Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected by Virus win32/virut.EPOB_DEBRIS


  • This topic is locked This topic is locked
12 replies to this topic

#1 mspam

mspam

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 07 August 2015 - 07:34 AM

hi

 

a couple of days ago i installed my friend's usb modem onmy pc as i wanted to access the internet. immeditely after installation finished, Microsoft Security Essential reported that i have been infected by this virus, but that no action was needed asi had been cleaned. however i get the same alert during every start up. I have removed this virus (from microsoft essential) but it is not completely gone. please help me erase this virus before it damages my computer.

 

p.s. please don't close this topic if I take long to respond. my internet access comes and goes so it might take a while for me to respond

 

 

thanx



BC AdBot (Login to Remove)

 


m

#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:22 AM

Posted 07 August 2015 - 08:37 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Let's get going now :thumbup2:

==========================
 
Hi mspam,
 
If virut has taken a hold of your computer then there is very little we can do, but we can see.
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 mspam

mspam
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 07 August 2015 - 01:07 PM

Hi

 

thank you for replying so soon. I'm sweating bullets right now I really hope we can remove this virus before it does damage to my pc. here are the logs.

 

thanx

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-08-2015

Ran by Mandla.Mkhungo (administrator) on MANDLAMKHUNG-PC (07-08-2015 19:27:48)

Running from F:\

Loaded Profiles: Mandla.Mkhungo (Available Profiles: Mandla.Mkhungo)

Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 1 (X86) Language: English (United States)

Internet Explorer Version 8 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_07801e50\stacsv.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Microsoft Corporation) C:\Windows\System32\lpksetup.exe

(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_07801e50\AEstSrv.exe

(Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe

() C:\ProgramData\DatacardService\HWDeviceService.exe

(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe

(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe

(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe

(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Canon Electronics Inc.) C:\Program Files\Canon Electronics\DRM140\TouchDR.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

(Microsoft Corporation) C:\Windows\System32\lpksetup.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2015-08-07] (IDT, Inc.)

HKLM\...\Run: [DR-M140 CaptureOnTouch] => C:\Program Files\Canon Electronics\DRM140\TouchDR.exe [966656 2012-07-19] (Canon Electronics Inc.)

HKU\S-1-5-18\...\Run: [System Canvas] => RunDll32 "C:\Program Files\Common Files\lsalog.dll",Init

AppInit_DLLs: C:\Program Files\Common Files\System\lsaetsrv.dll => C:\Program Files\Common Files\System\lsaetsrv.dll File not found

Lsa: [Notification Packages] 2842loyz.dll aegyja.dll 2zsn.dll at02.dll 224y7qa7.dll 8.dll aa6sp1.dll a0.dll aw4r.dll 21827989.dll a58h295s.dll as2smb.dll a84w.dll 2e2t26.dll 2z0f.dll scecli

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKU\S-1-5-21-1007104677-982394606-2501846651-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/

HKU\S-1-5-21-1007104677-982394606-2501846651-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2015-08-07] (IObit)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} ->  No File

Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll [2007-01-19] (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll [2007-01-19] (Microsoft Corporation)

 

FireFox:

========

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

FF Plugin HKU\S-1-5-21-1007104677-982394606-2501846651-1004: @tools.google.com/Google Update;version=3 -> C:\Users\Mandla.Mkhungo\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-05] (Google Inc.)

FF Plugin HKU\S-1-5-21-1007104677-982394606-2501846651-1004: @tools.google.com/Google Update;version=9 -> C:\Users\Mandla.Mkhungo\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-05] (Google Inc.)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-15]

 

Chrome:

=======

CHR Profile: C:\Users\Mandla.Mkhungo\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (YouTube) - C:\Users\Mandla.Mkhungo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-13]

CHR Extension: (Google Search) - C:\Users\Mandla.Mkhungo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-13]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mandla.Mkhungo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-05]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Mandla.Mkhungo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05]

CHR Extension: (Gmail) - C:\Users\Mandla.Mkhungo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-13]

StartMenuInternet: Google Chrome - C:\Users\Mandla.Mkhungo\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_07801e50\aestsrv.exe [81920 2015-08-07] (Andrea Electronics Corporation)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems)

S3 ALG; C:\windows\System32\alg.exe [59904 2008-01-21] (Microsoft Corporation) [File not signed]

R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]

S3 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [223232 2008-10-23] (Hewlett-Packard Development Company, L.P.) [File not signed]

R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [276048 2013-10-28] ()

R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]

S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-07] (IObit)

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]

S3 msiserver; C:\windows\System32\msiexec.exe [73472 2008-04-18] (Microsoft Corporation) [File not signed]

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)

R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [777240 2008-08-08] (PDF Complete Inc)

S3 RpcLocator; C:\windows\system32\locator.exe [8192 2006-11-02] (Microsoft Corporation) [File not signed]

S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [572928 2008-04-29] (Nokia.) [File not signed]

S3 SNMPTRAP; C:\windows\System32\snmptrap.exe [12800 2006-11-02] (Microsoft Corporation) [File not signed]

R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_07801e50\STacSV.exe [229458 2015-08-07] (IDT, Inc.)

S3 TrustedInstaller; C:\windows\servicing\TrustedInstaller.exe [39680 2008-01-21] (Microsoft Corporation) [File not signed]

S3 UI0Detect; C:\windows\system32\UI0Detect.exe [36096 2008-01-21] (Microsoft Corporation) [File not signed]

S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)

S3 vds; C:\windows\System32\vds.exe [382976 2008-01-21] (Microsoft Corporation) [File not signed]

S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

S3 wmiApSrv; C:\windows\system32\wbem\WmiApSrv.exe [137984 2008-01-21] (Microsoft Corporation) [File not signed]

S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [896512 2008-01-21] (Microsoft Corporation) [File not signed]

S2 VmbService; No ImagePath

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 huawei_cdcacm; C:\windows\System32\DRIVERS\ew_jucdcacm.sys [101504 2013-11-30] (Huawei Technologies Co., Ltd.)

S3 huawei_cdcecm; C:\windows\System32\DRIVERS\ew_jucdcecm.sys [70784 2013-11-30] (Huawei Technologies Co., Ltd.)

S3 huawei_ext_ctrl; C:\windows\System32\DRIVERS\ew_juextctrl.sys [27776 2013-11-30] (Huawei Technologies Co., Ltd.)

R1 HWiNFO32; C:\windows\system32\drivers\HWiNFO32.SYS [23840 2015-08-07] (REALiX™)

S3 hwusb_cdcacm; C:\windows\System32\DRIVERS\ew_cdcacm.sys [108032 2013-12-10] (Huawei Technologies Co., Ltd.)

S3 hwusb_cdcecm; C:\windows\System32\DRIVERS\ew_cdcecm.sys [117504 2013-12-10] (Huawei Technologies Co., Ltd.)

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)

S3 MfeAVFK; C:\windows\System32\drivers\MfeAVFK.sys [79880 2009-03-03] (McAfee, Inc.)

S3 MfeBOPK; C:\windows\System32\drivers\MfeBOPK.sys [35272 2009-03-03] (McAfee, Inc.)

R1 mfehidk; C:\windows\System32\drivers\mfehidk.sys [213768 2009-03-03] (McAfee, Inc.)

S3 MfeRKDK; C:\windows\System32\drivers\MfeRKDK.sys [34216 2009-03-03] (McAfee, Inc.)

R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55176 2009-03-03] (McAfee, Inc.)

R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)

R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1765168 2009-03-26] ()

S3 upperdev; C:\windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2007-11-29] (Windows ® Codename Longhorn DDK provider)

S3 UsbserFilt; C:\windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2007-11-29] (Windows ® Codename Longhorn DDK provider)

S3 ZTEusbnet; C:\windows\System32\DRIVERS\ZTEusbnet.sys [110080 2008-12-08] (ZTE Corporation)

S3 ZTEusbvoice; C:\windows\System32\DRIVERS\ZTEusbvoice.sys [104960 2008-12-08] (ZTE Incorporated)

U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [249728 2013-11-30] (Huawei Technologies Co., Ltd.)

