Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

nooxsovi.exe What is this? [Closed]


  • This topic is locked This topic is locked

#1
OldDonH

OldDonH

    New Member

  • Member
  • Pip
  • 8 posts

I have been having some trouble with a virus/malware infection and have discovered a process running called nooxsovi.exe.  Searches on the internet does not come with any hits relating to this application.

 

Its sits in a folder under ProgramData called Frarnuxof that contains 1 file dat (Video CD Movie [0Kb]) and one folder named 1.0.7.1 that contains 3 files; nooxsovi.exe (153Kb), nooxsovi.exe.config (1Kb) and sqlite3.dll (636Kb).

 

Does anybody know what this is?

 

Cheers


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you. Please read these carefully.
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello :)

Files that have no information found on them are usually not a good thing. So, let's get a look at your system and see what's going on. :)


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

  • 0

#3
OldDonH

OldDonH

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

downloaded and ran the specified tool

 

FRST log attached here

 

Attached Files

  • Attached File  FRST.txt   79.52KB   88 downloads

  • 0

#4
OldDonH

OldDonH

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

second file as requested

 

Addition log file

 

Attached Files


  • 0

#5
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

I'm in the process of analyzing your logs, but I must request that you copy and paste the logs into a reply to this thread. It makes going through them so much easier. :) I'm going to post the 2 initial logs to this thread.

I'll be back soon with instructions. :thumbsup:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
Ran by HANNANs MAIN (administrator) on HANNANSMAIN-PC (24-01-2016 12:12:00)
Running from C:\Users\HANNANs MAIN\Downloads
Loaded Profiles: HANNANs MAIN (Available Profiles: HANNANs MAIN & INTERNET and EMAIL & Sony Reader #2)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\HANNANs MAIN\AppData\Local\BrowserAir\Application\BrowserAir.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
() C:\ProgramData\Frarnuxof\1.0.7.1\nooxsovi.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Copyright © Microsoft 2015) C:\Program Files (x86)\Microsoft.NET\v2.0.507237\msnetcore.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
() C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7\knscB556.tmpfs
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7\hnssF3E4.tmp
() C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7\jnsxD49F.tmp
(Ratio Applications) C:\ProgramData\NpKvXvKyf\nSnXqH.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
() C:\ProgramData\Frarnuxof\1.0.7.1\nooxsovi.exe
(Gigabyte Technology CO.) C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
(Gigabyte) C:\Program Files (x86)\GIGABYTE\UpdManager\RunUpd.exe
() C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BitTorrent Inc.) C:\Users\INTERNET and EMAIL\AppData\Roaming\uTorrent\uTorrent.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BitTorrent Inc.) C:\Users\INTERNET and EMAIL\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\INTERNET and EMAIL\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\INTERNET and EMAIL\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [SmartViewAgent] => "C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe"
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [STCAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe [776064 2011-01-21] (Splashtop Inc.)
HKLM-x32\...\Run: [ZyngaGamesAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-10-24] (Sony Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-09] (Dropbox, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [286992 2015-12-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [719632 2015-11-04] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [mbot_au_014010212] => [X]
HKLM-x32\...\Run: [gmsd_au_005010215] => [X]
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2552320 2010-08-23] (Gigabyte Technology CO., LTD.)
HKLM-x32\...\RunOnce: [GBTUpd] => C:\Program Files (x86)\GIGABYTE\UpdManager\PreRun.exe [297480 2008-04-03] (PreRun)
HKLM-x32\...\RunOnce: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2014-07-02] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\Run: [uTorrent] => C:\Users\INTERNET and EMAIL\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-15] (BitTorrent Inc.)
HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1445648 2015-12-14] (Lavasoft)
HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\MountPoints2: {1cc10c15-01d6-11e4-ad2a-1c6f65ab92e7} - G:\unlock.exe autoplay=true
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => No File
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => No File
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-12]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-12-01]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-12-14] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-12-14] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-12-14] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-12-14] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-12-14] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-14] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-14] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-14] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-14] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-14] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.0.1
Tcpip\..\Interfaces\{F8B7F7CB-B4B6-4393-949C-21D52EE472C5}: [DhcpNameServer] 192.168.1.1 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1404377387&from=cor&uid=WDCXWD10EFRX-68PJCN0_WD-WCC4J452882628826&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1404377387&from=cor&uid=WDCXWD10EFRX-68PJCN0_WD-WCC4J452882628826&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1404377387&from=cor&uid=WDCXWD10EFRX-68PJCN0_WD-WCC4J452882628826&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1404377387&from=cor&uid=WDCXWD10EFRX-68PJCN0_WD-WCC4J452882628826&q={searchTerms}
HKU\S-1-5-21-3000898737-217439702-1717454642-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ninemsn.com.au/
HKU\S-1-5-21-3000898737-217439702-1717454642-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.ninemsn.com.au/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 - Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
SearchScopes: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D121315-ABA01A7CCEB2146F8A7F&form=CONBDF&conlogo=CT3330961&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D121315-ABA01A7CCEB2146F8A7F&form=CONBDF&conlogo=CT3330961&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 -> {13C0AFA4-A510-45d1-ACD0-E40044494920} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 -> {C7E93CBC-FD52-44DC-8FAF-B363FCCCC32E} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G1Kzftpbl02,66986687-5772-4fda-8f21-50b77950fbdb
SearchScopes: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 -> {CB7DDC92-966B-4768-911E-BC095AEDF707} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-11-04] (RealDownloader)
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
BHO-x32: Splashtop Connect VisualBookmark -> {0E5680D1-BF44-4929-94AF-FD30D784AD1D} -> C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll [2011-01-21] (Splashtop Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-11-04] (RealDownloader)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-31] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-06] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-06] (Oracle Corporation)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1431684967&z=ed7cc0587e2e93790e1ae65gez9c0gaqab3z5tem7t&from=wpm05153&uid=WDCXWD10EFRX-68PJCN0_WD-WCC4J452882628826

