE472C5}: [DhcpNameServer] 192.168.1.1 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1404377387&from=cor&uid=WDCXWD10EFRX-68PJCN0_WD-WCC4J452882628826&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1404377387&from=cor&uid=WDCXWD10EFRX-68PJCN0_WD-WCC4J452882628826&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1404377387&from=cor&uid=WDCXWD10EFRX-68PJCN0_WD-WCC4J452882628826&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1404377387&from=cor&uid=WDCXWD10EFRX-68PJCN0_WD-WCC4J452882628826&q={searchTerms} HKU\S-1-5-21-3000898737-217439702-1717454642-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ninemsn.com.au/ HKU\S-1-5-21-3000898737-217439702-1717454642-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.ninemsn.com.au/?ocid=iehp URLSearchHook: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 - Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.) SearchScopes: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D121315-ABA01A7CCEB2146F8A7F&form=CONBDF&conlogo=CT3330961&q={searchTerms} SearchScopes: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D121315-ABA01A7CCEB2146F8A7F&form=CONBDF&conlogo=CT3330961&q={searchTerms} SearchScopes: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 -> {13C0AFA4-A510-45d1-ACD0-E40044494920} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 -> {C7E93CBC-FD52-44DC-8FAF-B363FCCCC32E} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G1Kzftpbl02,66986687-5772-4fda-8f21-50b77950fbdb SearchScopes: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 -> {CB7DDC92-966B-4768-911E-BC095AEDF707} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-11-04] (RealDownloader) BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.) BHO-x32: Splashtop Connect VisualBookmark -> {0E5680D1-BF44-4929-94AF-FD30D784AD1D} -> C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll [2011-01-21] (Splashtop Inc.) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-11-04] (RealDownloader) BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation) BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-31] (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-06] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-06] (Oracle Corporation) Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.) Toolbar: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1431684967&z=ed7cc0587e2e93790e1ae65gez9c0gaqab3z5tem7t&from=wpm05153&uid=WDCXWD10EFRX-68PJCN0_WD-WCC4J452882628826 FireFox: ======== FF ProfilePath: C:\Users\HANNANs MAIN\AppData\Roaming\Mozilla\Firefox\Profiles\q5d82v3n.default FF DefaultSearchEngine: Bing® FF SelectedSearchEngine: Bing® FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D121315-ABA01A7CCEB2146F8A7F&form=CONMHP&conlogo=CT3330961 FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D121315-ABA01A7CCEB2146F8A7F&form=CONMHP&conlogo=CT3330961 FF Homepage: hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=G1Kzftpbl02,66986687-5772-4fda-8f21-50b77950fbdb FF NewTab: hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=G1Kzftpbl02,66986687-5772-4fda-8f21-50b77950fbdb FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] () FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] () FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-06] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-06] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-12-01] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-12-01] (RealPlayer) FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2014-10-24] (Sony Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\HANNANs MAIN\AppData\Roaming\Mozilla\Firefox\Profiles\q5d82v3n.default\searchplugins\bing-lavasoft.xml [2015-12-14] FF SearchPlugin: C:\Users\HANNANs MAIN\AppData\Roaming\Mozilla\Firefox\Profiles\q5d82v3n.default\searchplugins\smod.xml [2016-01-20] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2016-01-24] [not signed] Chrome: ======= CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=G1Kzftpbl02,66986687-5772-4fda-8f21-50b77950fbdb&vp=ch&prd=set_ch CHR StartupUrls: Default -> "hxxp://www.ninemsn.com.au/","hxxps://www.google.com.au/" CHR Profile: C:\Users\HANNANs MAIN\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\HANNANs MAIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-01] CHR Extension: (Google Drive) - C:\Users\HANNANs MAIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-01] CHR Extension: (YouTube) - C:\Users\HANNANs MAIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-01] CHR Extension: (Google Search) - C:\Users\HANNANs MAIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-01] CHR Extension: (Google Docs Offline) - C:\Users\HANNANs MAIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-01] CHR Extension: (Chrome Web Store Payments) - C:\Users\HANNANs MAIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-01] CHR Extension: (Gmail) - C:\Users\HANNANs MAIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-01] CHR HKU\S-1-5-21-3000898737-217439702-1717454642-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-09] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-09] (Dropbox, Inc.) R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2015-12-11] (Digital Wave Ltd.) R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [777744 2015-10-29] (Garmin Ltd. or its subsidiaries) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-12-14] (Lavasoft