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S1 MpKsl2295fb79; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7D44324B-DD47-4C37-A625-EB5FD621D2FA}\MpKsl2295fb79.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-08-07 19:27 - 2015-08-07 19:27 - 00000000 ____D C:\FRST

2015-08-07 17:41 - 2015-08-07 18:26 - 00098520 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2015-08-07 17:41 - 2015-08-07 17:41 - 00000859 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-08-07 17:41 - 2015-08-07 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-08-07 17:41 - 2015-08-07 17:41 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware

2015-08-07 17:41 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys

2015-08-07 17:41 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys

2015-08-07 17:41 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

2015-08-07 17:38 - 2015-08-07 17:40 - 00001504 _____ C:\Users\Mandla.Mkhungo\Desktop\Rkill.txt

2015-08-07 15:04 - 2015-08-07 15:06 - 00000000 ____D C:\ProgramData\Canon Electronics

2015-08-07 12:02 - 2015-08-07 12:06 - 00000000 ____D C:\Program Files\Canon Electronics

2015-08-07 10:36 - 2015-08-07 10:36 - 00000000 ____D C:\windows\system32\EventProviders

2015-08-07 10:33 - 2015-08-07 10:33 - 00000104 _____ C:\Users\Mandla.Mkhungo\Desktop\Internet - Shortcut.lnk

2015-08-07 10:14 - 2015-08-07 10:14 - 00423424 _____ (IDT, Inc.) C:\windows\system32\Drivers\stwrt.sys

2015-08-07 10:14 - 2015-08-07 10:14 - 00405504 _____ (IDT, Inc.) C:\windows\system32\stcplx.dll

2015-08-07 10:13 - 2015-08-07 10:13 - 00331288 _____ (Intel Corporation) C:\windows\system32\Drivers\iaStor.sys

2015-08-07 09:49 - 2015-08-07 09:49 - 00023840 _____ (REALiX™) C:\windows\system32\Drivers\HWiNFO32.SYS

2015-08-07 09:49 - 2015-08-07 09:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2

2015-08-07 09:41 - 2015-08-07 09:47 - 11792408 _____ (IObit ) C:\Users\Mandla.Mkhungo\Downloads\driver_booster_setup.exe

2015-08-07 09:27 - 2015-08-07 09:27 - 00000802 _____ C:\Users\Public\Desktop\MTN Online.lnk

2015-08-07 09:27 - 2015-08-07 09:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTN Online

2015-08-07 09:26 - 2013-12-10 07:34 - 00117504 _____ (Huawei Technologies Co., Ltd.) C:\windows\system32\Drivers\ew_cdcecm.sys

2015-08-07 09:26 - 2013-12-10 07:34 - 00108032 _____ (Huawei Technologies Co., Ltd.) C:\windows\system32\Drivers\ew_cdcacm.sys

2015-08-07 09:26 - 2013-11-30 11:08 - 00101504 _____ (Huawei Technologies Co., Ltd.) C:\windows\system32\Drivers\ew_jucdcacm.sys

2015-08-07 09:26 - 2013-11-30 11:08 - 00077824 _____ (Huawei Technologies Co., Ltd.) C:\windows\system32\Drivers\ew_jubusenum.sys

2015-08-07 09:26 - 2013-11-30 11:08 - 00070784 _____ (Huawei Technologies Co., Ltd.) C:\windows\system32\Drivers\ew_jucdcecm.sys

2015-08-07 09:26 - 2013-11-30 11:08 - 00027776 _____ (Huawei Technologies Co., Ltd.) C:\windows\system32\Drivers\ew_juextctrl.sys

2015-08-07 09:26 - 2013-11-30 10:56 - 00249728 _____ (Huawei Technologies Co., Ltd.) C:\windows\system32\Drivers\ewusbnet.sys

2015-08-07 09:26 - 2013-11-30 10:54 - 00199296 _____ (Huawei Technologies Co., Ltd.) C:\windows\system32\Drivers\ewusbmdm.sys

2015-08-07 09:26 - 2013-01-25 03:16 - 00095232 _____ (Huawei Technologies Co., Ltd.) C:\windows\system32\Drivers\ew_hwusbdev.sys

2015-08-07 09:26 - 2012-12-22 03:46 - 00011904 _____ (Huawei Technologies Co., Ltd.) C:\windows\system32\Drivers\ew_usbenumfilter.sys

2015-08-07 09:26 - 2010-10-08 10:55 - 00025856 _____ (Huawei Tech. Co., Ltd.) C:\windows\system32\Drivers\ewdcsc.sys

2015-08-07 09:26 - 2010-09-26 12:09 - 00019200 _____ (Huawei Technologies Co., Ltd.) C:\windows\system32\Drivers\ew_hwupgrade.sys

2015-08-07 09:17 - 2015-08-07 09:17 - 00000000 ____D C:\Users\Mandla.Mkhungo\AppData\Roaming\ProductData

2015-08-07 09:15 - 2015-08-07 09:50 - 00000000 ____D C:\ProgramData\ProductData

2015-08-07 09:15 - 2015-08-07 09:49 - 00000000 ____D C:\ProgramData\IObit

2015-08-07 09:15 - 2015-08-07 09:15 - 00001005 _____ C:\Users\Mandla.Mkhungo\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk

2015-08-07 09:15 - 2015-08-07 09:15 - 00000981 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk

2015-08-07 09:14 - 2015-08-07 09:49 - 00000000 ____D C:\Users\Mandla.Mkhungo\AppData\Roaming\IObit

2015-08-07 09:14 - 2015-08-07 09:48 - 00000000 ____D C:\Program Files\IObit

2015-08-07 09:00 - 2015-08-07 09:06 - 15889184 _____ (IObit) C:\Users\Mandla.Mkhungo\Downloads\iobituninstaller.exe

2015-08-06 16:22 - 2015-08-07 09:27 - 00000000 ____D C:\Program Files\MTN Online_1

2015-08-06 13:29 - 2015-08-06 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CapturePerfect 3.1

2015-08-06 13:28 - 2015-08-06 13:28 - 00000000 ____D C:\windows\Pixtran

2015-08-06 13:28 - 2007-01-29 14:34 - 00061440 _____ (Canon Electronics Inc.) C:\windows\system32\SuStiUtl.dll

2015-08-06 13:28 - 2006-05-16 21:40 - 00753936 _____ (EMC Corporation) C:\windows\system32\PIXANNOT.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00463120 _____ (EMC Corporation) C:\windows\system32\PIXJP2K.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00233744 _____ (EMC Corporation) C:\windows\system32\PIXMDLN.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00221456 _____ (EMC Corporation) C:\windows\system32\PIXDFLTN.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00209168 _____ (EMC Corporation) C:\windows\system32\PIXNOTEN.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00180224 _____ (Pegasus Imaging Corp.) C:\windows\system32\PIXN1120.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00176128 _____ (Pegasus Imaging Corp.) C:\windows\system32\PIXN1520.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00155648 _____ (Pegasus Imaging Corp.) C:\windows\system32\PIXN1020.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00119056 _____ (EMC Corporation) C:\windows\system32\PIXJBGN.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00114688 _____ (Pegasus Imaging Corp.) C:\windows\system32\PIXN1320.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00102672 _____ (EMC Corporation) C:\windows\system32\PIXTIFFN.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00094480 _____ (EMC Corporation) C:\windows\system32\PIXAPS.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00074000 _____ (EMC Corporation) C:\windows\system32\PIXNAMEN.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00074000 _____ (EMC Corporation) C:\windows\system32\PIXLOCN.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00069904 _____ (EMC Corporation) C:\windows\system32\PIXDLGN.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00057616 _____ (EMC Corporation) C:\windows\system32\PIXLZWN.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00053520 _____ (EMC Corporation) C:\windows\system32\PIXPERMN.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00051712 _____ (Pegasus Imaging Corp.) C:\windows\system32\PIXN20.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00049424 _____ (EMC Corporation) C:\windows\system32\PIXTHK32.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00045328 _____ (EMC Corporation) C:\windows\system32\PIXSLN.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00045328 _____ (EMC Corporation) C:\windows\system32\PIXRAMN.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00045328 _____ (EMC Corporation) C:\windows\system32\PIXPANN.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00045328 _____ (EMC Corporation) C:\windows\system32\PIXMPN.DLL