FireFox:
========
FF ProfilePath: C:\Users\HANNANs MAIN\AppData\Roaming\Mozilla\Firefox\Profiles\q5d82v3n.default
FF DefaultSearchEngine: Bing®
FF SelectedSearchEngine: Bing®
FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D121315-ABA01A7CCEB2146F8A7F&form=CONMHP&conlogo=CT3330961
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D121315-ABA01A7CCEB2146F8A7F&form=CONMHP&conlogo=CT3330961
FF Homepage: hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=G1Kzftpbl02,66986687-5772-4fda-8f21-50b77950fbdb
FF NewTab: hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=G1Kzftpbl02,66986687-5772-4fda-8f21-50b77950fbdb
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-12-01] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-12-01] (RealPlayer)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2014-10-24] (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\HANNANs MAIN\AppData\Roaming\Mozilla\Firefox\Profiles\q5d82v3n.default\searchplugins\bing-lavasoft.xml [2015-12-14]
FF SearchPlugin: C:\Users\HANNANs MAIN\AppData\Roaming\Mozilla\Firefox\Profiles\q5d82v3n.default\searchplugins\smod.xml [2016-01-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2016-01-24] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=G1Kzftpbl02,66986687-5772-4fda-8f21-50b77950fbdb&vp=ch&prd=set_ch
CHR StartupUrls: Default -> "hxxp://www.ninemsn.com.au/","hxxps://www.google.com.au/"
CHR Profile: C:\Users\HANNANs MAIN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\HANNANs MAIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-01]
CHR Extension: (Google Drive) - C:\Users\HANNANs MAIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-01]
CHR Extension: (YouTube) - C:\Users\HANNANs MAIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-01]
CHR Extension: (Google Search) - C:\Users\HANNANs MAIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-01]
CHR Extension: (Google Docs Offline) - C:\Users\HANNANs MAIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HANNANs MAIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-01]
CHR Extension: (Gmail) - C:\Users\HANNANs MAIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-01]
CHR HKU\S-1-5-21-3000898737-217439702-1717454642-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-09] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-09] (Dropbox, Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2015-12-11] (Digital Wave Ltd.)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [777744 2015-10-29] (Garmin Ltd. or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-12-14] (Lavasoft Limited)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-03] (McAfee, Inc.)
R2 msdotnetserv_v2050737; C:\Program Files (x86)\Microsoft.NET\v2.0.507237\msnetcore.exe [3391488 2015-11-27] (Copyright © Microsoft 2015) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-10-15] (Nero AG)
R2 nSnXqH; C:\ProgramData\NpKvXvKyf\nSnXqH.exe [3001824 2016-01-23] (Ratio Applications)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] ()
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095976 2015-12-01] (RealNetworks, Inc.)
R2 SCBackService; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2015-12-14] ()
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [File not signed]
R2 wucotusy; C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7\hnssF3E4.tmp [416256 2016-01-20] () [File not signed]
R2 zutuzuni; C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7\jnsxD49F.tmp [307712 2016-01-20] () [File not signed]
R2 posinojyzbt; C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7\knscB556.tmpfs [X]
S2 SmartViewService; C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-13] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2016-01-24] ()
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20140926.003\IDSvia64.sys [633560 2014-08-23] (Symantec Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20140928.002\ENG64.SYS [129752 2014-08-23] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20140928.002\EX64.SYS [2137304 2014-08-23] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19912 2009-12-21] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13264 2009-12-21] ()
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2014-07-02] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-24 12:12 - 2016-01-24 12:12 - 00034842 _____ C:\Users\HANNANs MAIN\Downloads\FRST.txt
2016-01-24 12:11 - 2016-01-24 12:12 - 00000000 ____D C:\FRST
2016-01-24 12:09 - 2016-01-24 12:09 - 02370560 _____ (Farbar) C:\Users\HANNANs MAIN\Downloads\FRST64.exe
2016-01-24 12:02 - 2016-01-24 12:02 - 00001822 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-24 11:55 - 2016-01-24 12:02 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\Local\speed browser
2016-01-23 19:20 - 2016-01-24 12:02 - 00000000 ____D C:\Program Files (x86)\speed browser
2016-01-23 19:20 - 2016-01-23 19:20 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Local\speed browser
2016-01-23 19:18 - 2016-01-23 19:18 - 00000000 ____D C:\ProgramData\Browser
2016-01-23 19:11 - 2016-01-23 19:11 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Local\Western Digital
2016-01-23 14:40 - 2016-01-23 14:40 - 00000000 ____D C:\Program Files (x86)\Exploremedia
2016-01-23 14:38 - 2016-01-23 14:38 - 00001144 _____ C:\Users\HANNANs MAIN\Desktop\Live PC Help.lnk
2016-01-23 09:10 - 2016-01-23 18:47 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Local\TVTime
2016-01-23 09:10 - 2016-01-23 09:10 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Roaming\Systweak
2016-01-23 09:08 - 2016-01-23 09:08 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Local\gmsd_au_005010215
2016-01-23 08:54 - 2016-01-24 12:00 - 00003428 _____ C:\Windows\System32\Tasks\Frarnuxof
2016-01-23 08:54 - 2016-01-23 08:54 - 00000000 ____D C:\ProgramData\Frarnuxof
2016-01-23 08:52 - 2016-01-23 14:38 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\Roaming\systweak
2016-01-23 08:52 - 2016-01-23 08:52 - 00001277 _____ C:\Users\Public\Desktop\Solid YouTube Downloader and Converter.lnk
2016-01-23 08:52 - 2016-01-23 08:52 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\Roaming\youtube-downloader-and-converter
2016-01-23 08:52 - 2016-01-23 08:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solid YouTube Downloader and Converter
2016-01-23 08:52 - 2016-01-23 08:52 - 00000000 ____D C:\Program Files (x86)\Solid YouTube Downloader and Converter
2016-01-23 08:52 - 2015-11-20 19:27 - 00019888 _____ () C:\Windows\system32\roboot64.exe
2016-01-23 08:51 - 2016-01-23 08:51 - 00000000 ____D C:\TVTime
2016-01-23 08:51 - 2016-01-23 08:51 - 00000000 ____D C:\ProgramData\PlayGemConfig
2016-01-23 08:49 - 2016-01-24 12:07 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\Local\TVTime
2016-01-23 08:49 - 2016-01-23 08:49 - 00000000 ____D C:\ProgramData\NpKvXvKyf
2016-01-22 21:38 - 2016-01-22 21:38 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WindoWeather
2016-01-22 21:37 - 2016-01-22 21:38 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Local\00000000-1453498678-0000-0000-1C6F65AB92E7
2016-01-21 21:10 - 2016-01-21 21:10 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\Roaming\Wise Registry Cleaner
2016-01-21 20:52 - 2016-01-20 19:42 - 00001003 _____ C:\Windows\system32\Drivers\etc\hosts.20160121-205231.backup
2016-01-21 19:58 - 2016-01-21 19:58 - 00000000 ____D C:\Program Files (x86)\ExploreTech
2016-01-20 20:02 - 2016-01-20 20:02 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Local\Lavasoft
2016-01-20 19:57 - 2016-01-20 19:57 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Local\mbot_au_014010212
2016-01-20 19:53 - 2016-01-20 19:53 - 00003540 _____ C:\Windows\System32\Tasks\Inst_Rep
2016-01-20 19:44 - 2016-01-20 20:05 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\Local\00000000-1453319056-0000-0000-1C6F65AB92E7
2016-01-20 19:43 - 2016-01-23 21:13 - 00000000 ____D C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7
2016-01-20 19:43 - 2016-01-20 19:42 - 00001003 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-01-20 19:42 - 2016-01-21 19:45 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\Local\BrowserAir
2016-01-20 19:42 - 2016-01-20 19:42 - 00003364 _____ C:\Windows\System32\Tasks\IBUpd2
2016-01-20 19:40 - 2016-01-21 19:45 - 00022184 _____ (Corporation) C:\Windows\system32\Drivers\sdfhgdf.sys
2016-01-13 10:44 - 2015-12-24 09:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 10:44 - 2015-12-24 08:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-13 10:44 - 2015-12-13 04:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 10:44 - 2015-12-13 04:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 10:44 - 2015-12-13 04:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-13 10:44 - 2015-12-13 04:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-13 10:44 - 2015-12-13 04:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 10:44 - 2015-12-13 04:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 10:44 - 2015-12-13 04:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 10:44 - 2015-12-13 04:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-13 10:44 - 2015-12-13 04:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-13 10:44 - 2015-12-13 04:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 10:44 - 2015-12-13 04:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 10:44 - 2015-12-13 04:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-13 10:44 - 2015-12-13 04:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 10:44 - 2015-12-13 04:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 10:44 - 2015-12-13 04:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 10:44 - 2015-12-13 04:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-13 10:44 - 2015-12-13 04:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 10:44 - 2015-12-13 04:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-13 10:44 - 2015-12-13 03:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-13 10:44 - 2015-12-13 03:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 10:44 - 2015-12-13 03:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-13 10:44 - 2015-12-13 03:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 10:44 - 2015-12-13 03:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-13 10:44 - 2015-12-13 03:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 10:44 - 2015-12-13 03:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 10:44 - 2015-12-13 03:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 10:44 - 2015-12-13 03:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-13 10:44 - 2015-12-13 03:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-13 10:44 - 2015-12-13 03:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-13 