Limited) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-03] (McAfee, Inc.) R2 msdotnetserv_v2050737; C:\Program Files (x86)\Microsoft.NET\v2.0.507237\msnetcore.exe [3391488 2015-11-27] (Copyright © Microsoft 2015) [File not signed] R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-10-15] (Nero AG) R2 nSnXqH; C:\ProgramData\NpKvXvKyf\nSnXqH.exe [3001824 2016-01-23] (Ratio Applications) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] () R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095976 2015-12-01] (RealNetworks, Inc.) R2 SCBackService; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2015-12-14] () R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed] S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [File not signed] R2 wucotusy; C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7\hnssF3E4.tmp [416256 2016-01-20] () [File not signed] R2 zutuzuni; C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7\jnsxD49F.tmp [307712 2016-01-20] () [File not signed] R2 posinojyzbt; C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7\knscB556.tmpfs [X] S2 SmartViewService; C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] () R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-13] (Symantec Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation) R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2016-01-24] () R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20140926.003\IDSvia64.sys [633560 2014-08-23] (Symantec Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20140928.002\ENG64.SYS [129752 2014-08-23] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20140928.002\EX64.SYS [2137304 2014-08-23] (Symantec Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19912 2009-12-21] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [13264 2009-12-21] () S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2014-07-02] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-24 12:12 - 2016-01-24 12:12 - 00034842 _____ C:\Users\HANNANs MAIN\Downloads\FRST.txt 2016-01-24 12:11 - 2016-01-24 12:12 - 00000000 ____D C:\FRST 2016-01-24 12:09 - 2016-01-24 12:09 - 02370560 _____ (Farbar) C:\Users\HANNANs MAIN\Downloads\FRST64.exe 2016-01-24 12:02 - 2016-01-24 12:02 - 00001822 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-01-24 11:55 - 2016-01-24 12:02 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\Local\speed browser 2016-01-23 19:20 - 2016-01-24 12:02 - 00000000 ____D C:\Program Files (x86)\speed browser 2016-01-23 19:20 - 2016-01-23 19:20 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Local\speed browser 2016-01-23 19:18 - 2016-01-23 19:18 - 00000000 ____D C:\ProgramData\Browser 2016-01-23 19:11 - 2016-01-23 19:11 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Local\Western Digital 2016-01-23 14:40 - 2016-01-23 14:40 - 00000000 ____D C:\Program Files (x86)\Exploremedia 2016-01-23 14:38 - 2016-01-23 14:38 - 00001144 _____ C:\Users\HANNANs MAIN\Desktop\Live PC Help.lnk 2016-01-23 09:10 - 2016-01-23 18:47 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Local\TVTime 2016-01-23 09:10 - 2016-01-23 09:10 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Roaming\Systweak 2016-01-23 09:08 - 2016-01-23 09:08 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Local\gmsd_au_005010215 2016-01-23 08:54 - 2016-01-24 12:00 - 00003428 _____ C:\Windows\System32\Tasks\Frarnuxof 2016-01-23 08:54 - 2016-01-23 08:54 - 00000000 ____D C:\ProgramData\Frarnuxof 2016-01-23 08:52 - 2016-01-23 14:38 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\Roaming\systweak 2016-01-23 08:52 - 2016-01-23 08:52 - 00001277 _____ C:\Users\Public\Desktop\Solid YouTube Downloader and Converter.lnk 2016-01-23 08:52 - 2016-01-23 08:52 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\Roaming\youtube-downloader-and-converter 2016-01-23 08:52 - 2016-01-23 08:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solid YouTube Downloader and Converter 2016-01-23 08:52 - 2016-01-23 08:52 - 00000000 ____D C:\Program Files (x86)\Solid YouTube Downloader and Converter 2016-01-23 08:52 - 2015-11-20 19:27 - 00019888 _____ () C:\Windows\system32\roboot64.exe 2016-01-23 08:51 - 2016-01-23 08:51 - 00000000 ____D C:\TVTime 2016-01-23 08:51 - 2016-01-23 08:51 - 00000000 ____D C:\ProgramData\PlayGemConfig 2016-01-23 08:49 - 2016-01-24 12:07 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\Local\TVTime 2016-01-23 08:49 - 2016-01-23 08:49 - 00000000 ____D C:\ProgramData\NpKvXvKyf 2016-01-22 21:38 - 2016-01-22 21:38 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WindoWeather 2016-01-22 21:37 - 2016-01-22 21:38 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Local\00000000-1453498678-0000-0000-1C6F65AB92E7 2016-01-21 21:10 - 2016-01-21 21:10 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\Roaming\Wise Registry Cleaner 2016-01-21 20:52 - 2016-01-20 19:42 - 00001003 _____ C:\Windows\system32\Drivers\etc\hosts.20160121-205231.backup 2016-01-21 19:58 - 2016-01-21 19:58 - 00000000 ____D C:\Program Files (x86)\ExploreTech 2016-01-20 20:02 - 2016-01-20 20:02 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Local\Lavasoft 2016-01-20 19:57 - 2016-01-20 19:57 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Local\mbot_au_014010212 2016-01-20 19:53 - 2016-01-20 19:53 - 00003540 _____ C:\Windows\System32\Tasks\Inst_Rep 2016-01-20 19:44 - 