2015-08-06 13:28 - 2006-05-16 21:40 - 00045328 _____ (EMC Corporation) C:\windows\system32\PIXMDLGN.DLL

2015-08-06 13:28 - 2006-05-16 21:23 - 00006416 _____ (EMC Corporation) C:\windows\system32\PIXTHK16.DLL

2015-08-06 13:28 - 2006-05-16 21:22 - 00231552 _____ (EMC Corporation) C:\windows\system32\PIXDFLT.DLL

2015-08-06 13:28 - 2006-05-16 21:22 - 00023152 _____ (EMC Corporation) C:\windows\system32\PIXPERM.DLL

2015-08-06 13:28 - 2006-05-16 21:22 - 00016048 _____ (EMC Corporation) C:\windows\system32\PIXLOC.DLL

2015-08-06 13:28 - 2006-05-16 21:19 - 00327680 _____ (The University of New South Wales) C:\windows\system32\PIXJP2KI.DLL

2015-08-06 13:28 - 2006-05-16 21:19 - 00051959 _____ C:\windows\system32\PIXNAME.HLP

2015-08-06 13:28 - 2006-05-16 21:19 - 00021008 _____ (Microsoft Corporation) C:\windows\system32\CTL3D.DLL

2015-08-06 13:28 - 2005-02-10 18:17 - 00011968 _____ (Pixel Translations Incorporated) C:\windows\system32\PIXMDLLC.CPL

2015-08-06 13:12 - 2015-08-06 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon DR-M140

2015-08-06 13:12 - 2006-12-01 22:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\msvcp80.dll

2015-08-06 13:12 - 2005-09-23 07:29 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\msvcr80.dll

2015-08-06 13:12 - 2005-09-23 01:16 - 01093632 _____ (Microsoft Corporation) C:\windows\system32\mfc80.dll

2015-08-06 10:45 - 2015-08-06 10:45 - 00004424 _____ C:\malwarebytes scan log.xml

2015-08-06 09:10 - 2015-08-06 12:51 - 00000000 ____D C:\Users\Mandla.Mkhungo\AppData\Local\CrashDumps

2015-08-06 09:04 - 2015-08-07 15:27 - 00000000 ____D C:\ProgramData\RogueKiller

2015-08-06 09:04 - 2015-08-07 15:11 - 00035064 _____ C:\windows\system32\Drivers\TrueSight.sys

2015-08-06 08:23 - 2015-08-06 08:23 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-08-06 08:04 - 2015-08-06 08:10 - 00000000 ____D C:\windows\system32\MRT

2015-08-06 07:55 - 2015-08-06 07:55 - 00000000 ____D C:\Program Files\Common Files\DESIGNER

2015-08-05 11:37 - 2015-08-05 11:37 - 00000000 ____D C:\Program Files\Google

2015-08-05 11:28 - 2015-08-05 11:28 - 00008224 _____ C:\windows\system32\GDIPFONTCACHEV1.DAT

2015-08-05 08:18 - 2015-08-05 08:18 - 00000000 ____D C:\ProgramData\MTN Online_1

2015-08-05 08:17 - 2012-08-20 02:37 - 01112288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfCoInstaller01007.dll

2015-08-05 08:05 - 2015-08-07 09:28 - 00000000 ____D C:\ProgramData\DatacardService

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-08-07 19:27 - 2012-11-28 19:20 - 00029114 _____ C:\windows\setupact.log

2015-08-07 19:24 - 2006-11-02 14:58 - 00000006 ____H C:\windows\Tasks\SA.DAT

2015-08-07 19:24 - 2006-11-02 14:45 - 00005248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-08-07 19:24 - 2006-11-02 14:45 - 00005248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-08-07 18:18 - 2006-11-02 14:58 - 00032572 _____ C:\windows\Tasks\SCHEDLGU.TXT

2015-08-07 18:15 - 2009-09-05 18:59 - 01443827 _____ C:\windows\WindowsUpdate.log

2015-08-07 18:03 - 2012-04-24 10:01 - 00000944 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1007104677-982394606-2501846651-1004UA.job

2015-08-07 18:02 - 2008-01-21 05:02 - 00037216 _____ C:\windows\PFRO.log

2015-08-07 16:04 - 2008-04-16 20:45 - 00763574 _____ C:\windows\system32\PerfStringBackup.INI

2015-08-07 13:03 - 2012-04-24 10:01 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1007104677-982394606-2501846651-1004Core.job

2015-08-07 10:16 - 2009-09-05 10:11 - 00000000 ____D C:\Users\Mandla.Mkhungo

2015-08-07 10:14 - 2009-09-05 10:18 - 12628060 _____ (IDT, Inc.) C:\windows\system32\idtcpl.cpl

2015-08-07 10:14 - 2009-09-05 10:18 - 03354624 _____ (IDT, Inc.) C:\windows\system32\stlang.dll

2015-08-07 10:14 - 2009-09-05 10:18 - 00495708 _____ (IDT, Inc.) C:\windows\sttray.exe

2015-08-07 10:14 - 2009-09-05 10:18 - 00380928 _____ (Andrea Electronics Corporation) C:\windows\system32\aestecap.dll

2015-08-07 10:14 - 2009-09-05 10:18 - 00140288 _____ (Andrea Electronics Corporation) C:\windows\system32\aestacap.dll

2015-08-07 10:14 - 2009-09-05 10:18 - 00086016 _____ (Andrea Electronics Corporation) C:\windows\system32\AESTCom.dll

2015-08-07 10:14 - 2009-09-05 10:18 - 00061440 _____ (Andrea Electronics Corporation) C:\windows\system32\aestaren.dll

2015-08-07 10:14 - 2009-09-05 10:17 - 00175616 _____ (IDT, Inc.) C:\windows\system32\staco.dll

2015-08-07 10:14 - 2009-09-05 10:16 - 00940544 _____ (IDT, Inc.) C:\windows\system32\stapo.dll

2015-08-07 10:14 - 2009-09-05 10:16 - 00527360 _____ (IDT, Inc.) C:\windows\system32\stapi32.dll

2015-08-07 08:45 - 2009-05-20 09:20 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-08-07 08:13 - 2009-05-20 09:20 - 00000000 ____D C:\Program Files\Microsoft Office

2015-08-06 13:41 - 2015-01-31 05:58 - 00000000 ____D C:\Users\Mandla.Mkhungo\Desktop\DISSERTATION

2015-08-06 13:32 - 2009-05-20 09:32 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

2015-08-06 13:05 - 2015-05-23 14:34 - 00000000 ____D C:\Users\Mandla.Mkhungo\AppData\Local\Downloaded Installations

2015-08-06 08:57 - 2006-11-02 13:18 - 00000000 ____D C:\windows\Speech

2015-08-06 08:13 - 2012-09-22 12:53 - 00001786 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2015-08-06 08:13 - 2012-04-24 11:53 - 00001945 _____ C:\windows\epplauncher.mif

2015-08-06 08:12 - 2012-04-24 11:52 - 00000000 ____D C:\Program Files\Microsoft Security Client

2015-08-06 07:45 - 2006-11-02 13:18 - 00000000 ____D C:\Program Files\Common Files\System

2015-08-06 07:45 - 2006-11-02 12:23 - 00000219 _____ C:\windows\win.ini

2015-08-05 14:20 - 2012-04-24 10:15 - 00000000 ____D C:\Users\Mandla.Mkhungo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-08-05 13:53 - 2009-09-05 10:11 - 00000000 ____D C:\Users\Mandla.Mkhungo\AppData\Local\VirtualStore

2015-08-05 12:03 - 2011-05-20 22:57 - 00000000 ____D C:\Users\Mandla.Mkhungo\Desktop\New Folder (5)

2015-08-05 11:32 - 2009-09-05 10:31 - 00133664 _____ C:\Users\Mandla.Mkhungo\AppData\Local\GDIPFONTCACHEV1.DAT