10:44 - 2015-12-13 03:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-13 10:44 - 2015-12-13 03:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-13 10:44 - 2015-12-13 03:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-13 10:44 - 2015-12-13 03:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-13 10:44 - 2015-12-13 03:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-13 10:44 - 2015-12-13 03:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-13 10:44 - 2015-12-13 03:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 10:44 - 2015-12-13 03:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-13 10:44 - 2015-12-13 03:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-13 10:44 - 2015-12-13 03:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-13 10:44 - 2015-12-13 03:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 10:44 - 2015-12-13 03:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-13 10:44 - 2015-12-13 03:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-13 10:44 - 2015-12-13 03:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 10:44 - 2015-12-13 03:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-13 10:44 - 2015-12-13 03:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 10:44 - 2015-12-13 03:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-13 10:44 - 2015-12-13 03:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-13 10:44 - 2015-12-13 03:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-13 10:44 - 2015-12-13 03:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-13 10:44 - 2015-12-13 03:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 10:44 - 2015-12-13 03:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-13 10:44 - 2015-12-13 03:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 10:44 - 2015-12-13 03:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-13 10:44 - 2015-12-13 03:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 10:44 - 2015-12-13 03:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-13 10:44 - 2015-12-13 03:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-13 10:44 - 2015-12-13 03:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 10:44 - 2015-12-13 02:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 10:44 - 2015-12-13 02:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 10:44 - 2015-12-13 02:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 10:44 - 2015-12-13 02:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 10:44 - 2015-12-13 02:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 10:44 - 2015-12-12 04:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-13 10:44 - 2015-12-09 07:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 10:44 - 2015-12-09 07:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 10:44 - 2015-12-09 07:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 10:44 - 2015-12-09 07:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 10:44 - 2015-12-09 07:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 10:44 - 2015-12-09 07:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 10:44 - 2015-12-09 07:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-13 10:44 - 2015-12-09 07:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 10:44 - 2015-12-09 07:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 10:44 - 2015-12-09 07:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 10:44 - 2015-12-09 07:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 10:44 - 2015-12-09 07:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 10:44 - 2015-12-09 07:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-13 10:44 - 2015-12-09 07:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 10:44 - 2015-12-09 07:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 10:44 - 2015-12-09 07:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 10:44 - 2015-12-09 07:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 10:44 - 2015-12-09 07:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 10:44 - 2015-12-09 07:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 10:44 - 2015-12-09 07:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 10:44 - 2015-12-09 07:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 10:44 - 2015-12-09 07:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-13 10:44 - 2015-12-09 07:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 10:44 - 2015-12-09 07:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 10:44 - 2015-12-09 07:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 10:44 - 2015-12-09 07:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-13 10:44 - 2015-12-09 07:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 10:44 - 2015-12-09 07:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 10:44 - 2015-12-09 07:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 10:44 - 2015-12-09 07:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 10:44 - 2015-12-09 07:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 10:44 - 2015-12-09 07:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 10:44 - 2015-12-09 07:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-13 10:44 - 2015-12-09 07:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-13 10:44 - 2015-12-09 07:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-13 10:44 - 2015-12-09 07:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-13 10:44 - 2015-12-09 05:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 10:44 - 2015-12-09 05:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 10:44 - 2015-12-09 05:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 10:44 - 2015-12-09 05:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 10:44 - 2015-12-09 05:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 10:44 - 2015-12-09 05:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 10:44 - 2015-12-09 05:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 10:44 - 2015-12-09 05:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 10:44 - 2015-12-09 05:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 10:44 - 2015-12-09 05:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 10:44 - 2015-12-09 05:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 10:44 - 2015-12-09 05:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 10:44 - 2015-12-09 05:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-13 10:44 - 2015-12-09 05:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 10:44 - 2015-12-09 05:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 10:44 - 2015-12-09 05:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 10:44 - 2015-12-09 05:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 10:44 - 2015-12-09 05:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 10:44 - 2015-12-09 05:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 10:44 - 2015-12-09 05:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 10:44 - 2015-12-09 05:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 10:44 - 2015-12-09 05:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 10:44 - 2015-12-09 05:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 10:44 - 2015-12-09 05:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 10:44 - 2015-12-09 05:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 10:44 - 2015-12-09 05:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 10:44 - 2015-12-09 05:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 10:44 - 2015-12-09 05:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 10:44 - 2015-12-09 05:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 10:44 - 2015-12-09 05:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 10:44 - 2015-12-09 05:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 10:44 - 2015-12-09 05:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 10:44 - 2015-12-09 05:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 10:44 - 2015-12-09 05:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 10:44 - 2015-12-09 05:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-13 10:44 - 2015-12-09 05:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-13 10:44 - 2015-12-09 05:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 10:44 - 2015-12-09 05:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-13 10:44 - 2015-12-09 05:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-13 10:44 - 2015-12-09 04:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 10:44 - 2015-12-09 04:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-13 10:44 - 2015-12-09 04:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-13 10:44 - 2015-12-09 03:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 10:44 - 2015-11-14 09:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 10:44 - 2015-11-14 09:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 10:44 - 2015-11-14 09:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 10:44 - 2015-11-14 08:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-13 10:44 - 2015-11-14 08:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-13 10:44 - 2015-11-14 08:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-13 10:42 - 2015-12-31 05:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 10:42 - 2015-12-31 05:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 10:42 - 2015-12-31 05:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-13 10:42 - 2015-12-31 05:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 10:42 - 2015-12-31 05:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-13 10:42 - 2015-12-31 05:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-13 10:42 - 2015-12-31 05:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-13 10:42 - 2015-12-31 05:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-13 10:42 - 2015-12-31 05:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-13 10:42 - 2015-12-31 05:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-13 10:42 - 2015-12-31 05:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-13 10:42 - 2015-12-31 05:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-13 10:42 - 2015-12-31 05:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 10:42 - 2015-12-31 05:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-13 10:42 - 2015-12-31 05:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-13 10:42 - 2015-12-31 05:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-13 10:42 - 2015-12-31 05:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-13 10:42 - 2015-12-31 05:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-13 10:42 - 2015-12-31 04:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-13 10:42 - 2015-12-31 04:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 