2016-01-20 20:05 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\Local\00000000-1453319056-0000-0000-1C6F65AB92E7 2016-01-20 19:43 - 2016-01-23 21:13 - 00000000 ____D C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7 2016-01-20 19:43 - 2016-01-20 19:42 - 00001003 _____ C:\Windows\system32\Drivers\etc\hp.bak 2016-01-20 19:42 - 2016-01-21 19:45 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\Local\BrowserAir 2016-01-20 19:42 - 2016-01-20 19:42 - 00003364 _____ C:\Windows\System32\Tasks\IBUpd2 2016-01-20 19:40 - 2016-01-21 19:45 - 00022184 _____ (Corporation) C:\Windows\system32\Drivers\sdfhgdf.sys 2016-01-13 10:44 - 2015-12-24 09:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-01-13 10:44 - 2015-12-24 08:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-01-13 10:44 - 2015-12-13 04:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-01-13 10:44 - 2015-12-13 04:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-01-13 10:44 - 2015-12-13 04:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-01-13 10:44 - 2015-12-13 04:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-01-13 10:44 - 2015-12-13 04:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-01-13 10:44 - 2015-12-13 04:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-01-13 10:44 - 2015-12-13 04:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-01-13 10:44 - 2015-12-13 04:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-01-13 10:44 - 2015-12-13 04:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-01-13 10:44 - 2015-12-13 04:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-01-13 10:44 - 2015-12-13 04:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-01-13 10:44 - 2015-12-13 04:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-01-13 10:44 - 2015-12-13 04:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-01-13 10:44 - 2015-12-13 04:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-01-13 10:44 - 2015-12-13 04:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-01-13 10:44 - 2015-12-13 04:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-01-13 10:44 - 2015-12-13 04:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-01-13 10:44 - 2015-12-13 04:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-01-13 10:44 - 2015-12-13 03:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-01-13 10:44 - 2015-12-13 03:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-01-13 10:44 - 2015-12-13 03:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-01-13 10:44 - 2015-12-13 03:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-01-13 10:44 - 2015-12-13 03:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-01-13 10:44 - 2015-12-13 03:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-01-13 10:44 - 2015-12-13 03:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-01-13 10:44 - 2015-12-13 03:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-01-13 10:44 - 2015-12-13 03:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-01-13 10:44 - 2015-12-13 03:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-01-13 10:44 - 2015-12-13 03:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-01-13 10:44 - 2015-12-13 03:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-01-13 10:44 - 2015-12-13 03:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-01-13 10:44 - 2015-12-13 03:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-01-13 10:44 - 2015-12-13 03:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-01-13 10:44 - 2015-12-13 03:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-01-13 10:44 - 2015-12-13 03:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-01-13 10:44 - 2015-12-13 03:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-01-13 10:44 - 2015-12-13 03:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-01-13 10:44 - 2015-12-13 03:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-01-13 10:44 - 2015-12-13 03:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-01-13 10:44 - 2015-12-13 03:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-01-13 10:44 - 2015-12-13 03:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-01-13 10:44 - 2015-12-13 03:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-01-13 10:44 - 2015-12-13 03:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-01-13 10:44 - 2015-12-13 03:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-01-13 10:44 - 2015-12-13 03:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-01-13 10:44 - 2015-12-13 03:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-01-13 10:44 - 2015-12-13 03:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-01-13 10:44 - 2015-12-13 03:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-01-13 10:44 - 2015-12-13 03:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-01-13 10:44 - 2015-12-13 03:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-01-13 10:44 - 2015-12-13 03:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-01-13 10:44 - 2015-12-13 03:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-01-13 10:44 - 2015-12-13 03:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-01-13 10:44 - 2015-12-13 03:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-01-13 10:44 - 2015-12-13 03:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-01-13 10:44 - 2015-12-13 03:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-01-13 