2015-08-05 11:24 - 2006-11-02 14:44 - 00452896 _____ C:\windows\system32\FNTCACHE.DAT

2015-07-24 08:05 - 2015-02-24 18:14 - 00000000 ____D C:\Users\Mandla.Mkhungo\Documents\UGU FILES

 

==================== Files in the root of some directories =======

 

2009-11-23 18:33 - 2009-10-27 14:58 - 0054093 _____ () C:\Program Files\EULA.eng

2010-02-27 10:21 - 2011-06-04 09:51 - 0000008 _____ () C:\Users\Mandla.Mkhungo\AppData\Roaming\NMM-MetaData.db

2009-09-05 10:32 - 2009-09-05 10:32 - 0000000 _____ () C:\Users\Mandla.Mkhungo\AppData\Local\AtStart.txt

2010-01-30 11:05 - 2010-03-21 21:02 - 0005120 _____ () C:\Users\Mandla.Mkhungo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2009-09-05 10:32 - 2009-09-05 10:32 - 0000000 _____ () C:\Users\Mandla.Mkhungo\AppData\Local\DSwitch.txt

2009-09-05 10:32 - 2009-09-05 10:32 - 0000000 _____ () C:\Users\Mandla.Mkhungo\AppData\Local\QSwitch.txt

2009-09-06 10:33 - 2009-09-06 10:33 - 0000008 __RSH () C:\ProgramData\86163BB42B.sys

2011-04-18 15:39 - 2011-04-18 15:39 - 0226364 ____R () C:\ProgramData\DeviceManager.xml.rc4

2009-05-20 09:40 - 2015-08-05 13:08 - 0000283 _____ () C:\ProgramData\HPWALog.txt

2009-09-06 10:33 - 2011-06-04 09:37 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys

 

Some files in TEMP:

====================

C:\Users\Mandla.Mkhungo\AppData\Local\Temp\dllnt_dump.dll

C:\Users\Mandla.Mkhungo\AppData\Local\Temp\Install_Nokia_Ovi_Suite.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\windows\explorer.exe => File is digitally signed

C:\windows\system32\winlogon.exe => File is digitally signed

C:\windows\system32\wininit.exe => File is digitally signed

C:\windows\system32\svchost.exe => File is digitally signed

C:\windows\system32\services.exe => File is digitally signed

C:\windows\system32\User32.dll => File is digitally signed

C:\windows\system32\userinit.exe => File is digitally signed

C:\windows\system32\rpcss.dll => File is digitally signed

C:\windows\system32\dnsapi.dll => File is digitally signed

C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-08-07 19:31

 

==================== End of log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-08-2015

Ran by Mandla.Mkhungo (2015-08-07 19:30:01)

Running from F:\

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1007104677-982394606-2501846651-500 - Administrator - Disabled)

Guest (S-1-5-21-1007104677-982394606-2501846651-501 - Limited - Disabled)

Mandla.Mkhungo (S-1-5-21-1007104677-982394606-2501846651-1004 - Administrator - Enabled) => C:\Users\Mandla.Mkhungo

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ActiveCheck component for HP Active Support Library (Version: 1.1.18.0 - Hewlett-Packard) Hidden

Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)

Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden

Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - LSI Corporation)

CaptureOnTouch Microsoft SharePoint Plugin (HKLM\...\{3E5F2C55-BEE6-4B0D-92BD-616421A54FC2}) (Version: 1.02.41178 - Canon Electronics Inc.)

CapturePerfect 3.1 (HKLM\...\{50600275-223D-455E-959E-DCA40A037B7B}) (Version: 3.1.2712.1002 - Canon Electronics Inc.)

CPQ Wallpaper (HKLM\...\{F173C2B3-296F-458C-98FF-1676A42EBA02}) (Version: 1.0.1.1 - Hewlett-Packard)

DolbyFiles (Version: 0.1 - Nero AG) Hidden

Driver Booster 2.4 (HKLM\...\Driver Booster_is1) (Version: 2.4 - IObit)

DR-M140 CaptureOnTouch (HKLM\...\{33A0B282-63BC-4F73-8C74-C2FD46C96D69}) (Version: 2.4.212.727 - Canon Electronics Inc.)

DR-M140 UserManual (HKLM\...\{A0F9E198-164A-4868-9DA3-D4F002E26BB1}) (Version: 1.05.0000 - Canon Electronics Inc.)

ESU for Microsoft Vista SP1 (HKLM\...\{AA8EC7A4-EA02-4A72-B14F-65DA485F74C8}) (Version: 2.00.1.3 - Hewlett-Packard)

Google Chrome (HKU\S-1-5-21-1007104677-982394606-2501846651-1004\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)

HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)

HP Help and Support (HKLM\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.3.0 - Hewlett-Packard Company)

HP Quick Launch Buttons 6.50 A1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50 A1 - Hewlett-Packard)

HP Software Setup (HKLM\...\{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}) (Version: 1.0.0.14 - Hewlett-Packard)

HP Update (HKLM\...\{47F36D92-E58E-456D-B73C-3382737E4C42}) (Version: 4.000.013.003 - Hewlett-Packard)

HP User Guides 0140 (HKLM\...\{7A93E19E-220A-4323-9348-BEE8D36FDD44}) (Version: 1.00.0000 - Hewlett-Packard)

HP Webcam (HKLM\...\InstallShield_{F639E2A2-FE6B-4527-B8BE-C1C423B81844}) (Version: 1.0.2710 - CyberLink Corp.)

HP Webcam Driver (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50004.1 - Sonix)

HP Wireless Assistant (HKLM\...\{DC28A406-462D-4A08-A125-3EAF8A64DE4E}) (Version: 3.50.4.1 - Hewlett-Packard)

HPAsset component for HP Active Support Library (Version: 2.0.64.3 - Hewlett-Packard) Hidden

HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden

IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6162.12 - IDT)

ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)

InterVideo WinDVD 8 (HKLM\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5-B0.156 - InterVideo Inc.)

InterVideo WinDVD 8 (Version: 8.5-B0.156 - InterVideo Inc.) Hidden

IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.3.0.122 - IObit)

LightScribe System Software (HKLM\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)

Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB2416447) (HKLM\...\M2416447) (Version:  - )

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MTN Online (HKLM\...\MTN F@stLink) (Version: 23.015.02.02.697 - Huawei Technologies Co.,Ltd)

Nero 9 Essentials (HKLM\...\{224736bb-d1c6-4a9a-9f4c-c873f2b06823}) (Version:  - Nero AG)

Nokia Connectivity Cable Driver (HKLM\...\{4F1DCA42-2030-437C-A94E-736692A499C1}) (Version: 6.86.11.0 - Nokia)

Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 6.86.9.4 - Nokia)

Nokia PC Suite (Version: 6.86.9.4 - Nokia) Hidden

PC Connectivity Solution (HKLM\...\{E9BC886E-0D8A-4EF5-B793-30DB776C6E2C}) (Version: 8.15.1.0 - Nokia)

PDF Complete (HKLM\...\PDF Complete) (Version: 3.5.57 - PDF Complete, Inc.)