10:42 - 2015-12-31 04:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-13 10:42 - 2015-12-31 04:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 10:42 - 2015-12-31 04:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-13 10:42 - 2015-12-31 04:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-13 10:42 - 2015-12-31 04:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-13 10:42 - 2015-12-31 04:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-13 10:42 - 2015-12-31 04:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-13 10:42 - 2015-12-31 04:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-13 10:42 - 2015-12-31 04:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-13 10:42 - 2015-12-31 04:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-13 10:42 - 2015-12-31 04:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 10:42 - 2015-12-31 04:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-13 10:42 - 2015-12-31 04:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-13 10:42 - 2015-12-31 04:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-13 10:42 - 2015-12-31 04:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-13 10:42 - 2015-12-31 04:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-13 10:42 - 2015-12-31 04:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-13 10:42 - 2015-12-31 04:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-13 10:42 - 2015-12-31 04:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-13 10:42 - 2015-12-31 04:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 10:42 - 2015-12-31 04:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-13 10:42 - 2015-12-31 04:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-13 10:42 - 2015-12-31 04:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 10:42 - 2015-12-31 04:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-13 10:42 - 2015-12-31 04:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-13 10:42 - 2015-12-31 04:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-13 10:42 - 2015-12-31 04:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 03:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-13 10:42 - 2015-12-31 03:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-13 10:42 - 2015-12-31 03:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-13 10:42 - 2015-12-31 03:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-13 10:42 - 2015-12-31 03:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 10:42 - 2015-12-31 03:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-13 10:42 - 2015-12-31 03:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 10:42 - 2015-12-31 03:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-13 10:42 - 2015-12-31 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-13 10:42 - 2015-12-31 03:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-13 10:42 - 2015-12-31 03:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-13 10:42 - 2015-12-31 03:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-13 10:42 - 2015-12-31 03:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-13 10:42 - 2015-12-31 03:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-13 10:42 - 2015-12-31 03:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 03:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 03:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 10:42 - 2015-12-31 03:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-13 10:42 - 2015-12-09 07:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 10:42 - 2015-12-09 07:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 10:42 - 2015-12-09 05:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 10:42 - 2015-12-09 05:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 10:42 - 2015-11-17 11:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-13 10:42 - 2015-11-17 11:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-13 10:42 - 2015-11-17 11:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-13 10:42 - 2015-11-17 11:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-13 10:42 - 2015-11-17 11:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-13 10:42 - 2015-11-17 11:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-13 10:42 - 2015-11-17 06:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-11 05:41 - 2016-01-14 03:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-06 14:01 - 2016-01-06 14:01 - 00000000 ____D C:\Users\INTERNET and EMAIL\CSECDViewer
2016-01-06 14:01 - 2016-01-06 14:01 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Roaming\Sun
2016-01-06 14:01 - 2016-01-06 14:01 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\LocalLow\Sun
2016-01-06 14:01 - 2016-01-06 14:01 - 00000000 ____D C:\Users\INTERNET and EMAIL\.oracle_jre_usage
2016-01-06 14:01 - 2016-01-06 14:01 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\Roaming\Sun
2016-01-06 14:01 - 2016-01-06 14:01 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\LocalLow\Sun
2016-01-06 14:01 - 2016-01-06 14:01 - 00000000 ____D C:\Users\HANNANs MAIN\.oracle_jre_usage
2016-01-06 14:01 - 2016-01-06 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-06 14:01 - 2016-01-06 14:00 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-06 14:00 - 2016-01-06 14:00 - 00000000 ____D C:\ProgramData\Oracle
2016-01-06 14:00 - 2016-01-06 14:00 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-06 13:59 - 2016-01-06 13:59 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\LocalLow\Oracle
2015-12-29 05:52 - 2016-01-20 10:52 - 04499648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-24 12:12 - 2015-08-09 13:07 - 00000920 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-01-24 12:12 - 2014-07-03 09:12 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Roaming\uTorrent
2016-01-24 12:11 - 2009-07-14 13:20 - 00000000 ____D C:\Windows
2016-01-24 12:08 - 2009-07-14 14:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-24 12:08 - 2009-07-14 14:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-24 12:02 - 2014-09-20 13:04 - 00001882 _____ C:\Users\Sony Reader #2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-24 12:02 - 2014-07-02 14:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-24 12:02 - 2014-07-02 12:34 - 00001764 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-24 12:02 - 2014-06-30 17:02 - 00001882 _____ C:\Users\INTERNET and EMAIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-24 12:02 - 2014-06-30 16:43 - 00001764 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-24 12:02 - 2014-06-30 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
2016-01-24 12:02 - 2014-06-30 15:30 - 00001894 _____ C:\Users\HANNANs MAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-24 12:02 - 2009-07-14 15:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-24 12:02 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\inf
2016-01-24 11:56 - 2015-12-15 22:58 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\LocalLow\uTorrent
2016-01-24 11:56 - 2014-07-09 21:12 - 00000004 _____ C:\Windows\SysWOW64\GVTunner.ref
2016-01-24 11:56 - 2014-06-30 16:28 - 00030528 _____ C:\Windows\GVTDrv64.sys
2016-01-24 11:55 - 2015-12-01 21:20 - 00003388 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3000898737-217439702-1717454642-1000
2016-01-24 11:55 - 2015-12-01 21:20 - 00003268 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3000898737-217439702-1717454642-1000
2016-01-24 11:55 - 2015-08-20 03:17 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-01-24 11:55 - 2015-08-09 13:07 - 00000916 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-01-24 11:55 - 2014-07-02 14:37 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-24 11:55 - 2014-06-30 16:53 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2016-01-24 11:54 - 2015-07-01 22:06 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-01-24 11:54 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-23 22:52 - 2014-09-17 21:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-23 22:51 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\tracing
2016-01-23 22:50 - 2014-07-02 14:37 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-23 18:50 - 2014-07-14 21:16 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Roaming\Mozilla
2016-01-23 17:56 - 2015-12-15 11:50 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\LocalLow\uTorrent
2016-01-23 17:56 - 2015-12-01 21:23 - 00003400 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3000898737-217439702-1717454642-1001
2016-01-23 17:56 - 2015-12-01 21:23 - 00003292 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3000898737-217439702-1717454642-1001
2016-01-23 17:56 - 2015-08-09 13:11 - 00000000 ___RD C:\Users\INTERNET and EMAIL\Dropbox
2016-01-23 17:56 - 2015-08-09 13:07 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Local\Dropbox
2016-01-23 14:35 - 2014-08-14 06:52 - 00000000 ___RD C:\Users\HANNANs MAIN\Virtual Machines
2016-01-23 14:35 - 2009-07-14 14:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-21 23:39 - 2015-03-14 23:27 - 00000000 ____D C:\Program Files (x86)\LeagueofLegends
2016-01-21 16:54 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-20 19:42 - 2014-07-09 21:48 - 00000000 ____D C:\Log
2016-01-20 10:52 - 2014-09-17 21:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-20 10:52 - 2014-07-02 13:17 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-20 10:52 - 2014-07-02 13:17 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-15 03:00 - 2014-08-12 18:46 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-14 04:14 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2016-01-14 03:37 - 2014-06-30 15:30 - 00000000 ____D C:\Users\HANNANs MAIN
2016-01-14 03:36 - 2014-07-09 22:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-14 03:36 - 2014-07-09 22:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-14 03:36 - 2014-07-02 12:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-14 03:36 - 2009-07-14 14:45 - 00290112 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-14 03:33 - 2014-12-11 03:29 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-14 03:33 - 2014-07-02 18:11 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-14 03:17 - 2014-07-09 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-14 03:16 - 2014-07-09 22:21 - 00000000 ____D C:\Windows\system32\MRT
2016-01-14 03:05 - 2014-07-09 22:21 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-06 14:01 - 2014-06-30 17:02 - 00000000 ____D C:\Users\INTERNET and EMAIL
2016-01-03 20:24 - 2014-07-03 20:03 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Local\CrashDumps
2015-12-30 17:15 - 2014-08-16 16:10 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Local\CutePDF Writer