10:44 - 2015-12-13 03:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-01-13 10:44 - 2015-12-13 02:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-01-13 10:44 - 2015-12-13 02:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-01-13 10:44 - 2015-12-13 02:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-01-13 10:44 - 2015-12-13 02:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-01-13 10:44 - 2015-12-13 02:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-01-13 10:44 - 2015-12-12 04:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-01-13 10:44 - 2015-12-09 07:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2016-01-13 10:44 - 2015-12-09 07:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2016-01-13 10:44 - 2015-12-09 07:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL 2016-01-13 10:44 - 2015-12-09 07:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL 2016-01-13 10:44 - 2015-12-09 07:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL 2016-01-13 10:44 - 2015-12-09 07:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL 2016-01-13 10:44 - 2015-12-09 07:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll 2016-01-13 10:44 - 2015-12-09 07:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL 2016-01-13 10:44 - 2015-12-09 07:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL 2016-01-13 10:44 - 2015-12-09 07:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL 2016-01-13 10:44 - 2015-12-09 07:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL 2016-01-13 10:44 - 2015-12-09 07:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL 2016-01-13 10:44 - 2015-12-09 07:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2016-01-13 10:44 - 2015-12-09 07:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2016-01-13 10:44 - 2015-12-09 07:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll 2016-01-13 10:44 - 2015-12-09 07:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL 2016-01-13 10:44 - 2015-12-09 07:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL 2016-01-13 10:44 - 2015-12-09 07:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2016-01-13 10:44 - 2015-12-09 07:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2016-01-13 10:44 - 2015-12-09 07:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2016-01-13 10:44 - 2015-12-09 07:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL 2016-01-13 10:44 - 2015-12-09 07:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2016-01-13 10:44 - 2015-12-09 07:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL 2016-01-13 10:44 - 2015-12-09 07:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL 2016-01-13 10:44 - 2015-12-09 07:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL 2016-01-13 10:44 - 2015-12-09 07:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll 2016-01-13 10:44 - 2015-12-09 07:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax 2016-01-13 10:44 - 2015-12-09 07:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL 2016-01-13 10:44 - 2015-12-09 07:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2016-01-13 10:44 - 2015-12-09 07:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL 2016-01-13 10:44 - 2015-12-09 07:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll 2016-01-13 10:44 - 2015-12-09 07:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll 2016-01-13 10:44 - 2015-12-09 07:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2016-01-13 10:44 - 2015-12-09 07:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2016-01-13 10:44 - 2015-12-09 07:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll 2016-01-13 10:44 - 2015-12-09 07:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2016-01-13 10:44 - 2015-12-09 05:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2016-01-13 10:44 - 2015-12-09 05:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2016-01-13 10:44 - 2015-12-09 05:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL 2016-01-13 10:44 - 2015-12-09 05:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2016-01-13 10:44 - 2015-12-09 05:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL 2016-01-13 10:44 - 2015-12-09 05:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2016-01-13 10:44 - 2015-12-09 05:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll 2016-01-13 10:44 - 2015-12-09 05:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll 2016-01-13 10:44 - 2015-12-09 05:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL 2016-01-13 10:44 - 2015-12-09 05:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL 2016-01-13 10:44 - 2015-12-09 05:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL 2016-01-13 10:44 - 2015-12-09 05:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll 2016-01-13 10:44 - 2015-12-09 05:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll 2016-01-13 10:44 - 2015-12-09 05:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL 2016-01-13 10:44 - 2015-12-09 05:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL 2016-01-13 10:44 - 2015-12-09 05:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL 2016-01-13 10:44 - 2015-12-09 05:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL 2016-01-13 10:44 - 2015-12-09 05:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2016-01-13 10:44 - 2015-12-09 05:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2016-01-13 10:44 - 2015-12-09 05:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL 2016-01-13 10:44 - 2015-12-09 05:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL 2016-01-13 10:44 - 2015-12-09 05:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2016-01-13 10:44 - 2015-12-09 05:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2016-01-13 10:44 - 2015-12-09 05:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2016-01-13 10:44 - 2015-12-09 05:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL 2016-01-13 10:44 - 2015-12-09 05:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll 2016-01-13 10:44 - 2015-12-09 05:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL 2016-01-13 10:44 - 2015-12-09 05:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL 2016-01-13 10:44 - 2015-12-09 05:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL 2016-01-13 10:44 - 2015-12-09 05:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2016-01-13 10:44 - 2015-12-09 05:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL 2016-01-13 10:44 - 2015-12-09 05:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL 2016-01-13 10:44 - 2015-12-09 05:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll 2016-01-13 10:44 - 2015-12-09 05:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll 2016-01-13 10:44 - 2015-12-09 05:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2016-01-13 10:44 - 2015-12-09 05:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll 2016-01-13 10:44 - 2015-12-09 05:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax 2016-01-13 10:44 - 2015-12-09 05:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2016-01-13 10:44 - 2015-12-09 05:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2016-01-13 10:44 - 2015-12-09 04:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2016-01-13 10:44 - 2015-12-09 04:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2016-01-13 10:44 - 2015-12-09 04:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys 2016-01-13 10:44 - 2015-12-09 03:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-01-13 10:44 - 2015-11-14 09:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll 2016-01-13 10:44 - 2015-11-14 09:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll 2016-01-13 10:44 - 2015-11-14 09:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe 2016-01-13 10:44 - 2015-11-14 08:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll 2016-01-13 10:44 - 2015-11-14 08:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll 2016-01-13 10:44 - 2015-11-14 08:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe 2016-01-13 10:42 - 2015-12-31 05:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-01-13 10:42 - 2015-12-31 05:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-01-13 10:42 - 2015-12-31 05:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-01-13 10:42 - 2015-12-31 05:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-01-13 10:42 - 2015-12-31 05:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-01-13 10:42 - 2015-12-31 05:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-01-13 10:42 - 2015-12-31 05:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-01-13 10:42 - 2015-12-31 05:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-01-13 10:42 - 2015-12-31 05:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-01-13 10:42 - 2015-12-31 05:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-01-13 10:42 - 2015-12-31 05:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-01-13 10:42 - 2015-12-31 05:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-01-13 10:42 - 2015-12-31 05:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-01-13 10:42 - 2015-12-31 05:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-01-13 10:42 - 2015-12-31 05:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-01-13 10:42 - 2015-12-31 05:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-01-13 10:42 - 2015-12-31 05:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-01-13 10:42 - 2015-12-31 05:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-01-13 10:42 - 2015-12-31 04:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-01-13 10:42 - 2015-12-31 04:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-01-13 10:42 - 2015-12-31 04:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-01-13 10:42 - 2015-12-31 04:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-01-13 10:42 - 2015-12-31 04:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-01-13 10:42 - 2015-12-31 04:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-01-13 10:42 - 2015-12-31 04:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-01-13 10:42 - 2015-12-31 04:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-01-13 10:42 - 2015-12-31 04:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-01-13 10:42 - 2015-12-31 04:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-01-13 10:42 - 2015-12-31 04:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-01-13 10:42 - 2015-12-31 04:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-01-13 10:42 - 2015-12-31 04:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-01-13 10:42 - 2015-12-31 04:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-01-13 10:42 - 2015-12-31 04:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-01-13 10:42 - 2015-12-31 04:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-01-13 