Roxio Creator Business (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)

Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.2.0 - Synaptics Incorporated)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Vista Default Settings (HKLM\...\{E05EB9D2-8559-4821-98AC-3D5DA3242D5B}) (Version: 2.0.1.1 - Hewlett-Packard)

Windows Driver Package - Nokia Modem  (03/05/2008 3.7) (HKLM\...\CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A) (Version: 03/05/2008 3.7 - Nokia)

Windows Driver Package - Nokia Modem  (03/13/2008 6.86.0.1) (HKLM\...\E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D) (Version: 03/13/2008 6.86.0.1 - Nokia)

Windows Driver Package - Nokia pccsmcfd  (10/12/2007 6.85.4.0) (HKLM\...\3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F) (Version: 10/12/2007 6.85.4.0 - Nokia)

Windows Live Messenger (HKLM\...\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}) (Version: 8.1.0178.00 - Microsoft Corporation)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{01AF261B-D0CB-11D4-BD20-00A0C9FB3988}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\SM.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Mandla.Mkhungo\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{0A871364-AE20-40BB-A890-4C859164976C}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\CFG.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{0B4AA204-AB61-47E3-B5B4-27DCF375EBAC}\localserver32 -> "CDStart.exe" No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{12974D97-593F-11D3-BD9B-00A0C982CE3E}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\CBI.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{139EA77F-E8B5-432F-BB92-1216962E724A}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\LDRC.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{15E4BB17-7238-44EB-B9B1-14A33D5A0050}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\pmaui.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{1AF21374-DE03-429B-9497-36C6D4936703}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UTL2.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{20CAE592-30B5-11D4-BD69-0090278D538F}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\SCN.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Mandla.Mkhungo\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{22A6A595-2F93-41D0-9023-420AB622B60B}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UTL2.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{22AC09F4-A619-4753-A9B0-61EF67E948DE}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\pmaui.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{272FEA32-7B34-11D3-BDC2-00A0C9D4BB53}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\SCN.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{28C83C91-DFAF-11D2-A2B2-0060081C43D9}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\Actbar2.ocx No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{2BB29E47-BEBB-11D4-BD1C-00A0C9FB3988}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\FP.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{2BB29E7F-BEBB-11D4-BD1C-00A0C9FB3988}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\EXPT.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{2D993C0F-8B34-11D5-9BF0-00C04F6047D8}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\VIEWER.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{2DFAB4FD-5F75-11D3-827F-00A0C982CB4C}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\SCN.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{2EFA68E7-0D79-11D6-AB20-00D0B7A9A45B}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UTL2.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Mandla.Mkhungo\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{30822FB3-C74C-34D3-BD45-0090278D44AE}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\DDP.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{30AEA7AC-554F-11D3-BD93-00A0C982CE3E}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\CBI.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{30AEA7AE-554F-11D3-BD93-00A0C982CE3E}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\CBI.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{322F9009-5569-11D3-BD94-00A0C982CE3E}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\CBI.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{3312A0EA-E0C5-11D4-A229-00D0B7A93974}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\GM.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{338E9310-7C07-11CE-8CA9-00AA0044BB60}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{34653F1C-8B4B-11D5-9BF0-00C04F6047D8}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\PNL.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{381FCE87-812B-430A-845E-E410AC00B49D}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\CFG.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{38761795-2797-49A9-8F15-BD6E43BCEC95}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\EXPT.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{396F7AC9-A0DD-11D3-93EC-00C0DFE7442A}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\vbalIml6.ocx No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{396F7AD1-A0DD-11D3-93EC-00C0DFE7442A}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\vbalIml6.ocx No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{396F7AD5-A0DD-11D3-93EC-00C0DFE7442A}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\vbalIml6.ocx No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{3C06F51D-11CA-11D3-BD54-00A0C9D4BB53}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UTL2.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{3C255E15-561C-11D3-BD95-00A0C982CE3E}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UTL2.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{3C255E16-561C-11D3-BD95-00A0C982CE3E}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UTL2.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{3D74AC17-A698-11D5-BDBC-00A0C9ECF91E}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\FP.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{400D090C-0A10-11D4-BD37-00A0C9ECF91E}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\EXPT.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{400D090F-0A10-11D4-BD37-00A0C9ECF91E}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\EXPT.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{400D0916-0A10-11D4-BD37-00A0C9ECF91E}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\EXP.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{4258C248-7E59-40DC-B17A-CEF5A62624EC}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\SECMCOM.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{46E31370-3F7A-11CE-BED6-00AA00611080}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{483D395F-2399-4365-A35F-A28F4BD7C290}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UP.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{4932CEF4-2CAA-11D2-A165-0060081C43D9}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\Actbar2.ocx No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{4B5E60CA-865F-11DA-8BDE-F66BAD1E3F3A}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\GM.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{4BE87C84-8916-4BE1-A826-E44C6412A81D}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\SM.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{4C599241-6926-101B-9992-00000B65C6F9}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{4E211FC0-5871-11D3-827D-00A0C982CB4C}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\SCN.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{4FA6E110-359F-11D3-B5EE-0060081C43D9}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\Actbar2.ocx No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Mandla.Mkhungo\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{520E355A-C617-4D3B-AE38-9EC4C8FF99B3}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UI_MultiMon.ocx No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5512D110-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5512D112-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5512D114-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5512D116-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5512D118-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5512D11A-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5512D11C-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5512D11E-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5512D122-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5512D124-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5615DA23-204C-45A7-8C1B-142C59DFA226}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\EXPT.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5728F10E-27CC-101B-A8EF-00000B65C5F8}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{584FACBB-A46B-42CF-A2FB-2C788E8F28EA}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\EXPT.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{58A58040-56AB-43E6-9F20-B453B8349804}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\pmaui.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5BAADB36-D13B-4708-B8E6-7FACF1BF6783}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\sg20u.ocx No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5BBDBC63-CFF1-4D6B-802E-C16A79058062}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\DSEL.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5C1ED606-C736-11D3-BD2F-00C04F6047D8}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UP.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5C51D27D-1501-11D4-BD9F-00A0C9FB3988}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\EXPT.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Mandla.Mkhungo\AppData\Local\Google\Chrome\Application\44.0.2403.130\delegate_execute.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5C7207D0-645A-11D3-8281-00A0C982CB4C}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\DSEL.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Mandla.Mkhungo\AppData\Local\Google\Update\1.3.28.1\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5F50A962-5576-11D3-BD94-00A0C982CE3E}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\CBI.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5F50A963-5576-11D3-BD94-00A0C982CE3E}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\CBI.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5FE13094-DC68-11D2-BD29-00A0C982CB4C}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UTL2.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{5FE13101-DC68-11D2-BD29-00A0C982CB4C}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UTL2.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{62A588ED-FBE9-11D3-BD78-0090278D2C56}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\EXPT.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{62A588F7-FBE9-11D3-BD78-0090278D2C56}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\EXPT.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{6396223E-7A2A-11D3-8285-00A0C982CB4C}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\DSEL.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{63962241-7A2A-11D3-8285-00A0C982CB4C}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\DSEL.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{63962244-7A2A-11D3-8285-00A0C982CB4C}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\DSEL.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{652B7DC1-E1CD-43BA-81DE-81B5D56E76B7}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\pmaui.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{68DC006A-5167-41D6-A157-C6A7F63E10FE}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\CFG.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{6923D51B-8434-49F6-AA91-7CAF085EF8E1}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UTL2.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{6BFB4929-1EB8-4500-BDC8-F36DF79D5257}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\SECMCOM.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{6C71BA99-806B-11D3-BD1E-00A0C9ECF8CA}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\IGA.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{6E182020-F460-11CE-9BCD-00AA00608E01}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{70879892-E862-11D3-BD7C-00A0C9ED6D19}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\WL.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{7168A3B8-AFCD-4A0A-B11E-818BB0863E2F}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UTL2.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{75298357-720E-47CC-9206-271AE0981722}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\EXPT.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{7644204c-5eb0-4e21-b225-fc6c1fca74f7}\localserver32 -> C:\Program Files\Nokia\Nokia PC Suite 6\MultimediaPlayer.exe (Nokia)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{78D0CE48-7C0A-11D3-BD2A-0090278D002D}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\CFG.