==================== Files in the root of some directories =======

2014-08-12 22:55 - 2014-08-12 22:55 - 0000017 _____ () C:\Users\HANNANs MAIN\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\HANNANs MAIN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxqsmlt.dll
C:\Users\HANNANs MAIN\AppData\Local\Temp\FreeAudioConverter.exe
C:\Users\HANNANs MAIN\AppData\Local\Temp\lowproc.exe
C:\Users\HANNANs MAIN\AppData\Local\Temp\stubhelper.dll
C:\Users\HANNANs MAIN\AppData\Local\Temp\vcredist_x86.exe
C:\Users\INTERNET and EMAIL\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpous71p.dll
C:\Users\INTERNET and EMAIL\AppData\Local\Temp\hib9128.exe
C:\Users\INTERNET and EMAIL\AppData\Local\Temp\InstallIMVU_522.0.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-19 00:35

==================== End of FRST.txt ============================
  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by HANNANs MAIN (2016-01-24 12:12:34)
Running from C:\Users\HANNANs MAIN\Downloads
Windows 7 Professional Service Pack 1 (X64) (2014-06-30 05:30:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3000898737-217439702-1717454642-500 - Administrator - Disabled)
Guest (S-1-5-21-3000898737-217439702-1717454642-501 - Limited - Disabled)
HANNANs MAIN (S-1-5-21-3000898737-217439702-1717454642-1000 - Administrator - Enabled) => C:\Users\HANNANs MAIN
HomeGroupUser$ (S-1-5-21-3000898737-217439702-1717454642-1007 - Limited - Enabled)
INTERNET and EMAIL (S-1-5-21-3000898737-217439702-1717454642-1001 - Limited - Enabled) => C:\Users\INTERNET and EMAIL
Sony Reader #2 (S-1-5-21-3000898737-217439702-1717454642-1008 - Administrator - Enabled) => C:\Users\Sony Reader #2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Microsoft Security Essentials (Enabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Out of date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton Internet Security (Enabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.09 - GIGABYTE)
µTorrent (HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.0 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AutoGreen B10.1021.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B10.1021.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre 64bit (HKLM\...\{2342B0FF-6738-4AD5-9BD2-563C55ED9D63}) (Version: 2.28.0 - Kovid Goyal)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
DMIView B8.0717.01 (HKLM-x32\...\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}) (Version: 1.4 - Gigabyte)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
Easy Tune 6 B10.1024.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.1024.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Elevated Installer (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
e-tax 2014 (HKLM-x32\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.10.788 - Australian Taxation Office)
Face_Wizard B10.1005.01 (HKLM-x32\...\{E76FCE6B-9999-4250-8C75-B2DA4AD41268}) (Version: 1.00.0000 - Gigabyte)
Free Audio Converter version 5.0.56.128 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.56.128 - DVDVideoSoft Ltd.)
Free MP4 Video Converter version 5.0.46.820 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.46.820 - DVDVideoSoft Ltd.)
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.0.10.1211 - DVDVideoSoft Ltd.)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b292f4e5-60ca-4bb8-8810-e5f908c3c1ff}) (Version: 4.1.10.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
iCare Data Recovery Professional 4.6.4 (HKLM-x32\...\iCare Data Recovery Professional_is1) (Version: - iCare Software)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDriveConnect 4.0.7.2442 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.7.2442 - TomTom)
Nero 8 Essentials (HKLM-x32\...\{10B5900B-1217-458E-B3DA-E0A2E4A01033}) (Version: 8.10.366 - Nero AG)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Online Plug-in (x32 Version: 14.3.100.10 - Citrix Systems, Inc.) Hidden
Paragon Partition Manager™ 2014 Free (HKLM-x32\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Reader for PC (HKLM-x32\...\{D279DFB7-97A3-439D-8BE9-95D8AFA68562}) (Version: 2.4.01.10241 - Sony Corporation)
RealDownloader (x32 Version: 18.1.2.176 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.2.179 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.2 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.26.902.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6194 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.20.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.20.0 - Renesas Electronics Corporation) Hidden
Self-service Plug-in (x32 Version: 4.3.100.10167 - Citrix Systems, Inc.) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION
Smart 6 B10.1023.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
Solid YouTube Downloader and Converter 6.2.0.1 (HKLM-x32\...\{1E911896-3755-4272-99B1-4D18D24D0E19}_is1) (Version: - DreamVideoSoft,Inc.)
Splashtop Connect IE (HKLM-x32\...\{F9F5EF72-18CF-4DCF-A721-EC86B94DAC46}) (Version: 1.1.12.1 - Splashtop Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Stellar Phoenix Windows Data Recovery - Professional (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Professional_is1) (Version: 5.0.0.0 - Stellar Information Systems Ltd)
Update Manager B10.0728.1 (HKLM-x32\...\{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}) (Version: 1.00.0000 - Gigabyte)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Web Companion (HKLM-x32\...\{6fe952c2-897a-42bb-8df9-7fe31f40dbf2}) (Version: 2.1.1265.2535 - Lavasoft)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0875B8FE-5303-42DB-BCF2-C028D5A06BE2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-06] (Microsoft Corporation)
Task: {095867A2-F65A-4650-A8C0-F9B461A7EE3F} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-10-29] ()
Task: {0E87EB17-72B3-4F1E-811F-A9AAAA824EAE} - System32\Tasks\Inst_Rep => C:\Users\HANNANs MAIN\AppData\Local\Installer\Install_11042\nslBC30.tmp [2016-01-20] () <==== ATTENTION
Task: {122E5B9D-CBCB-4020-A617-0D82320406E8} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3000898737-217439702-1717454642-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {31E46497-8FA1-4E14-A08B-6DCD131EF382} - System32\Tasks\IBUpd2 => C:\Users\HANNANs
Task: {323A98AF-2BF2-45AA-96D9-0A2BC1CDFBB6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {3C5B669B-9878-42B4-ACB9-B560FA406BFD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {4C77EE6F-EEE6-4379-81D1-9E716C2BBA02} - System32\Tasks\Frarnuxof => C:\ProgramData\Frarnuxof\1.0.7.1\nooxsovi.exe [2016-01-23] ()
Task: {56928D47-9832-4522-863E-68ADBAD9B355} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5F6F9F7C-4975-4033-BAD6-895BD2726841} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {5F779B95-D049-4B6C-8A53-E844AAC897FF} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {87360316-F61B-4547-AF6D-9EB418B508EB} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-09] (Dropbox, Inc.)
Task: {948DD062-983A-41C9-ABFB-4D1D84B827A1} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-11-04] ()
Task: {94A796FD-E686-4A71-8C88-E1FEDBE97D0D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3000898737-217439702-1717454642-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {9A7D0054-245E-4FDF-BE1D-B70C834EF5AC} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-06] (Microsoft Corporation)
Task: {AAA1B54F-A96C-4851-AF3B-4C25A50FF97F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {B16C6302-EACD-4D23-ABC5-CCAB4D7A360B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {B8DD3F8C-E777-484E-8A4C-6ED6E3583615} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-09] (Dropbox, Inc.)
Task: {BCCE3DDF-C38A-45E8-A4C7-46E2F06612E5} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {BE6B53DF-BDAA-411E-B8A5-0E56725B8FFB} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3000898737-217439702-1717454642-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-11-04] (RealNetworks, Inc.)
Task: {D169FCA8-8B36-4E3D-92C4-28A9873692FC} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3000898737-217439702-1717454642-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {DBDA89A2-4327-436A-9A92-3885E0AA843D} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3000898737-217439702-1717454642-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E7188AFC-5440-4865-B735-F94376C97B29} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {E9AEAF8C-C745-41EA-96BC-81AF2E889FCB} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-08-06] (Symantec Corporation)
Task: {EEBF828C-53CD-46AF-BD20-73F0944C9849} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\HANNANs MAIN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Games.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /c "start hxxp://socialgames.splashtop.com/redirectGames/?oem=protobcu01^&os=Windows^&p=H67A-UD3H-B3^&pv=1.1.12^&v=1^&flv=^&c=3081^&t=e494e99a96d533538bccca08af565816^&l=en-AU"