10:42 - 2015-12-31 04:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-01-13 10:42 - 2015-12-31 04:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-01-13 10:42 - 2015-12-31 04:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-01-13 10:42 - 2015-12-31 04:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-01-13 10:42 - 2015-12-31 04:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-01-13 10:42 - 2015-12-31 04:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-01-13 10:42 - 2015-12-31 04:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-01-13 10:42 - 2015-12-31 04:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-01-13 10:42 - 2015-12-31 04:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-01-13 10:42 - 2015-12-31 04:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-01-13 10:42 - 2015-12-31 04:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-01-13 10:42 - 2015-12-31 04:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-01-13 10:42 - 2015-12-31 04:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 03:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-01-13 10:42 - 2015-12-31 03:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-01-13 10:42 - 2015-12-31 03:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-01-13 10:42 - 2015-12-31 03:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-01-13 10:42 - 2015-12-31 03:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-01-13 10:42 - 2015-12-31 03:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-01-13 10:42 - 2015-12-31 03:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-01-13 10:42 - 2015-12-31 03:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-01-13 10:42 - 2015-12-31 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-01-13 10:42 - 2015-12-31 03:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-01-13 10:42 - 2015-12-31 03:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-01-13 10:42 - 2015-12-31 03:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-01-13 10:42 - 2015-12-31 03:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-01-13 10:42 - 2015-12-31 03:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-01-13 10:42 - 2015-12-31 03:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 03:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 03:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-01-13 10:42 - 2015-12-31 03:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-01-13 10:42 - 2015-12-09 07:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-01-13 10:42 - 2015-12-09 07:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-01-13 10:42 - 2015-12-09 05:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-01-13 10:42 - 2015-12-09 05:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-01-13 10:42 - 2015-11-17 11:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-01-13 10:42 - 2015-11-17 11:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-01-13 10:42 - 2015-11-17 11:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-01-13 10:42 - 2015-11-17 11:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-01-13 10:42 - 2015-11-17 11:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-01-13 10:42 - 2015-11-17 11:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-01-13 10:42 - 2015-11-17 06:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2016-01-11 05:41 - 2016-01-14 03:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-01-06 14:01 - 2016-01-06 14:01 - 00000000 ____D C:\Users\INTERNET and EMAIL\CSECDViewer 2016-01-06 14:01 - 2016-01-06 14:01 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Roaming\Sun 2016-01-06 14:01 - 2016-01-06 14:01 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\LocalLow\Sun 2016-01-06 14:01 - 2016-01-06 14:01 - 00000000 ____D C:\Users\INTERNET and EMAIL\.oracle_jre_usage 2016-01-06 14:01 - 2016-01-06 14:01 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\Roaming\Sun 2016-01-06 14:01 - 2016-01-06 14:01 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\LocalLow\Sun 2016-01-06 14:01 - 2016-01-06 14:01 - 00000000 ____D C:\Users\HANNANs MAIN\.oracle_jre_usage 2016-01-06 14:01 - 2016-01-06 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-01-06 14:01 - 2016-01-06 14:00 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-01-06 14:00 - 2016-01-06 14:00 - 00000000 ____D C:\ProgramData\Oracle 2016-01-06 14:00 - 2016-01-06 14:00 - 00000000 ____D C:\Program Files (x86)\Java 2016-01-06 13:59 - 2016-01-06 13:59 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\LocalLow\Oracle 2015-12-29 05:52 - 2016-01-20 10:52 - 04499648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-24 12:12 - 2015-08-09 13:07 - 00000920 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-01-24 12:12 - 2014-07-03 09:12 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Roaming\uTorrent 2016-01-24 12:11 - 2009-07-14 13:20 - 00000000 ____D C:\Windows 2016-01-24 12:08 - 2009-07-14 14:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-24 12:08 - 2009-07-14 14:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-24 12:02 - 2014-09-20 13:04 - 00001882 _____ C:\Users\Sony Reader #2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-01-24 12:02 - 2014-07-02 14:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2016-01-24 12:02 - 2014-07-02 12:34 - 00001764 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-01-24 