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{79176FB0-B7F2-11CE-97EF-00AA006D2776}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{79A0CC4D-DC4A-11D2-BD28-00A0C982CB4C}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UTL2.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{7B213C1E-735F-4A07-B38F-81A11BCB87FF}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UP.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{7CBBABF0-36B9-11CE-BF0D-00AA0044BB60}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{85BCB4D1-9DF9-44BF-94C0-CF27F1B91658}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UP.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{8629E83E-AB47-11D5-BDBD-00A0C9ECF91E}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\FP.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{89541530-2D31-11D2-A166-0060081C43D9}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\Actbar2.ocx No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{89541531-2D31-11D2-A166-0060081C43D9}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\Actbar2.ocx No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{89541532-2D31-11D2-A166-0060081C43D9}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\Actbar2.ocx No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{89541533-2D31-11D2-A166-0060081C43D9}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\Actbar2.ocx No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{89541534-2D31-11D2-A166-0060081C43D9}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\Actbar2.ocx No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{89541537-2D31-11D2-A166-0060081C43D9}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\Actbar2.ocx No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{8954153A-2D31-11D2-A166-0060081C43D9}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\Actbar2.ocx No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{8954153B-2D31-11D2-A166-0060081C43D9}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\Actbar2.ocx No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{8954153E-2D31-11D2-A166-0060081C43D9}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\Actbar2.ocx No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{8984F8A6-3F52-11D3-BD7E-00A0C9D4BB53}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\ACMD.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{8BD21D10-EC42-11CE-9E0D-00AA006002F3}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{8BD21D20-EC42-11CE-9E0D-00AA006002F3}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{8BD21D30-EC42-11CE-9E0D-00AA006002F3}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{8BD21D40-EC42-11CE-9E0D-00AA006002F3}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{8BD21D50-EC42-11CE-9E0D-00AA006002F3}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{8BD21D60-EC42-11CE-9E0D-00AA006002F3}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{8C3B48FB-4EA5-48CF-AF9C-E5E243A42B19}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\SECMCOM.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{8CEE3C47-BBC0-11D4-BD1C-00A0C9FB3988}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\FP.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{8CFC9D1E-A5E4-4DB0-9CA6-15C2E63153AD}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\GM.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{8E0F551E-62D6-4216-961F-9AABF8CC4FAF}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\DDP.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{913E866D-7C0A-11D3-BD2A-0090278D002D}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\CFG.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{94A038FA-16E3-47B2-894A-7718E0A5755A}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\SECMCOM.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{95BCFAC1-6064-11D3-827F-00A0C982CB4C}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UI.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{9620B992-43F2-11D3-BD1C-00A0C9ED6D19}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\ssubtmr.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{9620B994-43F2-11D3-BD1C-00A0C9ED6D19}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\ssubtmr.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{969CAFAD-226B-407B-B3BC-62D85B18E846}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\DDP.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{972C4270-11FD-11CE-B841-00AA004CD6D8}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{978C9E23-D4B0-11CE-BF2D-00AA003F40D0}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{9A5ED012-B192-11d3-9382-0000B4BDB148}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\THBRes25.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{9A5ED015-B192-11d3-9382-0000B4BDB148}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\THBRes25.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{9A5ED016-B192-11d3-9382-0000B4BDB148}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\THBRes25.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{9A5ED017-B192-11d3-9382-0000B4BDB148}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\THBRes25.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{9A5ED018-B192-11d3-9382-0000B4BDB148}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\THBRes25.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{9B44062E-ECE5-11D3-BD7F-00A0C9ED6D19}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\WL.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{9F83FCB7-7B22-4FBB-B3BE-F37A164BD43B}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MPRIS.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{A339A5FE-F504-4330-9897-DADEDA21AAAB}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MPRIS.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{A5075AA2-6894-11D5-BD41-00A0C9FB3988}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\SM.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{A9DFBADF-D71D-43EC-95DA-B2FC5D274F57}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\EXPT.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{AC85F21A-A388-4F79-11BF-69D815FE27CC}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UP.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{AC9F2F90-E877-11CE-9F68-00AA00574A4F}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{AEE346ED-E470-11D4-A22B-00D0B7A93974}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\GM.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{AFC20920-DA4E-11CE-B943-00AA006887B4}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{B3230A3C-BD1A-11D3-BD2C-00C04F6047D8}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\CFG.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{B33477F7-D827-4194-8917-89356C7FD580}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UP.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\windows\system32\COMCTL32.OCX (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{B7F32A0E-869D-43AA-ABA4-5405B6F45888}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\GM.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{BE5222B3-C74A-11D3-BD45-0090278D538F}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\DDP.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{BE522345-C74A-11D3-BD45-0090278D538F}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\GM.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{BE522430-C74A-11D3-BD45-0090278D538F}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\DDP.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C0DCDCDA-3FA3-4832-8F6C-9EADAA2113BB}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\AWIN.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C2674716-0ED6-4951-9C0C-E0105B1B034B}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\SM.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Mandla.Mkhungo\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C42EBEFA-37DA-11D5-BD36-00A0C9FB3988}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\QM.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C42EBFFA-37DA-11D5-BD36-00A0C9FB3988}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\QM.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Mandla.Mkhungo\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Mandla.Mkhungo\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C6A6B6CD-1850-11D5-BD96-00A0C9ECF91E}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\PD.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\windows\system32\ACTXPRXY.DLL (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{CB98387D-1F37-11D4-BD1C-00A0C9ED6D19}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\dropdown.ocx No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{CE5AA328-0B3F-4846-9348-64B97782AADB}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\EXPT.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Mandla.Mkhungo\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{D14FB548-698A-4ACF-AD06-270A613B0790}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UI.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{D21DECB0-02E4-11D4-BD81-0090278D2C56}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\SM.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{D4E025BB-0595-11D4-BD83-0090278D2C56}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\SM.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\windows\system32\MSVBVM60.DLL (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{D622B59A-BBD5-4081-A80D-073D06B76A04}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MPRIS.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{D648C576-A69C-11D5-9BF6-00C04F6047D8}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\algmpr.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{D7053240-CE69-11CD-A777-00DD01143C57}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{D71240A6-2A2D-4769-8D70-EF8A6788FD0B}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\LM.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{D733852A-9C37-4969-A940-621BE616F131}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\pmaui.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{DA77449C-95F2-11D3-BD1E-00C04F6047D8}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\LDRC.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{DBDD261B-D027-11C4-BD24-11A0C9FBA123}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\SM.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{DC1A78C0-D1D1-44F6-A5A7-876A7C31378C}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\SECMCOM.dll No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{DD15AA4D-DF9E-48D8-B393-F78500B6166F}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\DDP.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{DD384BBB-119F-4F28-AC4D-1998049D5984}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UP.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{DDA3EF8E-9187-439D-90D0-09FDB116BEB4}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\EXPT.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{DDC5F38A-8388-4E78-80BF-57D855FE27CC}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UP.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{DFD181E0-5E2F-11CE-A449-00AA004A803D}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{E085839A-0BA8-11D4-BDA3-00A0C9ED6D19}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\dropdown.ocx No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{E226A993-E837-11D3-BD77-00A0C982CE3E}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\FP.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Mandla.Mkhungo\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{E6E29E0E-0A05-11D4-BD93-00A0C9FB3988}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UTL2.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mandla.Mkhungo\AppData\Local\Google\Update\1.3.28.1\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{EAE50EB0-4A62-11CE-BED6-00AA00611080}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{EF7A9B41-4C24-4011-B432-A04B98A9B870}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\UP.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{EFF4A4FA-0865-11D4-BD92-00A0C9FB3988}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\FILM.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\MSCOMCTL.OCX No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{F128A719-4822-11D3-BD80-00A0C9D4BB53}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\ACMD.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{F12D88BE-49AA-11D3-BD70-00A0C9D4BD79}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\GM.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{F5018CC5-4A5B-11D3-BD72-00A0C9D4BD79}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\PGI.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{F748B5F0-15D0-11CE-BF0D-00AA0044BB60}\InprocServer32 -> C:\windows\system32\FM20.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{FA0C0B36-7B2A-11D3-8289-00A0C982CB4C}\InprocServer32 -> C:\Users\MANDLA~1.MKH\AppData\Local\Temp\MP\DSEL.DLL No File

CustomCLSID: HKU\S-1-5-21-1007104677-982394606-2501846651-1004_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Mandla.Mkhungo\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File

 

==================== Restore Points =========================

 

07-06-2015 08:49:34 Scheduled Checkpoint

16-06-2015 11:21:20 Scheduled Checkpoint

30-06-2015 12:00:30 Scheduled Checkpoint

01-07-2015 08:30:13 Scheduled Checkpoint

04-07-2015 08:09:49 Scheduled Checkpoint

05-07-2015 09:24:18 Scheduled Checkpoint

11-07-2015 15:39:49 Scheduled Checkpoint

12-07-2015 09:00:06 Scheduled Checkpoint

25-07-2015 07:14:51 Scheduled Checkpoint

26-07-2015 08:34:49 Scheduled Checkpoint

27-07-2015 06:12:57 Scheduled Checkpoint

01-08-2015 12:31:48 Scheduled Checkpoint

05-08-2015 12:29:49 Windows Update

06-08-2015 07:26:53 Windows Update

06-08-2015 10:00:39 ##IDS_ERROR_1717##

06-08-2015 13:13:17 Installed CaptureOnTouch Microsoft SharePoint Plugin.

06-08-2015 13:30:13 Installed CaptureOnTouch Microsoft SharePoint Plugin.

06-08-2015 14:42:35 ##IDS_ERROR_1717##

06-08-2015 16:25:02 ##IDS_ERROR_1717##

06-08-2015 16:26:22 ##IDS_ERROR_1717##

07-08-2015 08:09:26 Windows Update

07-08-2015 08:39:49 Windows Update

07-08-2015 09:10:01 Windows Update

07-08-2015 09:57:36 Device Driver Package Install: Intel System devices

07-08-2015 09:59:14 Device Driver Package Install: Intel Universal Serial Bus controllers

07-08-2015 10:08:09 Device Driver Package Install: Intel IDE ATA/ATAPI controllers

07-08-2015 10:09:15 Device Driver Package Install: Intel System devices

07-08-2015 10:10:50 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.  Universal Serial Bus controllers

07-08-2015 10:12:03 Device Driver Package Install: Sonix Imaging devices

07-08-2015 10:13:16 Device Driver Package Install: Intel IDE ATA/ATAPI controllers

07-08-2015 10:15:38 Device Driver Package Install: IDT Sound, video and game controllers

07-08-2015 10:35:14 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2006-11-02 12:23 - 2015-08-07 15:26 - 00000747 ____A C:\windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0775203D-9B3B-4728-9257-344F0D52B7D1} - System32\Tasks\{75D9F345-44C1-413E-ADDA-B34564600F5E} => pcalua.exe -a "F:\B5C Project Pres. House Music Unites.exe" -d F:\

Task: {4FB34331-1F49-4ACC-BDC1-1E2A829B44D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1007104677-982394606-2501846651-1004UA => C:\Users\Mandla.Mkhungo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24] (Google Inc.)

Task: {6823639F-1348-49B3-A4D2-601D6E30BC36} - System32\Tasks\Driver Booster Scan => C:\Program Files\IObit\Driver Booster\Scheduler.exe [2015-07-06] (IObit)

Task: {7A20FF80-20FE-4AB7-8BE8-C0602FA73154} - System32\Tasks\Driver Booster SkipUAC (Mandla.Mkhungo) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe [2015-07-06] (IObit)

Task: {7CFDC47F-E035-4221-A67C-F309E5509134} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)

Task: {92D523E7-85FD-4513-AE56-EAD005C02E9A} - System32\Tasks\Driver Booster Update => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe [2015-07-06] (IObit)

Task: {C7EFE230-F23E-46E8-8FE9-BF464A6DE3F1} - System32\Tasks\Uninstaller_SkipUac_Mandla.Mkhungo => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-07] (IObit)

Task: {D41C7219-850C-45C8-B66C-CFEAA45CB5BD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1007104677-982394606-2501846651-1004Core => C:\Users\Mandla.Mkhungo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24] (Google Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1007104677-982394606-2501846651-1004Core.job => C:\Users\Mandla.Mkhungo\AppData\Local\Google\Update\GoogleUpdate.exe

/cMandla.Mkh

 

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1007104677-982394606-2501846651-1004UA.job => C:\Users\Mandla.Mkhungo\AppData\Local\Google\Update\GoogleUpdate.exe/ua /installsource schedulerMandla.Mkh

Task: C:\windows\Tasks\User_Feed_Synchronization-{818BC5C4-2F94-44AC-9F26-276081459E56}.job => C:\windows\system32\msfeedssync.exesync C:\Program Files\Windows SidebarMandla.Mkh

 

==================== Loaded Modules (Whitelisted) ==============

 

2013-10-28 04:02 - 2013-10-28 04:02 - 00276048 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1007104677-982394606-2501846651-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\First.jpg

DNS Servers: Media is not connected to internet.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupreg: DR-M140 CaptureOnTouch => "C:\Program Files\Canon Electronics\DRM140\TouchDR.exe" LOGON

MSCONFIG\startupreg: Google Update => "C:\Users\Mandla.Mkhungo\AppData\Local\Google\Update\GoogleUpdate.exe" /c

MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe

MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

MSCONFIG\startupreg: HP Software Update => c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: HPCam_Menu => "c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files\Hewlett-Packard\HP Webcam" UpdateWithCreateOnce "Software\CyberLink\HP Webcam\1.0"

MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe

MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

MSCONFIG\startupreg: MobileBroadband => C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent

MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

MSCONFIG\startupreg: Nokia.PCSync => "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog

MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

MSCONFIG\startupreg: PDF Complete => C:\Program Files\PDF Complete\pdfsty.exe

MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe

MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

MSCONFIG\startupreg: SysTrayApp => %ProgramFiles%\IDT\WDM\sttray.exe

MSCONFIG\startupreg: WatchDog => C:\Program Files\InterVideo\DVD8SESD\DVDCheck.exe

MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

MSCONFIG\startupreg: WirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe

FirewallRules: [{4723B6A2-0BCD-493B-BE4E-24620B65B5FF}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe

FirewallRules: [{B81F6DAC-7E42-4132-88B7-20938CC653D6}] => (Allow) svchost.exe

FirewallRules: [{E0AA6D4A-76BB-4973-9D29-D693D8242AF6}] => (Allow) C:\Program Files\MSN Messenger\livecall.exe

FirewallRules: [TCP Query User{43FAC842-E062-459F-9BA5-BA23C25C794A}C:\users\mandla.mkhungo\appdata\local\temp\vrtbf01.tmp] => (Block) C:\users\mandla.mkhungo\appdata\local\temp\vrtbf01.tmp

FirewallRules: [UDP Query User{C608415E-984F-4542-87E9-7CB6BDCCDE12}C:\users\mandla.mkhungo\appdata\local\temp\vrtbf01.tmp] => (Block) C:\users\mandla.mkhungo\appdata\local\temp\vrtbf01.tmp

FirewallRules: [{B53DC504-A414-4328-9CA5-814258823DEF}] => (Allow) LPort=80

FirewallRules: [{7DD5D474-D72B-4CAB-93D0-4D3C0F63F4C3}] => (Allow) LPort=80

FirewallRules: [{92C290CD-F60E-4BEA-BA2F-A2AEEAA3AB7D}] => (Allow) LPort=80

FirewallRules: [TCP Query User{49112020-2A80-4D6F-881D-27F6A6794BFF}C:\users\mandla.mkhungo\appdata\local\temp\vrt8342.tmp] => (Block) C:\users\mandla.mkhungo\appdata\local\temp\vrt8342.tmp

FirewallRules: [UDP Query User{4B0C2937-8022-483F-A896-317D04FD5114}C:\users\mandla.mkhungo\appdata\local\temp\vrt8342.tmp] => (Block) C:\users\mandla.mkhungo\appdata\local\temp\vrt8342.tmp

FirewallRules: [{6071C1E6-C996-449E-959F-193DB5371F77}] => (Allow) C:\Windows\System32\acppage.exe

FirewallRules: [{37EE8653-4522-4607-8BD4-AFC07CCFA26B}] => (Allow) C:\Windows\System32\acppage.exe

FirewallRules: [{91AAB14A-9F95-4C1B-B956-67FD5111432A}] => (Allow) C:\Users\Mandla.Mkhungo\AppData\Local\Google\Chrome\Application\chrome.exe

StandardProfile\AuthorizedApplications: [C:\windows\system32\winlogon.exe] => enabled:@shell32.dll,-1

StandardProfile\AuthorizedApplications: [C:\windows\system32\wininit.exe] => enabled:@shell32.dll,-1

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/07/2015 07:26:15 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/07/2015 06:21:06 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/07/2015 06:20:12 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

 

Error: (08/07/2015 06:18:01 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/07/2015 06:04:24 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/07/2015 05:37:57 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/07/2015 05:37:27 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (08/07/2015 05:37:06 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