==================== Loaded Modules (Whitelisted) ==============

2014-07-03 18:59 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-23 08:54 - 2016-01-23 08:54 - 00156672 _____ () C:\ProgramData\Frarnuxof\1.0.7.1\nooxsovi.exe
2016-01-20 11:08 - 2016-01-20 11:08 - 00274432 _____ () C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7\knscB556.tmpfs
2015-11-04 15:20 - 2015-11-04 15:20 - 00033088 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2015-12-14 08:29 - 2015-12-14 08:29 - 00017168 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-12-14 08:29 - 2015-12-14 08:29 - 00008976 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-12-14 08:29 - 2015-12-14 08:29 - 00028432 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2016-01-20 19:43 - 2016-01-20 19:43 - 00416256 _____ () C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7\hnssF3E4.tmp
2016-01-20 19:43 - 2016-01-20 19:43 - 00307712 _____ () C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7\jnsxD49F.tmp
2014-06-30 16:47 - 2014-06-30 16:47 - 00008704 _____ () C:\Windows\assembly\GAC_64\GBHO\1.0.0.0__709f1911357dc329\GBHO.dll
2008-03-25 17:21 - 2014-07-02 12:21 - 00219760 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-11-04 13:28 - 2015-11-04 13:28 - 00719632 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2014-08-25 21:40 - 2015-12-11 01:34 - 00110952 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2015-02-09 22:37 - 2015-12-11 01:34 - 00104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2015-02-09 22:37 - 2015-12-11 01:34 - 00020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2014-08-25 21:40 - 2015-12-11 01:34 - 00253800 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\collector.dll
2014-08-25 21:40 - 2015-12-11 01:34 - 00295272 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\stat.dll
2015-02-09 22:37 - 2015-12-11 01:34 - 00044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2015-11-04 15:20 - 2015-11-04 15:20 - 00037720 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2015-11-04 15:19 - 2015-11-04 15:19 - 00039768 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2015-11-04 15:20 - 2015-11-04 15:20 - 00037728 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2014-07-03 19:12 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-07-03 19:12 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-07-03 19:12 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-07-03 19:12 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-07-03 19:12 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-10-24 14:58 - 2014-07-02 12:22 - 02887751 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll
2010-10-22 19:02 - 2014-07-02 12:22 - 00651327 _____ () C:\Program Files (x86)\GIGABYTE\ET6\work.dll
2010-01-12 17:09 - 2014-07-02 12:22 - 01331266 _____ () C:\Program Files (x86)\GIGABYTE\ET6\SF.dll
2008-05-07 15:22 - 2008-05-07 15:22 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll
2010-10-19 10:59 - 2014-07-02 12:21 - 00069632 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll
2009-12-22 16:52 - 2014-07-02 12:23 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll
2010-06-24 15:50 - 2010-06-24 15:50 - 00094208 _____ () C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll
2010-09-30 08:45 - 2010-09-30 08:45 - 00126976 _____ () C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll
2014-07-02 12:26 - 2014-07-02 12:26 - 00024576 _____ () C:\Program Files (x86)\GIGABYTE\ET6\STT.dll
2010-10-19 20:27 - 2014-07-02 12:22 - 01499200 _____ () C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll
2009-10-21 14:07 - 2014-07-02 12:21 - 01335358 _____ () C:\Program Files (x86)\GIGABYTE\ET6\HM.dll
2010-10-21 20:50 - 2014-07-02 12:21 - 01433674 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll
2003-02-14 14:11 - 2003-02-14 14:11 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll
2010-06-10 15:52 - 2014-07-02 12:19 - 01318984 _____ () C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll
2010-03-12 05:40 - 2014-07-02 12:22 - 03860520 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Platform.dll
2010-03-12 05:40 - 2014-07-02 12:21 - 00579616 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Device.dll
2010-10-22 10:41 - 2014-07-02 12:21 - 00311296 _____ () C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.DLL
2015-12-14 08:29 - 2015-12-14 08:29 - 00113424 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-12-14 08:29 - 2015-12-14 08:29 - 00044304 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Common.Platform.dll
2015-12-14 08:29 - 2015-12-14 08:29 - 00010000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.UpdateComponents.dll
2015-12-14 08:29 - 2015-12-14 08:29 - 00272656 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2015-12-14 08:29 - 2015-12-14 08:29 - 00022288 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AvastWrapper.dll
2015-12-14 08:29 - 2015-12-14 08:29 - 00046864 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-12-14 08:29 - 2015-12-14 08:29 - 00012560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2015-12-14 08:29 - 2015-12-14 08:29 - 00120080 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-12-14 08:29 - 2015-12-14 08:29 - 00036112 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2015-12-01 21:20 - 2015-12-01 21:20 - 00089360 _____ () C:\Program Files (x86)\Real\RealPlayer\CrashRpt\CrashRpt1402.dll
2015-12-01 21:19 - 2015-12-01 21:19 - 00022312 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\mediautil.dll
2015-12-01 21:19 - 2015-12-01 21:19 - 01520936 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\avformat-55.dll
2015-12-01 21:19 - 2015-12-01 21:19 - 04274984 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\avcodec-55.dll
2015-12-01 21:19 - 2015-12-01 21:19 - 00322856 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\avutil-52.dll
2014-10-24 21:34 - 2014-10-24 21:34 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2014-04-25 21:46 - 2014-04-25 21:46 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
2015-12-13 13:34 - 2015-10-31 10:59 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2015-12-13 13:33 - 2015-10-31 11:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2015-12-13 13:33 - 2015-12-09 07:36 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd
2015-12-13 13:33 - 2015-12-09 07:36 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd
2015-12-13 13:33 - 2015-12-09 07:36 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd
2015-12-13 13:33 - 2015-10-31 10:59 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-13 13:34 - 2015-10-31 10:59 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-13 13:34 - 2015-10-31 10:59 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-13 13:34 - 2015-12-09 07:36 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-13 13:34 - 2015-10-31 11:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2015-12-13 13:33 - 2015-10-31 10:59 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-13 13:34 - 2015-12-09 07:36 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-13 13:34 - 2015-10-31 10:59 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2015-12-13 13:33 - 2015-12-09 07:36 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-13 13:34 - 2015-10-31 11:00 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2015-12-13 13:33 - 2015-12-09 07:36 - 01737032 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2015-12-13 13:33 - 2015-12-09 07:36 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-13 13:34 - 2015-12-09 07:36 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-13 13:34 - 2015-12-09 07:36 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-13 13:33 - 2015-12-09 07:36 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2015-12-13 13:34 - 2015-10-31 11:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-13 13:33 - 2015-10-31 11:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-13 13:34 - 2015-10-31 11:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-13 13:34 - 2015-12-09 07:36 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-13 13:34 - 2015-10-31 11:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2015-12-13 13:34 - 2015-10-31 11:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-13 13:34 - 2015-10-31 11:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-13 13:34 - 2015-10-31 11:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-13 13:34 - 2015-10-31 11:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2015-12-13 13:34 - 2015-10-31 11:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-13 13:34 - 2015-10-31 11:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-13 13:33 - 2015-12-09 07:36 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2015-12-13 13:33 - 2015-10-31 11:00 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2015-12-13 13:34 - 2015-10-31 11:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2015-12-13 13:33 - 2015-12-09 07:36 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2015-12-13 13:34 - 2015-12-09 07:36 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-13 13:34 - 2015-10-31 10:59 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2015-12-13 13:33 - 2015-10-31 10:59 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2015-12-13 13:33 - 2015-10-31 11:00 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2015-12-13 13:33 - 2015-12-09 07:36 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-13 13:33 - 2015-12-09 07:36 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2015-12-13 13:33 - 2015-12-09 07:36 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd
2015-12-13 13:34 - 2015-10-31 11:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2015-12-13 13:33 - 2015-12-09 07:36 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2015-12-13 13:33 - 2015-12-09 07:36 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-13 13:34 - 2015-10-31 11:00 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2015-12-13 13:33 - 2015-12-09 07:36 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2015-12-13 13:33 - 2015-12-09 07:36 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2015-12-13 13:33 - 2015-12-09 07:36 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2015-12-13 13:33 - 2015-12-09 07:36 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2015-12-13 13:33 - 2015-12-09 07:36 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2015-12-13 13:33 - 2015-12-09 07:36 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-13 13:34 - 2015-12-09 07:36 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-11-04 13:20 - 2015-11-04 13:20 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2015-12-01 21:19 - 2015-12-01 21:19 - 00653608 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Lib\r1api.dll
2015-11-04 13:28 - 2015-11-04 13:28 - 00077584 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2bf7ecd8-bffc-11e5-9883-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2bf7ecd9-bffc-11e5-9883-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2bf7ecda-bffc-11e5-9883-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2bf7ecdb-bffc-11e5-9883-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2bf7ecdc-bffc-11e5-9883-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2bf7ecdd-bffc-11e5-9883-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2c8a45ff-bcf3-11e5-827a-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2c8a4600-bcf3-11e5-827a-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2c8a4601-bcf3-11e5-827a-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2c8a4602-bcf3-11e5-827a-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2c8a4603-bcf3-11e5-827a-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2c8a4604-bcf3-11e5-827a-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{f7ccf01d-bf5b-11e5-a152-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{f7ccf01e-bf5b-11e5-a152-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{f7ccf01f-bf5b-11e5-a152-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{f7ccf020-bf5b-11e5-a152-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{f7ccf021-bf5b-11e5-a152-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{f7ccf022-bf5b-11e5-a152-1c6f65ab92e7}
AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE trusted site: HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2016-01-21 20:52 - 00450864 ____R C:\Windows\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info