12:02 - 2014-06-30 17:02 - 00001882 _____ C:\Users\INTERNET and EMAIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-01-24 12:02 - 2014-06-30 16:43 - 00001764 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-01-24 12:02 - 2014-06-30 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 2016-01-24 12:02 - 2014-06-30 15:30 - 00001894 _____ C:\Users\HANNANs MAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-01-24 12:02 - 2009-07-14 15:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI 2016-01-24 12:02 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\inf 2016-01-24 11:56 - 2015-12-15 22:58 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\LocalLow\uTorrent 2016-01-24 11:56 - 2014-07-09 21:12 - 00000004 _____ C:\Windows\SysWOW64\GVTunner.ref 2016-01-24 11:56 - 2014-06-30 16:28 - 00030528 _____ C:\Windows\GVTDrv64.sys 2016-01-24 11:55 - 2015-12-01 21:20 - 00003388 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3000898737-217439702-1717454642-1000 2016-01-24 11:55 - 2015-12-01 21:20 - 00003268 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3000898737-217439702-1717454642-1000 2016-01-24 11:55 - 2015-08-20 03:17 - 00000000 ____D C:\Windows\System32\Tasks\Remediation 2016-01-24 11:55 - 2015-08-09 13:07 - 00000916 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-01-24 11:55 - 2014-07-02 14:37 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-24 11:55 - 2014-06-30 16:53 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys 2016-01-24 11:54 - 2015-07-01 22:06 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2016-01-24 11:54 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-01-23 22:52 - 2014-09-17 21:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-01-23 22:51 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\tracing 2016-01-23 22:50 - 2014-07-02 14:37 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-23 18:50 - 2014-07-14 21:16 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Roaming\Mozilla 2016-01-23 17:56 - 2015-12-15 11:50 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\LocalLow\uTorrent 2016-01-23 17:56 - 2015-12-01 21:23 - 00003400 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3000898737-217439702-1717454642-1001 2016-01-23 17:56 - 2015-12-01 21:23 - 00003292 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3000898737-217439702-1717454642-1001 2016-01-23 17:56 - 2015-08-09 13:11 - 00000000 ___RD C:\Users\INTERNET and EMAIL\Dropbox 2016-01-23 17:56 - 2015-08-09 13:07 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Local\Dropbox 2016-01-23 14:35 - 2014-08-14 06:52 - 00000000 ___RD C:\Users\HANNANs MAIN\Virtual Machines 2016-01-23 14:35 - 2009-07-14 14:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-01-21 23:39 - 2015-03-14 23:27 - 00000000 ____D C:\Program Files (x86)\LeagueofLegends 2016-01-21 16:54 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\NDF 2016-01-20 19:42 - 2014-07-09 21:48 - 00000000 ____D C:\Log 2016-01-20 10:52 - 2014-09-17 21:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-01-20 10:52 - 2014-07-02 13:17 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-01-20 10:52 - 2014-07-02 13:17 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-01-15 03:00 - 2014-08-12 18:46 - 00000000 ____D C:\ProgramData\Package Cache 2016-01-14 04:14 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache 2016-01-14 03:37 - 2014-06-30 15:30 - 00000000 ____D C:\Users\HANNANs MAIN 2016-01-14 03:36 - 2014-07-09 22:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-01-14 03:36 - 2014-07-09 22:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-01-14 03:36 - 2014-07-02 12:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-01-14 03:36 - 2009-07-14 14:45 - 00290112 _____ C:\Windows\system32\FNTCACHE.DAT 2016-01-14 03:33 - 2014-12-11 03:29 - 00000000 ____D C:\Windows\system32\appraiser 2016-01-14 03:33 - 2014-07-02 18:11 - 00000000 ___SD C:\Windows\system32\CompatTel 2016-01-14 03:17 - 2014-07-09 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-01-14 03:16 - 2014-07-09 22:21 - 00000000 ____D C:\Windows\system32\MRT 2016-01-14 03:05 - 2014-07-09 22:21 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-01-06 14:01 - 2014-06-30 17:02 - 00000000 ____D C:\Users\INTERNET and EMAIL 2016-01-03 20:24 - 2014-07-03 20:03 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Local\CrashDumps 2015-12-30 17:15 - 2014-08-16 16:10 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Local\CutePDF Writer ==================== Files in the root of some directories ======= 2014-08-12 22:55 - 2014-08-12 22:55 - 0000017 _____ () C:\Users\HANNANs MAIN\AppData\Local\resmon.resmoncfg Some files in TEMP: ==================== C:\Users\HANNANs MAIN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxqsmlt.dll C:\Users\HANNANs MAIN\AppData\Local\Temp\FreeAudioConverter.exe C:\Users\HANNANs MAIN\AppData\Local\Temp\lowproc.exe C:\Users\HANNANs MAIN\AppData\Local\Temp\stubhelper.dll C:\Users\HANNANs MAIN\AppData\Local\Temp\vcredist_x86.exe C:\Users\INTERNET and EMAIL\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpous71p.dll C:\Users\INTERNET and EMAIL\AppData\Local\Temp\hib9128.exe C:\Users\INTERNET and EMAIL\AppData\Local\Temp\InstallIMVU_522.0.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-01-19 00:35 ==================== End of FRST.txt ============================