 

Error: (08/07/2015 03:10:49 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (08/07/2015 03:04:01 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (08/07/2015 07:27:34 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)

Description: 0x80070032

 

Error: (08/07/2015 07:27:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Windows Modules Installer1

 

Error: (08/07/2015 07:26:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Parallel port driver%%1058

 

Error: (08/07/2015 07:24:44 PM) (Source: HTTP) (EventID: 15016) (User: )

Description: \Device\Http\ReqQueueKerberos

 

Error: (08/07/2015 06:21:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Network List ServiceNetwork Location Awareness%%1068

 

Error: (08/07/2015 06:21:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Network List ServiceNetwork Location Awareness%%1068

 

Error: (08/07/2015 06:21:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Network List ServiceNetwork Location Awareness%%1068

 

Error: (08/07/2015 06:21:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Network List ServiceNetwork Location Awareness%%1068

 

Error: (08/07/2015 06:21:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: AFD

DfsC

HWiNFO32

mfehidk

mfetdik

MpFilter

NetBIOS

netbt

nsiproxy

PSched

RasAcd

rdbss

Smb

spldr

Tcpip

tdx

Wanarpv6

 

Error: (08/07/2015 06:21:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Network List ServiceNetwork Location Awareness%%1068

 

 

Microsoft Office:

=========================

Error: (03/20/2012 05:44:00 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 620 seconds with 0 seconds of active time.  This session ended with a crash.

 

 

CodeIntegrity:

===================================

  Date: 2015-08-07 19:29:27.581

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-08-07 19:29:27.374

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-08-07 19:29:27.144

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-08-07 19:29:26.973

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-08-07 19:29:26.317

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-08-07 19:29:26.136

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-08-07 19:29:25.937

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-08-07 19:29:25.713

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-08-07 19:28:46.965

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-08-07 19:28:46.776

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info ===========================

 

Processor: Intel® Celeron® CPU 560 @ 2.13GHz

Percentage of memory in use: 87%

Total physical RAM: 1014.52 MB

Available physical RAM: 123.13 MB

Total Virtual: 2291.38 MB

Available Virtual: 1268.98 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:139.05 GB) (Free:66.95 GB) NTFS ==>[drive with boot components (obtained from BCD)]

Drive d: (HP_RECOVERY) (Fixed) (Total:10 GB) (Free:2.5 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive f: () (Removable) (Total:1.83 GB) (Free:0.07 GB) FAT

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 80D2F3EE)

Partition 1: (Active) - (Size=139 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 1.8 GB) (Disk ID: 00000000)

 

Partition: GPT Partition Type.

 

==================== End of log ============================



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:22 AM

Posted 07 August 2015 - 02:33 PM

Hi mspam,
 
Virus:Win32/Virut is a file infector which targets and infects .exe, .scr and .html files. The virus infects executable files with .exe and .scr extensions by hooking the system and as such whenever a file is accessed it may be infected. Executable files that have been infected by W32.Virut may be damaged and therefore may not execute correctly. The virus has worm-like behavior and spreads by copying itself to fixed, removable and network drives. It also opens a backdoor on the compromised computer. 

I will help you backup and reformat if you wish to do so. I can also attempt to clean the computer, but I would not do so without a backup of all files you would not want to lose. The fact is that the system could become unbootable or could be reinfected very easily by cleaning depending on how badly the system is infected. There are no guarantees with cleaning the computer, but I am willing to take the challenge. Let me know what you choose to do.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 mspam

mspam
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 08 August 2015 - 07:58 AM

Hi

 

okay, i have thought through both options and even googled a bit about what happens when a p.c. is reformatted. my issue with this is that i don't have the disks that came with the computer, so reformatting would mean i lose everything. I don't want to lose any of the software installed. i was thinking it would be better to attempt to clean the p.c. if we were to do that, would we be using Combofix? another thing is the virus has been on my P.C for only 3 days, so I would like to think that it has not caused a lot of damage, especially since MSE cleans its processes. But i am not a tech-person so I wouldn't know for sure. I know i am rambling, but my biggest fear is losing programs i won't be able to reinstall. :unsure:  could you please explain to me a bit more either process ( reformatting and cleaning) would require and also list what I would need to have for each process, then I will make a final decision.

 

p.s. to back up files, do I need an external hard drive?



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:22 AM

Posted 08 August 2015 - 01:16 PM

Hi mspam,
 

my issue with this is that i don't have the disks that came with the computer

From your logs, you have a HP recovery partition, so you can restore the computer to factory condition (like how it was when you brought it) using that.
 

I don't want to lose any of the software installed. my biggest fear is losing programs i won't be able to reinstall.

You would have to reinstall all your software, but this would perhaps take a few hours. Quicker than cleaning and possibly even less hassle. Generally you can find all the installers for programs you need online. What programs do you not want to loose?
 

if we were to do that, would we be using Combofix?

We may do, as it does have a nice ability to replace patched system files.
 

another thing is the virus has been on my P.C for only 3 days, so I would like to think that it has not caused a lot of damage, especially since MSE cleans its processes. 

The problem with Virut is that it is quite aggressive and not all antiviruses clean system files due to the possibility of making a computer unbootable.
 

to back up files, do I need an external hard drive?

Yes, or CDs or a USB will do. Really anything big enough to hold all your files, or if you have another computer you can use then just transfer them over there until the computer is reinstalled.
 

could you please explain to me a bit more either process ( reformatting and cleaning) would require and also list what I would need to have for each process

Sure :) Essentially in reformatting you should make a note of all the programs you need and where you can find them, as well as all of the files you want to save. Then you would need an external hard drive, usb or CD where you can transfer the files to. After that, you can boot into the HP recovery partition and follow the directions on screen to reset the computer back to factory defaults. Once that has finished you can reinstall all your programs and put your files back onto the computer.
Cleaning is a bit more difficult to give an exact "this will happen" due to the unpredictable nature of Virut. First I will assess how many files have been infected by the virus and then depending on whether they are system files or not determines my course of action. If just programs have been hit then I will delete those files and tell you to reinstall the program they have come from. If system files are infected then my job is harder as you cannot delete these files, if only a couple are infected then I will try to find replacements for them but if a lot are infected then a boot disk which has the ability to clean the files would be my choice. The hope is that the system is indeed not badly infected as this makes my job much easier.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 mspam

mspam
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 12 August 2015 - 03:55 AM

hi

 

sorry I waited so long to reply. I think I will attempt to clean the infection. I used combofix on my other computer and it seems to have done the trick. I hope it works on this computer too.



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:22 AM

Posted 12 August 2015 - 04:28 AM

Hi mspam,
 
Running Combofix:

Download Combofix from this link and save it to your desktop

  • Close any open browsers or any other programs that are open.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • You can also find the log here: C:\ComboFix.txt

Please also note:

  • Do not click combofix's window while it's running. That may cause combofix to stall.
  • Combofix may reboot your computer a number of times, this is normal.
  • If you receive an error, "Illegal operation attempted on a registry key that has been marked for deletion,"  then please restart the computer to resolve this.

--------------

To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • ComboFix.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 mspam

mspam
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 14 August 2015 - 12:50 AM

hi

 

I ran combofix and the following happened: Combofix completed all 50 stages and  asked to restart my computer and I allowed it. However, when I logged back on, Combofix remained stuck on "please wait". I then rebooted the computer and launched combofix again, but instead of launching it kept on flickering and moving up and down the computer screen. I didn't attempt to run Combofix fix again because I did not know what would happen...... should I run it safe mode instead?



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:22 AM

Posted 14 August 2015 - 05:00 AM

Hi mspam,

 

Is there a log located at C:\ComboFix.txt?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 mspam

mspam
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 15 August 2015 - 04:05 AM

hi

again, sorry for the long wait..... no. there was no log created by combofix. I have uninstalled it and have taken measures to reformat the disk. thank you so much for your help.



#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:22 AM

Posted 15 August 2015 - 01:41 PM

Hi mspam,

 

You're welcome, do you need any more help?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:22 AM

Posted 25 August 2015 - 05:56 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users