There are 15465 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3000898737-217439702-1717454642-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HANNANs MAIN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{20317BFF-8444-46C6-A1DB-DF5915B935C5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{15A9B8DB-3F6A-4729-A2C2-653767FFF67C}] => (Allow) LPort=2869
FirewallRules: [{7A17D30E-A7B8-4FCE-8D0D-10F263CDD09B}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{56956A1A-DADF-4799-94E8-670FCD23BC63}C:\users\internet and email\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\internet and email\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{0A849686-8AC6-4049-83E0-091550E6C8AF}C:\users\internet and email\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\internet and email\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{7440E201-EF15-4B8A-BA83-1E19DBB6368A}C:\program files (x86)\gigabyte\updmanager\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [UDP Query User{8E08B4AD-8310-4D9A-A60C-C4B411504196}C:\program files (x86)\gigabyte\updmanager\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [TCP Query User{D8520DF3-A2C3-42DA-B005-616B6369A827}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\gbtupd.exe
FirewallRules: [UDP Query User{841189E2-9F6B-4EC1-8C8F-25F67945C3E2}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\gbtupd.exe
FirewallRules: [{36109581-881B-4EBE-BD9A-8C73866D55E8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B9F353D8-2F40-4954-8ADB-D63CF27F024A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7BF618FC-CD1C-4A4C-8B3A-8A81BFF07408}C:\users\internet and email\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\internet and email\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{EF7D32D0-CA5F-4808-ADD4-38D2BD9D373C}C:\users\internet and email\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\internet and email\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{F1FC6797-D390-49D5-A015-48B2DB9D29CB}] => (Allow) C:\Users\INTERNET and EMAIL\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6087F17F-8A90-4F75-A8C6-6F0660445AF0}] => (Allow) C:\Users\INTERNET and EMAIL\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{6FB1C221-C1E5-4E19-A1D2-2207EF54551A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C186E074-E394-4CC2-9AD7-9D5DE83A356F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{58762716-9522-4926-9AC7-0AF54BFAC742}C:\program files (x86)\gigabyte\updmanager\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [UDP Query User{41945DC9-4F51-47A3-BA6C-7858EB590547}C:\program files (x86)\gigabyte\updmanager\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [TCP Query User{DBEF9804-E5C6-485A-A346-913E24ABF383}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\gbtupd.exe
FirewallRules: [UDP Query User{CAE35752-D40E-4017-84C2-1DB619582455}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\gbtupd.exe
FirewallRules: [{DDC0F040-2644-4078-BD0B-D0285AAF7F79}] => (Allow) LPort=7770
FirewallRules: [{CC3C2D5A-ED41-4026-AD6F-2E19AB9A1EE9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{110E2F16-09A6-4240-9747-B83575FBA6EF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB07503A-5BA8-41F6-BF0B-EB286EB83EE5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3FA662E2-EAE4-462C-AAA4-59CD062D3D51}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{78DE9EB4-8A00-48AF-BED9-28AEDDAD13CC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E5EE256F-A0E1-430C-A479-A23ADD8FEC70}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{90EF56FD-FB94-46E8-AF8B-66FD3ACD53D0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3B421501-0282-42EB-9D1F-643BB64EC9E7}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [TCP Query User{A24FA1AD-F6E1-4AA1-AEAB-DD2F0B2F5497}C:\users\internet and email\appdata\roaming\utorrent\updates\3.4.5_41372.exe] => (Block) C:\users\internet and email\appdata\roaming\utorrent\updates\3.4.5_41372.exe
FirewallRules: [UDP Query User{59ACA81E-FD8C-4588-B1F5-DC25F0C2BFA1}C:\users\internet and email\appdata\roaming\utorrent\updates\3.4.5_41372.exe] => (Block) C:\users\internet and email\appdata\roaming\utorrent\updates\3.4.5_41372.exe
FirewallRules: [{74E5C149-1465-4D3D-9983-3FC42CAD8F3A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{81271075-1A70-43A5-AA27-0BD9DDEAE421}C:\users\hannans main\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\hannans main\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{C6E714BB-BBA8-45A2-BE99-103F9D5909CC}C:\users\hannans main\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\hannans main\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{F9576F2F-31B0-4A4A-963F-2CF914F0B2F9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CE3B6ED6-7AD9-486D-8B2F-A4FDB1CD60E7}] => (Allow) C:\Users\HANNANs MAIN\AppData\Local\BrowserAir\Application\BrowserAir.exe
FirewallRules: [{0E15A04C-BC88-496A-BD04-397300C7955B}] => (Allow) C:\Program Files (x86)\Microsoft.NET\v2.0.507237\msnetcore.exe
FirewallRules: [{64655445-7193-48A9-9979-966E9626D903}] => (Allow) C:\Program Files (x86)\Microsoft.NET\v2.0.507237\client.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

06-12-2015 19:00:28 Windows Backup
08-12-2015 21:39:16 Windows Update
10-12-2015 03:00:11 Windows Update
13-12-2015 12:38:17 Windows Update
13-12-2015 19:00:12 Windows Backup
17-12-2015 12:38:45 Windows Update
19-12-2015 03:00:10 Windows Update
20-12-2015 19:00:19 Windows Backup
22-12-2015 07:14:35 Windows Update
26-12-2015 07:14:48 Windows Update
27-12-2015 19:00:33 Windows Backup
29-12-2015 18:05:27 Windows Update
02-01-2016 18:05:28 Windows Update
03-01-2016 20:09:31 Windows Backup
06-01-2016 19:37:40 Windows Update
10-01-2016 02:26:41 Windows Update
10-01-2016 19:00:22 Windows Backup
13-01-2016 11:31:38 Windows Update
14-01-2016 03:00:14 Windows Update
15-01-2016 03:00:18 Windows Update
17-01-2016 19:00:32 Windows Backup
18-01-2016 18:32:58 Windows Update
21-01-2016 19:54:27 Revo Uninstaller's restore point - WindoWeather 1.0
21-01-2016 20:03:51 Revo Uninstaller's restore point - DNS Unlocker version 1.4
21-01-2016 23:39:11 Removed League of Legends
22-01-2016 21:16:46 Windows Update
22-01-2016 22:39:28 Windows Update
23-01-2016 14:36:40 Revo Uninstaller's restore point - GamesDesktop 027.005010215
23-01-2016 14:38:43 Revo Uninstaller's restore point - RegClean Pro
23-01-2016 14:40:22 Revo Uninstaller's restore point - PlayGem 1.0
23-01-2016 14:42:27 Revo Uninstaller's restore point - TV Time
23-01-2016 14:50:33 Revo Uninstaller's restore point - Opera Stable 34.0.2036.50
23-01-2016 14:56:59 Revo Uninstaller's restore point - Google Toolbar for Internet Explorer
24-01-2016 11:59:51 Revo Uninstaller's restore point - speed browser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2016 11:55:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2016 03:13:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2016 02:35:12 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (6464) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (01/23/2016 08:17:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2016 09:06:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2016 11:35:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2016 03:03:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2016 08:08:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BrowserAir.exe version 47.0.0.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4ec

Start Time: 01d1536a5f27aa77

Termination Time: 7

Application Path: C:\Users\HANNANs MAIN\AppData\Local\BrowserAir\Application\BrowserAir.exe

Report Id:

Error: (01/20/2016 08:04:21 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (6948) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (01/20/2016 07:57:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/23/2016 05:55:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/23/2016 02:35:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/23/2016 02:34:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (01/23/2016 09:03:54 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume G: encountered a non-retryable error and could not start. The data contains the error code.

Error: (01/23/2016 09:03:54 AM) (Source: volsnap) (EventID: 16) (User: )
Description: The shadow copies of volume G: were aborted because volume G:, which contains shadow copy storage for this shadow copy, was force dismounted.

Error: (01/23/2016 08:52:20 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Microsoft .Net Framework v2.0.507237 ALP (X86) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/22/2016 10:39:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/21/2016 11:44:59 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 115.28.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/21/2016 11:44:59 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.213.3421.0

Update Source: %NT AUTHORITY51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/21/2016 11:44:59 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.213.3421.0

Update Source: %NT AUTHORITY51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


==================== Memory info ===========================

Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 38%
Total physical RAM: 8109.42 MB
Available physical RAM: 4973.57 MB
Total Virtual: 16217.05 MB
Available Virtual: 12762.39 MB

==================== Drives ================================

Drive c: (DISK1) (Fixed) (Total:299.9 GB) (Free:127.14 GB) NTFS
Drive e: (DISK1 ) (Fixed) (Total:300.2 GB) (Free:238.46 GB) NTFS
Drive f: (DISK1) (Fixed) (Total:331.32 GB) (Free:279.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6C7C887A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=299.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=300.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=331.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
  • 0

#7
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello again :)

There's some files on your computer that need to uploaded for scanning. Please follow the instructions below scan them.

Step 1: Scan Files
  • Please go to VirusTotal.org by clicking here
  • Please click on Choose File
  • When the window opens, navigate to the location listed in the box below and select file that is listed in that location.

    C:\ProgramData\NpKvXvKyf\nSnXqH.exe

  • Once you have selected the file, click the blue Scan It! button.
  • VirusTotal will scan the file and produce a report for you. Please copy the link the address bar when it shows you the report and post it in your next reply.
Once you have completed the scan of the first file, please follow the instructions again, only this time scan the file listed below:
 

C:\ProgramData\Frarnuxof\1.0.7.1\nooxsovi.exe

Things I need to see in your next post:

Link to each file that was scanned.

  • 0

#8
OldDonH

OldDonH

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

the files have been scanned as requested and the links are below:

 

C:\ProgramData\NpKvXvKyf\nSnXqH.exe :- link is https://www.virustot...sis/1453617321/

 

C:\ProgramData\Frarnuxof\1.0.7.1\nooxsovi.exe :- link is https://www.virustot...sis/1453617519/

 

Cheers

 

Don


  • 0

#9
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :) Thank you for the links. Those files are definitely malware and it's time to show them to the door.

Let's get started. :thumbsup:



Step 1: Warnings

Spybot Search & Destroy
I see that you have Spybot Search & Destroy. We no longer recommend this product because of the poor testing results. I recommend uninstalling this program. If you don't want to uninstall the program then please at least disable Tea Timer while performing any of my instructions. You can re-enable it when we are all done. Instructions for that are here. If you do decide to uninstall the program, first Undo your immunization before uninstalling. You can do that by clicking the Undo button with Spybot S&D and then remove from Add/Remove programs.


The Dangers of P2P Programs

I noticed that you have a P2P file sharing program on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

There are also new infections out there such as CryptoWall 3.0 and CryptoLocker. When infected with these, all of your personal files on any drive connected to your computer will be affected. These infections copy all your files, encrypt them, and then delete the originals, leaving you with the encrypted copies. You are then presented with a screen telling you you have a certain amount of time to pay the ransom for the decryption code to decrypt your files. Even if you pay the ransom, there decryption process usually results in corrupt and unusable files.

There is nothing we can do to decrypt the files, as they use very sophisticated encryption techniques. Please consider this when using P2P programs. Malware and ransomware writers use P2P to spread their infections.


Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Multiple Anti-Virus Warning

Your log indicates you have 2 or more anti-virus programs installed on your machine. They are "Norton" and "Microsoft Security Essentials".
  • Research shows that having multiple anti-virus programs installed is not a good idea. This is a case of more is not better. They will often conflict with each, provide false positives, and additional problems.
  • If you have paid for Norton's, then disable MSE. If not, please remove Nortons and use MSE.
Step 2: Program Uninstall

Please uninstall the following program from your machine as it is an adware/malware related program. If the program fails to uninstall, please move on to the next step.

Setup


Step 3: Fix with FRST

Note: Before performing this step, please move FRST64.exe from C:\Users\HANNANs MAIN\Downloads to your Desktop or the fix will not work. All tools must be downloaded to and run from the desktop.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
() C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7\knscB556.tmpfs
() C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7\hnssF3E4.tmp
() C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7\jnsxD49F.tmp
() C:\ProgramData\Frarnuxof\1.0.7.1\nooxsovi.exe
C:\ProgramData\Frarnuxof
(Ratio Applications) C:\ProgramData\NpKvXvKyf\nSnXqH.exe
C:\ProgramData\NpKvXvKyf
() C:\ProgramData\Frarnuxof\1.0.7.1\nooxsovi.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [mbot_au_014010212] => [X]
HKLM-x32\...\Run: [gmsd_au_005010215] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3000898737-217439702-1717454642-1000\...\MountPoints2: {1cc10c15-01d6-11e4-ad2a-1c6f65ab92e7} - G:\unlock.exe autoplay=true
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => No File
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => No File
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1404377387&from=cor&uid=WDCXWD10EFRX-68PJCN0_WD-WCC4J452882628826&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1404377387&from=cor&uid=WDCXWD10EFRX-68PJCN0_WD-WCC4J452882628826&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1404377387&from=cor&uid=WDCXWD10EFRX-68PJCN0_WD-WCC4J452882628826&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1404377387&from=cor&uid=WDCXWD10EFRX-68PJCN0_WD-WCC4J452882628826&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 -> {13C0AFA4-A510-45d1-ACD0-E40044494920} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 -> {C7E93CBC-FD52-44DC-8FAF-B363FCCCC32E} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G1Kzftpbl02,66986687-5772-4fda-8f21-50b77950fbdb
SearchScopes: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 -> {CB7DDC92-966B-4768-911E-BC095AEDF707} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
Toolbar: HKU\S-1-5-21-3000898737-217439702-1717454642-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1431684967&z=ed7cc0587e2e93790e1ae65gez9c0gaqab3z5tem7t&from=wpm05153&uid=WDCXWD10EFRX-68PJCN0_WD-WCC4J452882628826
FF SearchPlugin: C:\Users\HANNANs MAIN\AppData\Roaming\Mozilla\Firefox\Profiles\q5d82v3n.default\searchplugins\smod.xml [2016-01-20]
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=G1Kzftpbl02,66986687-5772-4fda-8f21-50b77950fbdb&vp=ch&prd=set_ch
FF Homepage: hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=G1Kzftpbl02,66986687-5772-4fda-8f21-50b77950fbdb
FF NewTab: hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=G1Kzftpbl02,66986687-5772-4fda-8f21-50b77950fbdb
R2 nSnXqH; C:\ProgramData\NpKvXvKyf\nSnXqH.exe [3001824 2016-01-23] (Ratio Applications)
R2 wucotusy; C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7\hnssF3E4.tmp [416256 2016-01-20] () [File not signed]
R2 zutuzuni; C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7\jnsxD49F.tmp [307712 2016-01-20] () [File not signed]
R2 posinojyzbt; C:\Program Files (x86)\00000000-1453282982-0000-0000-1C6F65AB92E7\knscB556.tmpfs [X]
S2 SmartViewService; C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [X]
2016-01-24 11:55 - 2016-01-24 12:02 - 00000000 ____D C:\Users\HANNANs MAIN\AppData\Local\speed browser
2016-01-23 19:20 - 2016-01-24 12:02 - 00000000 ____D C:\Program Files (x86)\speed browser
2016-01-23 19:20 - 2016-01-23 19:20 - 00000000 ____D C:\Users\INTERNET and EMAIL\AppData\Local\speed browser
2016-01-23 08:54 - 2016-01-24 12:00 - 00003428 _____ C:\Windows\System32\Tasks\Frarnuxof
2016-01-23 08:54 - 2016-01-23 08:54 - 00000000 ____D C:\ProgramData\Frarnuxof
Task: {0E87EB17-72B3-4F1E-811F-A9AAAA824EAE} - System32\Tasks\Inst_Rep => C:\Users\HANNANs MAIN\AppData\Local\Installer\Install_11042\nslBC30.tmp [2016-01-20] () <==== ATTENTION
C:\Users\HANNANs MAIN\AppData\Local\Installer\Install_11042\nslBC30.tmp
Task: {4C77EE6F-EEE6-4379-81D1-9E716C2BBA02} - System32\Tasks\Frarnuxof => C:\ProgramData\Frarnuxof\1.0.7.1\nooxsovi.exe [2016-01-23] ()
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2bf7ecd8-bffc-11e5-9883-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2bf7ecd9-bffc-11e5-9883-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2bf7ecda-bffc-11e5-9883-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2bf7ecdb-bffc-11e5-9883-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2bf7ecdc-bffc-11e5-9883-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2bf7ecdd-bffc-11e5-9883-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2c8a45ff-bcf3-11e5-827a-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2c8a4600-bcf3-11e5-827a-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2c8a4601-bcf3-11e5-827a-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2c8a4602-bcf3-11e5-827a-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2c8a4603-bcf3-11e5-827a-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{2c8a4604-bcf3-11e5-827a-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{f7ccf01d-bf5b-11e5-a152-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{f7ccf01e-bf5b-11e5-a152-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{f7ccf01f-bf5b-11e5-a152-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{f7ccf020-bf5b-11e5-a152-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{f7ccf021-bf5b-11e5-a152-1c6f65ab92e7}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{f7ccf022-bf5b-11e5-a152-1c6f65ab92e7}
AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 4: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.
Things I need to see in your next post:

Fixlog.txt Log

Fresh FRST.txt Log

Fresh Addition.txt Log

  • 0

#10
OldDonH

OldDonH

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

thank you, will do the things you ask later on today.  when complete I will upload the various logs.

 

cheers

 

don


  • 0

Advertisements


#11
OldDonH

OldDonH

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

I'm confused !!!

 

when you say:

Step 2: Program Uninstall

Please uninstall the following program from your machine as it is an adware/malware related program. If the program fails to uninstall, please move on to the next step.

Setup

 

How do I find and identify this Setup program and am I supposed to use control panel to uninstall it?


  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

You can find the program by clicking on the Start button, then Control Panel, then under Programs click Uninstall a program. When you click that, it will bring up a list of installed programs on the machine. Scroll down until you see the Setup program. Highlight it, and then click Uninstall :thumbsup:
  • 0

#13
OldDonH

OldDonH

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

OK - I started up the control panel - there is no Setup program to uninstall - see attached file uninstall-1

 

I did a search on my hard drive looking for "Setup" the most relevant results are in the attached file uninstall-2

 

 

Thanks

 

 

Attached Thumbnails

  • Unistall-1.png
  • Unistall-2.png

  • 0

#14
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Interesting, it doesn't show in the list of installed programs, but was in the Addition.txt log. Ok, no worries, go ahead and proceed with the rest of the steps. :thumbsup:
  • 0

#15
OldDonH

OldDonH

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

OK will do

 

Don


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP