Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

FRST.exe - needing help to run the process

Started by novicecomputergirl , Jun 27 2016 05:28 PM
Malware Removal

  • Please log in to reply

#1
novicecomputergirl
Posted 27 June 2016 - 05:28 PM

novicecomputergirl

    Member

  • Member
  • PipPip
  • 25 posts

Hi - I have downloaded FRST.exe saved both to my desktop and my flash drive.

Now I am just having trouble deciphering which files are infectious, to copy into the FRST.exe software to "fix".

 

Please help. Below is the copy of my FRST.exe scan results to notepad.

_________________________________________________________________________________________

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2016 02
Ran by C&T Muhammad (administrator) on OFFICE-PC (26-06-2016 21:30:36)
Running from C:\Users\C&T Muhammad\Desktop
Loaded Profiles: C&T Muhammad (Available Profiles: C&T Muhammad)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6246400 2008-08-26] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2008-07-03] (Dell Inc.)
HKLM\...\Run: [DellOSD] => C:\Windows\System32\MediaButtons.exe [2166784 2008-05-08] ()
HKLM\...\Run: [BrowserPlugInHelper] => C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-04-12] (RealNetworks, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM\...\Run: [RIM PeerManager] => C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4730616 2015-05-26] (BlackBerry Limited)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7405752 2016-06-23] (AVAST Software)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Google Update] => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Dropbox Update] => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-23] (Dropbox, Inc.)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Spotify Web Helper] => C:\Users\C&T Muhammad\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-05-19] (Spotify Ltd)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Spotify] => C:\Users\C&T Muhammad\AppData\Roaming\Spotify\Spotify.exe [6754928 2016-05-19] (Spotify Ltd)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\RunOnce: [Application Restart #0] => C:\Windows\ehome\ehtray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\RunOnce: [Application Restart #1] => C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\RunOnce: [Application Restart #2] => C:\Program Files\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\RunOnce: [Application Restart #3] => C:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\MountPoints2: {3c91c9be-d30f-11e3-b065-0021703901a5} - F:\setup.exe -a
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\MountPoints2: {b3cccb3c-44fc-11e5-9abc-0021703901a5} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\start.exe
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\MountPoints2: {f9770cbb-84cd-11de-8a6a-0021703901a5} - H:\start.exe
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssBranded.scr [8139264 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-19] (AVAST Software)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-11-05]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-11-05]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{28AE79C2-D1A0-4CB7-9A73-B3B4F663F01D}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{A2D144FB-D371-4306-8E0E-6A9708623BAD}: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
URLSearchHook: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 - (No Name) - {238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} -  No File
URLSearchHook: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q={searchTerms}&crm=1
SearchScopes: HKU\.DEFAULT -> DefaultScope {CF739809-1C6C-47C0-85B9-569DBB141420} URL = 
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> Backup.Old.DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={SearchTerms}&s_it=amonetizetest1-ie&tb_uuid=A348D76AC1BB458096F267DFB266A97A&tb_oid=24-07-2013&tb_mrud=24-07-2013
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={1FC92D32-0098-474D-81BF-9431C416E9C6}&mid=f8e11bf0b67b47d3a8f5d16836dde856-21abf109ef5bea8ce7654c8962254f79c0936920&lang=en&ds=ts018&coid=avgtbdists&cmpid=&pr=sa&d=2013-10-30 15:41:46&v=18.0.0.248&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {C603FAF6-5718-4F44-840A-EC8BA0159093} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = 
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {E5020A0D-E981-4474-B2BE-19D4FB675838} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-19] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-19] (AVAST Software)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: No Name -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-19] (Oracle Corporation)
Toolbar: HKLM - No Name - !{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} -  No File
Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-28] (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.5\ViProtocol.dll [2014-05-09] (AVG Secure Search)
 
FireFox:
========
FF ProfilePath: C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763
FF DefaultSearchEngine: Bing 
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-us
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.5\\npsitesafety.dll [No File]
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-04-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-04-12] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-05-22] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @unity3d.com/UnityPlayer -> C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll [2011-06-29] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @citrixonline.com/appdetectorplugin -> C:\Users\C&T Muhammad\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-12-07] (Citrix Online)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @fuzebox.com/Fuze Meeting NPAPI Plugin,version=1.0.0.1 -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll [2014-01-03] ( )
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @startmeeting.com/launcher -> C:\Users\C&T Muhammad\AppData\Local\SMPlugins\npsmlauncher.dll [2015-05-21] (Start Meeting)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @talk.google.com/O1DPlugin -> C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @tools.google.com/Google Update;version=3 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @tools.google.com/Google Update;version=9 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF user.js: detected! => C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763\user.js [2014-02-09]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-04-12] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-04-12] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\C&T Muhammad\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\C&T Muhammad\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763\searchplugins\bingp.xml [2015-09-30]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml [2014-05-09]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012-05-17]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-05-09]
FF Extension: Adblock Plus - C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-24] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.5.514 => not found
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-23]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (VideoDownloadConverter) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeljlhkkoipjimklndofjoafhpccdfjo [2015-02-13]
CHR Extension: (Google Docs) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Google Drive) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Dark Reader) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2016-05-20]
CHR Extension: (Google Docs Offline) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (SwagButton) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2016-06-24]
CHR Extension: (Pin It Button) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-03-31]
CHR Extension: (Grammarly for Chrome) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-06-26]
CHR Extension: (Fuze on Chrome™) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcehcblfpidimbihdfophhhdejckolgh [2016-05-26]
CHR Extension: (BB10 / PlayBook App Manager) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbaalodpmjjhpobkgljnelbpblnikkp [2016-01-09]
CHR Extension: (Adblock Super) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-09-23]
CHR Extension: (Google Play) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-03-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-18]
CHR Extension: (StartMeeting.com Extension) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnedppabchbjaplcbjpbkcjhpmfdhpin [2016-04-17]
CHR Extension: (Gmail) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-19]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AERTFilters; C:\Windows\system32\AERTSrv.exe [73728 2008-08-26] (Andrea Electronics Corporation)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-19] (AVAST Software)
S3 BlackBerry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 RIM MDNS; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-05-26] (Apple Inc.)
S2 RIM Tunnel Service; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1355000 2015-05-26] (BlackBerry Limited)
S2 SharedAccess; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S4 vToolbarUpdater18.1.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [1801752 2014-05-09] (AVG Secure Search)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-07-03] (Dell Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-06-19] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-06-19] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-06-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-06-19] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-06-19] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-06-19] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-06-19] (AVAST Software)
S3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [187208 2016-06-19] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [67216 2016-06-19] (AVAST Software)
S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-06-19] (AVAST Software)
S4 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-05-09] (AVG Technologies)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-07-03] (Broadcom Corporation)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-03-02] (Avanquest Software) [File not signed]
R3 DLXPDisplayName; C:\Windows\System32\DRIVERS\DLACPI.sys [14392 2008-04-16] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-06-26] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [69120 2015-01-14] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6.sys [14848 2015-05-26] (BlackBerry Limited)
S2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-05-08] (Windows ® Codename Longhorn DDK provider)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-02-18] ()
S3 ATMFBUS; system32\DRIVERS\ATMFBUS.sys [X]
S3 ATMFCVsp; system32\DRIVERS\ATMFCVsp.sys [X]
S3 ATMFFLT; system32\DRIVERS\ATMFFLT.sys [X]
S3 ATMFMdm; system32\DRIVERS\ATMFMdm.sys [X]
S3 ATMFNET; system32\DRIVERS\ATMFNET.sys [X]
S3 ATMFNVsp; system32\DRIVERS\ATMFNVsp.sys [X]
S3 ATMFVsp; system32\DRIVERS\ATMFVsp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-26 21:30 - 2016-06-26 21:31 - 00033253 _____ C:\Users\C&T Muhammad\Desktop\FRST.txt
2016-06-26 21:30 - 2016-06-26 21:30 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\FRST-OlderVersion
2016-06-26 21:30 - 2016-06-26 21:30 - 00000000 ____D C:\FRST
2016-06-26 21:27 - 2016-06-26 21:30 - 01739776 _____ (Farbar) C:\Users\C&T Muhammad\Desktop\FRST.exe
2016-06-26 14:47 - 2016-06-26 12:07 - 54935552 _____ C:\Windows\system32\config\SOFTWARE.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 43511808 _____ C:\Windows\system32\config\COMPONENTS.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 30867456 _____ C:\Windows\system32\config\SYSTEM.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 01515520 _____ C:\Windows\system32\config\DEFAULT.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 00057344 _____ C:\Windows\system32\config\SAM.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 00028672 _____ C:\Windows\system32\config\SECURITY.OLD
2016-06-26 14:33 - 2016-06-26 14:33 - 00000000 ____D C:\Windows\system32\config\cackup
2016-06-26 14:33 - 2016-06-26 14:33 - 00000000 ____D C:\Windows\system32\config\backup
2016-06-24 17:08 - 2016-06-24 17:08 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-23 18:30 - 2016-06-19 11:10 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-06-21 10:16 - 2016-06-21 10:16 - 00297020 _____ C:\Users\C&T Muhammad\Downloads\Entering 4th Grade Summer Math Packet (2).pdf
2016-06-21 10:15 - 2016-06-21 10:16 - 00297020 _____ C:\Users\C&T Muhammad\Downloads\Entering 4th Grade Summer Math Packet.pdf
2016-06-20 04:57 - 2016-06-20 04:57 - 00235686 _____ C:\Users\C&T Muhammad\Downloads\VS111.pdf
2016-06-20 04:57 - 2016-06-20 04:57 - 00235686 _____ C:\Users\C&T Muhammad\Downloads\1 App for Birth Record VS111.pdf
2016-06-19 11:24 - 2016-06-19 11:24 - 00000814 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-06-19 11:24 - 2016-06-19 11:24 - 00000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-19 11:19 - 2016-06-19 11:18 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-06-19 11:15 - 2016-06-19 11:15 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\AVAST Software
2016-06-19 11:14 - 2016-06-23 19:40 - 00001747 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-06-19 11:14 - 2016-06-19 11:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-06-19 11:12 - 2016-06-19 11:11 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00221368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00187208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00067216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-19 11:12 - 2016-06-19 11:09 - 00815792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-19 11:10 - 2016-06-19 11:10 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-19 11:05 - 2016-06-19 11:06 - 05066104 _____ (AVAST Software) C:\Users\C&T Muhammad\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2016-06-19 10:32 - 2016-06-19 10:32 - 00000000 ____D C:\ProgramData\dbg
2016-06-19 09:48 - 2016-06-19 09:48 - 00000000 ____D C:\Program Files\Common Files\Java
2016-06-18 18:35 - 2016-06-18 18:35 - 02535247 _____ C:\Users\C&T Muhammad\Downloads\NoDocument (1).pdf
2016-06-18 12:44 - 2016-06-18 12:44 - 225955043 _____ C:\Windows\MEMORY.DMP
2016-06-18 12:44 - 2016-06-18 12:44 - 00147560 _____ C:\Windows\Minidump\Mini061816-01.dmp
2016-06-16 15:20 - 2016-06-16 15:20 - 00626217 _____ C:\Users\C&T Muhammad\Downloads\lexi stid (2).zip
2016-06-16 15:15 - 2016-06-16 15:15 - 00626217 _____ C:\Users\C&T Muhammad\Downloads\lexi stid.zip
2016-06-16 15:15 - 2016-06-16 15:15 - 00626217 _____ C:\Users\C&T Muhammad\Downloads\lexi stid (1).zip
2016-06-15 08:34 - 2016-06-15 08:34 - 00176894 _____ C:\Users\C&T Muhammad\Downloads\Ecosoc Notification Letter.pdf
2016-06-13 15:05 - 2016-06-13 15:06 - 02535247 _____ C:\Users\C&T Muhammad\Downloads\NoDocument.pdf
2016-06-10 16:17 - 2016-06-10 16:17 - 01679475 _____ C:\Users\C&T Muhammad\Downloads\SelfLoveAff.pdf
2016-06-09 15:45 - 2016-06-09 15:45 - 02151760 _____ C:\Users\C&T Muhammad\Downloads\6 Steps to Manifest (2).pdf
2016-06-09 15:17 - 2016-06-09 15:17 - 00076729 _____ C:\Users\C&T Muhammad\Downloads\{6245E3C4-F4D9-4C24-B9BD-12EFE1028086}.pdf
2016-06-09 14:57 - 2016-06-09 14:57 - 00077319 _____ C:\Users\C&T Muhammad\Downloads\{AAF07FC7-B8B4-4000-8E9F-A2266B676AA9}.pdf
2016-06-09 14:57 - 2016-06-09 14:57 - 00077319 _____ C:\Users\C&T Muhammad\Downloads\{AAF07FC7-B8B4-4000-8E9F-A2266B676AA9} (1).pdf
2016-06-07 11:17 - 2016-06-07 11:17 - 00050784 _____ C:\Users\C&T Muhammad\Downloads\todoandbemydreams1023final.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-26 21:10 - 2015-07-03 12:21 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-26 21:10 - 2011-04-09 21:29 - 01108498 _____ C:\Windows\ntbtlog.txt
2016-06-26 20:40 - 2009-04-29 13:31 - 00001356 _____ C:\Users\C&T Muhammad\AppData\Local\d3d9caps.dat
2016-06-26 18:34 - 2006-11-02 05:47 - 00349648 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-26 13:19 - 2015-09-23 18:40 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-26 13:19 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-26 13:07 - 2006-11-02 05:47 - 00187392 _____ C:\Windows\system32\umstartup.etl
2016-06-26 11:59 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\inf
2016-06-25 16:38 - 2009-11-28 09:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-25 12:16 - 2015-04-19 14:36 - 00000406 ____H C:\Windows\Tasks\User_Feed_Synchronization-{AC4E15DC-E56F-4AF0-8146-FC7692F56C37}.job
2016-06-25 12:04 - 2013-11-16 04:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-25 12:03 - 2015-09-23 18:40 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-25 12:02 - 2015-06-23 13:50 - 00000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job
2016-06-25 11:44 - 2006-11-02 03:33 - 00756792 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-25 11:26 - 2013-11-07 09:15 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job
2016-06-25 11:00 - 2014-06-13 15:35 - 00000302 _____ C:\Windows\Tasks\PCHelpers_period.job
2016-06-25 10:33 - 2006-11-02 05:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-25 10:33 - 2006-11-02 05:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-25 09:44 - 2010-06-04 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-25 09:02 - 2013-08-14 03:12 - 00000000 ____D C:\Windows\system32\MRT
2016-06-25 08:06 - 2006-11-02 03:24 - 139785240 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-06-25 05:41 - 2006-11-02 04:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-25 04:51 - 2015-07-03 14:02 - 00002154 _____ C:\Windows\epplauncher.mif
2016-06-25 04:51 - 2015-07-03 14:02 - 00001744 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-06-25 04:49 - 2015-07-03 14:01 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-06-24 20:01 - 2015-06-23 13:50 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job
2016-06-24 18:26 - 2013-11-07 09:15 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job
2016-06-24 17:09 - 2014-07-18 03:18 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Dropbox
2016-06-24 06:23 - 2012-07-04 09:51 - 00000000 ____D C:\Program Files\Yahoo!
2016-06-24 06:19 - 2016-03-26 09:52 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Conscious Graphic ART
2016-06-24 06:18 - 2016-05-19 09:07 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\Spotify
2016-06-24 06:18 - 2014-01-11 14:41 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Spotify
2016-06-23 22:27 - 2006-11-02 06:01 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-23 19:15 - 2006-11-02 03:22 - 54263808 _____ C:\Windows\system32\config\software_previous
2016-06-23 19:15 - 2006-11-02 03:22 - 31457280 _____ C:\Windows\system32\config\system_previous
2016-06-23 19:14 - 2006-11-02 05:37 - 00000000 ____D C:\Windows\ShellNew
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 __RSD C:\Windows\Media
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 ___RD C:\Windows\Offline Web Pages
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 ____D C:\Program Files\Common Files\Services
2016-06-23 19:13 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\spool
2016-06-23 19:13 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\Msdtc
2016-06-23 19:12 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\registration
2016-06-23 19:05 - 2006-11-02 03:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2016-06-23 19:05 - 2006-11-02 03:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2016-06-23 18:17 - 2009-01-19 21:11 - 00000000 ____D C:\Users\C&T Muhammad
2016-06-23 13:40 - 2006-11-02 03:22 - 42729472 _____ C:\Windows\system32\config\components_previous
2016-06-23 13:40 - 2006-11-02 03:22 - 01572864 _____ C:\Windows\system32\config\default_previous
2016-06-21 19:38 - 2016-02-01 19:14 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\SimpleTrend System
2016-06-21 19:38 - 2015-12-11 04:52 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Lexi ArmyROTC_ASU INFO
2016-06-21 10:16 - 2013-08-20 07:12 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Homeschool
2016-06-19 11:18 - 2014-06-13 15:39 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-19 11:18 - 2014-06-13 15:37 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-19 10:54 - 2009-09-18 11:15 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2016-06-19 09:51 - 2014-08-16 04:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-19 09:51 - 2010-10-01 12:36 - 00000000 ____D C:\Program Files\Java
2016-06-19 09:47 - 2015-12-11 11:25 - 00000000 ____D C:\Users\C&T Muhammad\.oracle_jre_usage
2016-06-19 09:45 - 2015-06-02 18:37 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-06-18 12:44 - 2010-09-01 09:42 - 00000000 ____D C:\Windows\Minidump
2016-06-16 17:04 - 2013-11-16 04:05 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-06-16 17:04 - 2013-11-16 04:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-06-16 08:43 - 2016-05-03 12:59 - 01569792 ____H C:\Users\C&T Muhammad\Desktop\~WRL1687.tmp
2016-06-16 08:30 - 2016-05-03 12:59 - 01568256 ____H C:\Users\C&T Muhammad\Desktop\~WRL3274.tmp
2016-06-16 08:30 - 2016-05-03 12:59 - 01568256 ____H C:\Users\C&T Muhammad\Desktop\~WRL3132.tmp
2016-06-16 07:14 - 2012-08-26 07:23 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\THINGS TO DO and Projects Working On
2016-06-16 07:12 - 2016-05-03 12:59 - 01570304 ____H C:\Users\C&T Muhammad\Desktop\~WRL0987.tmp
2016-06-15 13:29 - 2016-05-03 12:59 - 01526272 ____H C:\Users\C&T Muhammad\Desktop\~WRL1855.tmp
2016-06-15 13:07 - 2016-05-03 12:59 - 01308160 ____H C:\Users\C&T Muhammad\Desktop\~WRL2610.tmp
2016-06-15 13:03 - 2016-05-03 12:59 - 01216000 ____H C:\Users\C&T Muhammad\Desktop\~WRL2858.tmp
2016-06-13 14:18 - 2016-05-10 11:26 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Lexi Picture Folder
2016-06-11 11:59 - 2016-05-03 12:59 - 01050624 ____H C:\Users\C&T Muhammad\Desktop\~WRL0546.tmp
2016-06-11 11:58 - 2016-05-03 12:59 - 00966144 ____H C:\Users\C&T Muhammad\Desktop\~WRL3251.tmp
2016-06-09 22:32 - 2016-05-26 19:03 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Zaahidah
2016-06-09 14:45 - 2013-07-26 18:48 - 00000000 ____D C:\Users\C&T Muhammad\Documents\Homeschool
2016-06-01 19:59 - 2015-08-26 12:28 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\pictures for walgreens
2016-06-01 19:58 - 2016-05-16 12:16 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\DES NEW app
2016-05-28 06:19 - 2016-05-26 18:28 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\New Info To Organize
 
==================== Files in the root of some directories =======
 
2014-06-13 15:40 - 2014-06-14 11:00 - 0005265 _____ () C:\Users\C&T Muhammad\AppData\Roaming\callbanner.png
2011-06-15 06:16 - 2015-02-22 21:47 - 0018001 _____ () C:\Users\C&T Muhammad\AppData\Roaming\UserTile.png
2009-02-11 09:29 - 2009-03-02 21:51 - 0001468 _____ () C:\Users\C&T Muhammad\AppData\Roaming\wklnhst.dat
2009-04-29 13:31 - 2016-06-26 20:40 - 0001356 _____ () C:\Users\C&T Muhammad\AppData\Local\d3d9caps.dat
2009-02-11 14:46 - 2015-08-26 11:41 - 0231424 _____ () C:\Users\C&T Muhammad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-02-11 14:55 - 2009-05-04 08:34 - 0008248 _____ () C:\Users\C&T Muhammad\AppData\Local\en.ini
2015-12-05 09:02 - 2015-12-05 09:02 - 0004096 ____H () C:\Users\C&T Muhammad\AppData\Local\keyfile3.drm
2015-06-27 19:34 - 2015-06-27 19:34 - 0000000 _____ () C:\Users\C&T Muhammad\AppData\Local\{F5BEE43F-0374-41C2-851C-243CD3D16C21}
2015-04-07 18:59 - 2015-06-29 11:29 - 0000112 _____ () C:\ProgramData\2iSA11.dat
ZeroAccess:
C:\Users\C&T Muhammad\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
 
Files to move or delete:
====================
C:\ProgramData\2iSA11.dat
 
 
Some files in TEMP:
====================
C:\Users\C&T Muhammad\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\C&T Muhammad\AppData\Local\Temp\{A1C3F053-67AE-4103-8485-BDAF5E5EB176}-DropboxClient_5.4.24.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-26 19:18
 
==================== End of FRST.txt ============================

Edited by novicecomputergirl, 27 June 2016 - 05:48 PM.

  • 0

Advertisements

#2
RKinner
Posted 27 June 2016 - 08:09 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
 
Download the attached fixlist.txt to the same location as FRST
 
[attachment=81669:fixlist.txt]
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 

  • 0

#3
novicecomputergirl
Posted 06 July 2016 - 12:01 PM

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Below is the FRST notepad:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2016 02
Ran by C&T Muhammad (administrator) on OFFICE-PC (26-06-2016 21:30:36)
Running from C:\Users\C&T Muhammad\Desktop
Loaded Profiles: C&T Muhammad (Available Profiles: C&T Muhammad)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6246400 2008-08-26] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2008-07-03] (Dell Inc.)
HKLM\...\Run: [DellOSD] => C:\Windows\System32\MediaButtons.exe [2166784 2008-05-08] ()
HKLM\...\Run: [BrowserPlugInHelper] => C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-04-12] (RealNetworks, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM\...\Run: [RIM PeerManager] => C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4730616 2015-05-26] (BlackBerry Limited)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7405752 2016-06-23] (AVAST Software)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Google Update] => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Dropbox Update] => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-23] (Dropbox, Inc.)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Spotify Web Helper] => C:\Users\C&T Muhammad\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-05-19] (Spotify Ltd)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Spotify] => C:\Users\C&T Muhammad\AppData\Roaming\Spotify\Spotify.exe [6754928 2016-05-19] (Spotify Ltd)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\RunOnce: [Application Restart #0] => C:\Windows\ehome\ehtray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\RunOnce: [Application Restart #1] => C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\RunOnce: [Application Restart #2] => C:\Program Files\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\RunOnce: [Application Restart #3] => C:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\MountPoints2: {3c91c9be-d30f-11e3-b065-0021703901a5} - F:\setup.exe -a
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\MountPoints2: {b3cccb3c-44fc-11e5-9abc-0021703901a5} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\start.exe
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\MountPoints2: {f9770cbb-84cd-11de-8a6a-0021703901a5} - H:\start.exe
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssBranded.scr [8139264 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-19] (AVAST Software)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-11-05]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-11-05]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{28AE79C2-D1A0-4CB7-9A73-B3B4F663F01D}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{A2D144FB-D371-4306-8E0E-6A9708623BAD}: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
URLSearchHook: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 - (No Name) - {238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} -  No File
URLSearchHook: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q={searchTerms}&crm=1
SearchScopes: HKU\.DEFAULT -> DefaultScope {CF739809-1C6C-47C0-85B9-569DBB141420} URL = 
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> Backup.Old.DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={SearchTerms}&s_it=amonetizetest1-ie&tb_uuid=A348D76AC1BB458096F267DFB266A97A&tb_oid=24-07-2013&tb_mrud=24-07-2013
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={1FC92D32-0098-474D-81BF-9431C416E9C6}&mid=f8e11bf0b67b47d3a8f5d16836dde856-21abf109ef5bea8ce7654c8962254f79c0936920&lang=en&ds=ts018&coid=avgtbdists&cmpid=&pr=sa&d=2013-10-30 15:41:46&v=18.0.0.248&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {C603FAF6-5718-4F44-840A-EC8BA0159093} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = 
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {E5020A0D-E981-4474-B2BE-19D4FB675838} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-19] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-19] (AVAST Software)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: No Name -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-19] (Oracle Corporation)
Toolbar: HKLM - No Name - !{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} -  No File
Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-28] (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.5\ViProtocol.dll [2014-05-09] (AVG Secure Search)
 
FireFox:
========
FF ProfilePath: C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763
FF DefaultSearchEngine: Bing 
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-us
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.5\\npsitesafety.dll [No File]
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-04-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-04-12] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-05-22] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @unity3d.com/UnityPlayer -> C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll [2011-06-29] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @citrixonline.com/appdetectorplugin -> C:\Users\C&T Muhammad\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-12-07] (Citrix Online)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @fuzebox.com/Fuze Meeting NPAPI Plugin,version=1.0.0.1 -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll [2014-01-03] ( )
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @startmeeting.com/launcher -> C:\Users\C&T Muhammad\AppData\Local\SMPlugins\npsmlauncher.dll [2015-05-21] (Start Meeting)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @talk.google.com/O1DPlugin -> C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @tools.google.com/Google Update;version=3 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @tools.google.com/Google Update;version=9 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF user.js: detected! => C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763\user.js [2014-02-09]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-04-12] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-04-12] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\C&T Muhammad\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\C&T Muhammad\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763\searchplugins\bingp.xml [2015-09-30]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml [2014-05-09]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012-05-17]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-05-09]
FF Extension: Adblock Plus - C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-24] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.5.514 => not found
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-23]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (VideoDownloadConverter) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeljlhkkoipjimklndofjoafhpccdfjo [2015-02-13]
CHR Extension: (Google Docs) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Google Drive) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Dark Reader) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2016-05-20]
CHR Extension: (Google Docs Offline) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (SwagButton) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2016-06-24]
CHR Extension: (Pin It Button) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-03-31]
CHR Extension: (Grammarly for Chrome) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-06-26]
CHR Extension: (Fuze on Chrome™) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcehcblfpidimbihdfophhhdejckolgh [2016-05-26]
CHR Extension: (BB10 / PlayBook App Manager) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbaalodpmjjhpobkgljnelbpblnikkp [2016-01-09]
CHR Extension: (Adblock Super) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-09-23]
CHR Extension: (Google Play) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-03-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-18]
CHR Extension: (StartMeeting.com Extension) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnedppabchbjaplcbjpbkcjhpmfdhpin [2016-04-17]
CHR Extension: (Gmail) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-19]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AERTFilters; C:\Windows\system32\AERTSrv.exe [73728 2008-08-26] (Andrea Electronics Corporation)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-19] (AVAST Software)
S3 BlackBerry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 RIM MDNS; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-05-26] (Apple Inc.)
S2 RIM Tunnel Service; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1355000 2015-05-26] (BlackBerry Limited)
S2 SharedAccess; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S4 vToolbarUpdater18.1.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [1801752 2014-05-09] (AVG Secure Search)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-07-03] (Dell Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-06-19] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-06-19] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-06-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-06-19] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-06-19] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-06-19] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-06-19] (AVAST Software)
S3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [187208 2016-06-19] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [67216 2016-06-19] (AVAST Software)
S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-06-19] (AVAST Software)
S4 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-05-09] (AVG Technologies)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-07-03] (Broadcom Corporation)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-03-02] (Avanquest Software) [File not signed]
R3 DLXPDisplayName; C:\Windows\System32\DRIVERS\DLACPI.sys [14392 2008-04-16] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-06-26] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [69120 2015-01-14] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6.sys [14848 2015-05-26] (BlackBerry Limited)
S2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-05-08] (Windows ® Codename Longhorn DDK provider)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-02-18] ()
S3 ATMFBUS; system32\DRIVERS\ATMFBUS.sys [X]
S3 ATMFCVsp; system32\DRIVERS\ATMFCVsp.sys [X]
S3 ATMFFLT; system32\DRIVERS\ATMFFLT.sys [X]
S3 ATMFMdm; system32\DRIVERS\ATMFMdm.sys [X]
S3 ATMFNET; system32\DRIVERS\ATMFNET.sys [X]
S3 ATMFNVsp; system32\DRIVERS\ATMFNVsp.sys [X]
S3 ATMFVsp; system32\DRIVERS\ATMFVsp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-26 21:30 - 2016-06-26 21:31 - 00033253 _____ C:\Users\C&T Muhammad\Desktop\FRST.txt
2016-06-26 21:30 - 2016-06-26 21:30 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\FRST-OlderVersion
2016-06-26 21:30 - 2016-06-26 21:30 - 00000000 ____D C:\FRST
2016-06-26 21:27 - 2016-06-26 21:30 - 01739776 _____ (Farbar) C:\Users\C&T Muhammad\Desktop\FRST.exe
2016-06-26 14:47 - 2016-06-26 12:07 - 54935552 _____ C:\Windows\system32\config\SOFTWARE.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 43511808 _____ C:\Windows\system32\config\COMPONENTS.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 30867456 _____ C:\Windows\system32\config\SYSTEM.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 01515520 _____ C:\Windows\system32\config\DEFAULT.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 00057344 _____ C:\Windows\system32\config\SAM.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 00028672 _____ C:\Windows\system32\config\SECURITY.OLD
2016-06-26 14:33 - 2016-06-26 14:33 - 00000000 ____D C:\Windows\system32\config\cackup
2016-06-26 14:33 - 2016-06-26 14:33 - 00000000 ____D C:\Windows\system32\config\backup
2016-06-24 17:08 - 2016-06-24 17:08 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-23 18:30 - 2016-06-19 11:10 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-06-21 10:16 - 2016-06-21 10:16 - 00297020 _____ C:\Users\C&T Muhammad\Downloads\Entering 4th Grade Summer Math Packet (2).pdf
2016-06-21 10:15 - 2016-06-21 10:16 - 00297020 _____ C:\Users\C&T Muhammad\Downloads\Entering 4th Grade Summer Math Packet.pdf
2016-06-20 04:57 - 2016-06-20 04:57 - 00235686 _____ C:\Users\C&T Muhammad\Downloads\VS111.pdf
2016-06-20 04:57 - 2016-06-20 04:57 - 00235686 _____ C:\Users\C&T Muhammad\Downloads\1 App for Birth Record VS111.pdf
2016-06-19 11:24 - 2016-06-19 11:24 - 00000814 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-06-19 11:24 - 2016-06-19 11:24 - 00000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-19 11:19 - 2016-06-19 11:18 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-06-19 11:15 - 2016-06-19 11:15 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\AVAST Software
2016-06-19 11:14 - 2016-06-23 19:40 - 00001747 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-06-19 11:14 - 2016-06-19 11:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-06-19 11:12 - 2016-06-19 11:11 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00221368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00187208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00067216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-19 11:12 - 2016-06-19 11:09 - 00815792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-19 11:10 - 2016-06-19 11:10 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-19 11:05 - 2016-06-19 11:06 - 05066104 _____ (AVAST Software) C:\Users\C&T Muhammad\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2016-06-19 10:32 - 2016-06-19 10:32 - 00000000 ____D C:\ProgramData\dbg
2016-06-19 09:48 - 2016-06-19 09:48 - 00000000 ____D C:\Program Files\Common Files\Java
2016-06-18 18:35 - 2016-06-18 18:35 - 02535247 _____ C:\Users\C&T Muhammad\Downloads\NoDocument (1).pdf
2016-06-18 12:44 - 2016-06-18 12:44 - 225955043 _____ C:\Windows\MEMORY.DMP
2016-06-18 12:44 - 2016-06-18 12:44 - 00147560 _____ C:\Windows\Minidump\Mini061816-01.dmp
2016-06-16 15:20 - 2016-06-16 15:20 - 00626217 _____ C:\Users\C&T Muhammad\Downloads\lexi stid (2).zip
2016-06-16 15:15 - 2016-06-16 15:15 - 00626217 _____ C:\Users\C&T Muhammad\Downloads\lexi stid.zip
2016-06-16 15:15 - 2016-06-16 15:15 - 00626217 _____ C:\Users\C&T Muhammad\Downloads\lexi stid (1).zip
2016-06-15 08:34 - 2016-06-15 08:34 - 00176894 _____ C:\Users\C&T Muhammad\Downloads\Ecosoc Notification Letter.pdf
2016-06-13 15:05 - 2016-06-13 15:06 - 02535247 _____ C:\Users\C&T Muhammad\Downloads\NoDocument.pdf
2016-06-10 16:17 - 2016-06-10 16:17 - 01679475 _____ C:\Users\C&T Muhammad\Downloads\SelfLoveAff.pdf
2016-06-09 15:45 - 2016-06-09 15:45 - 02151760 _____ C:\Users\C&T Muhammad\Downloads\6 Steps to Manifest (2).pdf
2016-06-09 15:17 - 2016-06-09 15:17 - 00076729 _____ C:\Users\C&T Muhammad\Downloads\{6245E3C4-F4D9-4C24-B9BD-12EFE1028086}.pdf
2016-06-09 14:57 - 2016-06-09 14:57 - 00077319 _____ C:\Users\C&T Muhammad\Downloads\{AAF07FC7-B8B4-4000-8E9F-A2266B676AA9}.pdf
2016-06-09 14:57 - 2016-06-09 14:57 - 00077319 _____ C:\Users\C&T Muhammad\Downloads\{AAF07FC7-B8B4-4000-8E9F-A2266B676AA9} (1).pdf
2016-06-07 11:17 - 2016-06-07 11:17 - 00050784 _____ C:\Users\C&T Muhammad\Downloads\todoandbemydreams1023final.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-26 21:10 - 2015-07-03 12:21 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-26 21:10 - 2011-04-09 21:29 - 01108498 _____ C:\Windows\ntbtlog.txt
2016-06-26 20:40 - 2009-04-29 13:31 - 00001356 _____ C:\Users\C&T Muhammad\AppData\Local\d3d9caps.dat
2016-06-26 18:34 - 2006-11-02 05:47 - 00349648 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-26 13:19 - 2015-09-23 18:40 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-26 13:19 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-26 13:07 - 2006-11-02 05:47 - 00187392 _____ C:\Windows\system32\umstartup.etl
2016-06-26 11:59 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\inf
2016-06-25 16:38 - 2009-11-28 09:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-25 12:16 - 2015-04-19 14:36 - 00000406 ____H C:\Windows\Tasks\User_Feed_Synchronization-{AC4E15DC-E56F-4AF0-8146-FC7692F56C37}.job
2016-06-25 12:04 - 2013-11-16 04:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-25 12:03 - 2015-09-23 18:40 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-25 12:02 - 2015-06-23 13:50 - 00000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job
2016-06-25 11:44 - 2006-11-02 03:33 - 00756792 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-25 11:26 - 2013-11-07 09:15 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job
2016-06-25 11:00 - 2014-06-13 15:35 - 00000302 _____ C:\Windows\Tasks\PCHelpers_period.job
2016-06-25 10:33 - 2006-11-02 05:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-25 10:33 - 2006-11-02 05:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-25 09:44 - 2010-06-04 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-25 09:02 - 2013-08-14 03:12 - 00000000 ____D C:\Windows\system32\MRT
2016-06-25 08:06 - 2006-11-02 03:24 - 139785240 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-06-25 05:41 - 2006-11-02 04:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-25 04:51 - 2015-07-03 14:02 - 00002154 _____ C:\Windows\epplauncher.mif
2016-06-25 04:51 - 2015-07-03 14:02 - 00001744 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-06-25 04:49 - 2015-07-03 14:01 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-06-24 20:01 - 2015-06-23 13:50 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job
2016-06-24 18:26 - 2013-11-07 09:15 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job
2016-06-24 17:09 - 2014-07-18 03:18 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Dropbox
2016-06-24 06:23 - 2012-07-04 09:51 - 00000000 ____D C:\Program Files\Yahoo!
2016-06-24 06:19 - 2016-03-26 09:52 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Conscious Graphic ART
2016-06-24 06:18 - 2016-05-19 09:07 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\Spotify
2016-06-24 06:18 - 2014-01-11 14:41 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Spotify
2016-06-23 22:27 - 2006-11-02 06:01 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-23 19:15 - 2006-11-02 03:22 - 54263808 _____ C:\Windows\system32\config\software_previous
2016-06-23 19:15 - 2006-11-02 03:22 - 31457280 _____ C:\Windows\system32\config\system_previous
2016-06-23 19:14 - 2006-11-02 05:37 - 00000000 ____D C:\Windows\ShellNew
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 __RSD C:\Windows\Media
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 ___RD C:\Windows\Offline Web Pages
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 ____D C:\Program Files\Common Files\Services
2016-06-23 19:13 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\spool
2016-06-23 19:13 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\Msdtc
2016-06-23 19:12 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\registration
2016-06-23 19:05 - 2006-11-02 03:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2016-06-23 19:05 - 2006-11-02 03:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2016-06-23 18:17 - 2009-01-19 21:11 - 00000000 ____D C:\Users\C&T Muhammad
2016-06-23 13:40 - 2006-11-02 03:22 - 42729472 _____ C:\Windows\system32\config\components_previous
2016-06-23 13:40 - 2006-11-02 03:22 - 01572864 _____ C:\Windows\system32\config\default_previous
2016-06-21 19:38 - 2016-02-01 19:14 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\SimpleTrend System
2016-06-21 19:38 - 2015-12-11 04:52 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Lexi ArmyROTC_ASU INFO
2016-06-21 10:16 - 2013-08-20 07:12 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Homeschool
2016-06-19 11:18 - 2014-06-13 15:39 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-19 11:18 - 2014-06-13 15:37 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-19 10:54 - 2009-09-18 11:15 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2016-06-19 09:51 - 2014-08-16 04:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-19 09:51 - 2010-10-01 12:36 - 00000000 ____D C:\Program Files\Java
2016-06-19 09:47 - 2015-12-11 11:25 - 00000000 ____D C:\Users\C&T Muhammad\.oracle_jre_usage
2016-06-19 09:45 - 2015-06-02 18:37 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-06-18 12:44 - 2010-09-01 09:42 - 00000000 ____D C:\Windows\Minidump
2016-06-16 17:04 - 2013-11-16 04:05 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-06-16 17:04 - 2013-11-16 04:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-06-16 08:43 - 2016-05-03 12:59 - 01569792 ____H C:\Users\C&T Muhammad\Desktop\~WRL1687.tmp
2016-06-16 08:30 - 2016-05-03 12:59 - 01568256 ____H C:\Users\C&T Muhammad\Desktop\~WRL3274.tmp
2016-06-16 08:30 - 2016-05-03 12:59 - 01568256 ____H C:\Users\C&T Muhammad\Desktop\~WRL3132.tmp
2016-06-16 07:14 - 2012-08-26 07:23 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\THINGS TO DO and Projects Working On
2016-06-16 07:12 - 2016-05-03 12:59 - 01570304 ____H C:\Users\C&T Muhammad\Desktop\~WRL0987.tmp
2016-06-15 13:29 - 2016-05-03 12:59 - 01526272 ____H C:\Users\C&T Muhammad\Desktop\~WRL1855.tmp
2016-06-15 13:07 - 2016-05-03 12:59 - 01308160 ____H C:\Users\C&T Muhammad\Desktop\~WRL2610.tmp
2016-06-15 13:03 - 2016-05-03 12:59 - 01216000 ____H C:\Users\C&T Muhammad\Desktop\~WRL2858.tmp
2016-06-13 14:18 - 2016-05-10 11:26 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Lexi Picture Folder
2016-06-11 11:59 - 2016-05-03 12:59 - 01050624 ____H C:\Users\C&T Muhammad\Desktop\~WRL0546.tmp
2016-06-11 11:58 - 2016-05-03 12:59 - 00966144 ____H C:\Users\C&T Muhammad\Desktop\~WRL3251.tmp
2016-06-09 22:32 - 2016-05-26 19:03 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Zaahidah
2016-06-09 14:45 - 2013-07-26 18:48 - 00000000 ____D C:\Users\C&T Muhammad\Documents\Homeschool
2016-06-01 19:59 - 2015-08-26 12:28 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\pictures for walgreens
2016-06-01 19:58 - 2016-05-16 12:16 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\DES NEW app
2016-05-28 06:19 - 2016-05-26 18:28 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\New Info To Organize
 
==================== Files in the root of some directories =======
 
2014-06-13 15:40 - 2014-06-14 11:00 - 0005265 _____ () C:\Users\C&T Muhammad\AppData\Roaming\callbanner.png
2011-06-15 06:16 - 2015-02-22 21:47 - 0018001 _____ () C:\Users\C&T Muhammad\AppData\Roaming\UserTile.png
2009-02-11 09:29 - 2009-03-02 21:51 - 0001468 _____ () C:\Users\C&T Muhammad\AppData\Roaming\wklnhst.dat
2009-04-29 13:31 - 2016-06-26 20:40 - 0001356 _____ () C:\Users\C&T Muhammad\AppData\Local\d3d9caps.dat
2009-02-11 14:46 - 2015-08-26 11:41 - 0231424 _____ () C:\Users\C&T Muhammad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-02-11 14:55 - 2009-05-04 08:34 - 0008248 _____ () C:\Users\C&T Muhammad\AppData\Local\en.ini
2015-12-05 09:02 - 2015-12-05 09:02 - 0004096 ____H () C:\Users\C&T Muhammad\AppData\Local\keyfile3.drm
2015-06-27 19:34 - 2015-06-27 19:34 - 0000000 _____ () C:\Users\C&T Muhammad\AppData\Local\{F5BEE43F-0374-41C2-851C-243CD3D16C21}
2015-04-07 18:59 - 2015-06-29 11:29 - 0000112 _____ () C:\ProgramData\2iSA11.dat
ZeroAccess:
C:\Users\C&T Muhammad\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
 
Files to move or delete:
====================
C:\ProgramData\2iSA11.dat
 
 
Some files in TEMP:
====================
C:\Users\C&T Muhammad\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\C&T Muhammad\AppData\Local\Temp\{A1C3F053-67AE-4103-8485-BDAF5E5EB176}-DropboxClient_5.4.24.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-26 19:18
==================== End of FRST.txt ============================
The following is the fixlist notepad:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2016 02
Ran by C&T Muhammad (administrator) on OFFICE-PC (26-06-2016 21:30:36)
Running from C:\Users\C&T Muhammad\Desktop
Loaded Profiles: C&T Muhammad (Available Profiles: C&T Muhammad)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6246400 2008-08-26] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2008-07-03] (Dell Inc.)
HKLM\...\Run: [DellOSD] => C:\Windows\System32\MediaButtons.exe [2166784 2008-05-08] ()
HKLM\...\Run: [BrowserPlugInHelper] => C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-04-12] (RealNetworks, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM\...\Run: [RIM PeerManager] => C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4730616 2015-05-26] (BlackBerry Limited)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7405752 2016-06-23] (AVAST Software)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Google Update] => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Dropbox Update] => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-23] (Dropbox, Inc.)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Spotify Web Helper] => C:\Users\C&T Muhammad\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-05-19] (Spotify Ltd)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Spotify] => C:\Users\C&T Muhammad\AppData\Roaming\Spotify\Spotify.exe [6754928 2016-05-19] (Spotify Ltd)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\RunOnce: [Application Restart #0] => C:\Windows\ehome\ehtray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\RunOnce: [Application Restart #1] => C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\RunOnce: [Application Restart #2] => C:\Program Files\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\RunOnce: [Application Restart #3] => C:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\MountPoints2: {3c91c9be-d30f-11e3-b065-0021703901a5} - F:\setup.exe -a
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\MountPoints2: {b3cccb3c-44fc-11e5-9abc-0021703901a5} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\start.exe
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\MountPoints2: {f9770cbb-84cd-11de-8a6a-0021703901a5} - H:\start.exe
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssBranded.scr [8139264 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-19] (AVAST Software)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-11-05]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-11-05]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{28AE79C2-D1A0-4CB7-9A73-B3B4F663F01D}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{A2D144FB-D371-4306-8E0E-6A9708623BAD}: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
URLSearchHook: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 - (No Name) - {238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} -  No File
URLSearchHook: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q={searchTerms}&crm=1
SearchScopes: HKU\.DEFAULT -> DefaultScope {CF739809-1C6C-47C0-85B9-569DBB141420} URL = 
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> Backup.Old.DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={SearchTerms}&s_it=amonetizetest1-ie&tb_uuid=A348D76AC1BB458096F267DFB266A97A&tb_oid=24-07-2013&tb_mrud=24-07-2013
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={1FC92D32-0098-474D-81BF-9431C416E9C6}&mid=f8e11bf0b67b47d3a8f5d16836dde856-21abf109ef5bea8ce7654c8962254f79c0936920&lang=en&ds=ts018&coid=avgtbdists&cmpid=&pr=sa&d=2013-10-30 15:41:46&v=18.0.0.248&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {C603FAF6-5718-4F44-840A-EC8BA0159093} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = 
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {E5020A0D-E981-4474-B2BE-19D4FB675838} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-19] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-19] (AVAST Software)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: No Name -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-19] (Oracle Corporation)
Toolbar: HKLM - No Name - !{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} -  No File
Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-28] (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.5\ViProtocol.dll [2014-05-09] (AVG Secure Search)
 
FireFox:
========
FF ProfilePath: C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763
FF DefaultSearchEngine: Bing 
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-us
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.5\\npsitesafety.dll [No File]
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-04-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-04-12] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-05-22] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @unity3d.com/UnityPlayer -> C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll [2011-06-29] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @citrixonline.com/appdetectorplugin -> C:\Users\C&T Muhammad\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-12-07] (Citrix Online)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @fuzebox.com/Fuze Meeting NPAPI Plugin,version=1.0.0.1 -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll [2014-01-03] ( )
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @startmeeting.com/launcher -> C:\Users\C&T Muhammad\AppData\Local\SMPlugins\npsmlauncher.dll [2015-05-21] (Start Meeting)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @talk.google.com/O1DPlugin -> C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @tools.google.com/Google Update;version=3 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @tools.google.com/Google Update;version=9 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF user.js: detected! => C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763\user.js [2014-02-09]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-04-12] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-04-12] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\C&T Muhammad\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\C&T Muhammad\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763\searchplugins\bingp.xml [2015-09-30]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml [2014-05-09]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012-05-17]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-05-09]
FF Extension: Adblock Plus - C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-24] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.5.514 => not found
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-23]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (VideoDownloadConverter) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeljlhkkoipjimklndofjoafhpccdfjo [2015-02-13]
CHR Extension: (Google Docs) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Google Drive) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Dark Reader) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2016-05-20]
CHR Extension: (Google Docs Offline) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (SwagButton) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2016-06-24]
CHR Extension: (Pin It Button) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-03-31]
CHR Extension: (Grammarly for Chrome) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-06-26]
CHR Extension: (Fuze on Chrome™) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcehcblfpidimbihdfophhhdejckolgh [2016-05-26]
CHR Extension: (BB10 / PlayBook App Manager) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbaalodpmjjhpobkgljnelbpblnikkp [2016-01-09]
CHR Extension: (Adblock Super) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-09-23]
CHR Extension: (Google Play) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-03-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-18]
CHR Extension: (StartMeeting.com Extension) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnedppabchbjaplcbjpbkcjhpmfdhpin [2016-04-17]
CHR Extension: (Gmail) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-19]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AERTFilters; C:\Windows\system32\AERTSrv.exe [73728 2008-08-26] (Andrea Electronics Corporation)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-19] (AVAST Software)
S3 BlackBerry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 RIM MDNS; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-05-26] (Apple Inc.)
S2 RIM Tunnel Service; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1355000 2015-05-26] (BlackBerry Limited)
S2 SharedAccess; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S4 vToolbarUpdater18.1.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [1801752 2014-05-09] (AVG Secure Search)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-07-03] (Dell Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-06-19] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-06-19] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-06-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-06-19] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-06-19] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-06-19] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-06-19] (AVAST Software)
S3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [187208 2016-06-19] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [67216 2016-06-19] (AVAST Software)
S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-06-19] (AVAST Software)
S4 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-05-09] (AVG Technologies)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-07-03] (Broadcom Corporation)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-03-02] (Avanquest Software) [File not signed]
R3 DLXPDisplayName; C:\Windows\System32\DRIVERS\DLACPI.sys [14392 2008-04-16] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-06-26] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [69120 2015-01-14] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6.sys [14848 2015-05-26] (BlackBerry Limited)
S2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-05-08] (Windows ® Codename Longhorn DDK provider)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-02-18] ()
S3 ATMFBUS; system32\DRIVERS\ATMFBUS.sys [X]
S3 ATMFCVsp; system32\DRIVERS\ATMFCVsp.sys [X]
S3 ATMFFLT; system32\DRIVERS\ATMFFLT.sys [X]
S3 ATMFMdm; system32\DRIVERS\ATMFMdm.sys [X]
S3 ATMFNET; system32\DRIVERS\ATMFNET.sys [X]
S3 ATMFNVsp; system32\DRIVERS\ATMFNVsp.sys [X]
S3 ATMFVsp; system32\DRIVERS\ATMFVsp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-26 21:30 - 2016-06-26 21:31 - 00033253 _____ C:\Users\C&T Muhammad\Desktop\FRST.txt
2016-06-26 21:30 - 2016-06-26 21:30 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\FRST-OlderVersion
2016-06-26 21:30 - 2016-06-26 21:30 - 00000000 ____D C:\FRST
2016-06-26 21:27 - 2016-06-26 21:30 - 01739776 _____ (Farbar) C:\Users\C&T Muhammad\Desktop\FRST.exe
2016-06-26 14:47 - 2016-06-26 12:07 - 54935552 _____ C:\Windows\system32\config\SOFTWARE.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 43511808 _____ C:\Windows\system32\config\COMPONENTS.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 30867456 _____ C:\Windows\system32\config\SYSTEM.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 01515520 _____ C:\Windows\system32\config\DEFAULT.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 00057344 _____ C:\Windows\system32\config\SAM.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 00028672 _____ C:\Windows\system32\config\SECURITY.OLD
2016-06-26 14:33 - 2016-06-26 14:33 - 00000000 ____D C:\Windows\system32\config\cackup
2016-06-26 14:33 - 2016-06-26 14:33 - 00000000 ____D C:\Windows\system32\config\backup
2016-06-24 17:08 - 2016-06-24 17:08 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-23 18:30 - 2016-06-19 11:10 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-06-21 10:16 - 2016-06-21 10:16 - 00297020 _____ C:\Users\C&T Muhammad\Downloads\Entering 4th Grade Summer Math Packet (2).pdf
2016-06-21 10:15 - 2016-06-21 10:16 - 00297020 _____ C:\Users\C&T Muhammad\Downloads\Entering 4th Grade Summer Math Packet.pdf
2016-06-20 04:57 - 2016-06-20 04:57 - 00235686 _____ C:\Users\C&T Muhammad\Downloads\VS111.pdf
2016-06-20 04:57 - 2016-06-20 04:57 - 00235686 _____ C:\Users\C&T Muhammad\Downloads\1 App for Birth Record VS111.pdf
2016-06-19 11:24 - 2016-06-19 11:24 - 00000814 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-06-19 11:24 - 2016-06-19 11:24 - 00000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-19 11:19 - 2016-06-19 11:18 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-06-19 11:15 - 2016-06-19 11:15 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\AVAST Software
2016-06-19 11:14 - 2016-06-23 19:40 - 00001747 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-06-19 11:14 - 2016-06-19 11:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-06-19 11:12 - 2016-06-19 11:11 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00221368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00187208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00067216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-19 11:12 - 2016-06-19 11:09 - 00815792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-19 11:10 - 2016-06-19 11:10 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-19 11:05 - 2016-06-19 11:06 - 05066104 _____ (AVAST Software) C:\Users\C&T Muhammad\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2016-06-19 10:32 - 2016-06-19 10:32 - 00000000 ____D C:\ProgramData\dbg
2016-06-19 09:48 - 2016-06-19 09:48 - 00000000 ____D C:\Program Files\Common Files\Java
2016-06-18 18:35 - 2016-06-18 18:35 - 02535247 _____ C:\Users\C&T Muhammad\Downloads\NoDocument (1).pdf
2016-06-18 12:44 - 2016-06-18 12:44 - 225955043 _____ C:\Windows\MEMORY.DMP
2016-06-18 12:44 - 2016-06-18 12:44 - 00147560 _____ C:\Windows\Minidump\Mini061816-01.dmp
2016-06-16 15:20 - 2016-06-16 15:20 - 00626217 _____ C:\Users\C&T Muhammad\Downloads\lexi stid (2).zip
2016-06-16 15:15 - 2016-06-16 15:15 - 00626217 _____ C:\Users\C&T Muhammad\Downloads\lexi stid.zip
2016-06-16 15:15 - 2016-06-16 15:15 - 00626217 _____ C:\Users\C&T Muhammad\Downloads\lexi stid (1).zip
2016-06-15 08:34 - 2016-06-15 08:34 - 00176894 _____ C:\Users\C&T Muhammad\Downloads\Ecosoc Notification Letter.pdf
2016-06-13 15:05 - 2016-06-13 15:06 - 02535247 _____ C:\Users\C&T Muhammad\Downloads\NoDocument.pdf
2016-06-10 16:17 - 2016-06-10 16:17 - 01679475 _____ C:\Users\C&T Muhammad\Downloads\SelfLoveAff.pdf
2016-06-09 15:45 - 2016-06-09 15:45 - 02151760 _____ C:\Users\C&T Muhammad\Downloads\6 Steps to Manifest (2).pdf
2016-06-09 15:17 - 2016-06-09 15:17 - 00076729 _____ C:\Users\C&T Muhammad\Downloads\{6245E3C4-F4D9-4C24-B9BD-12EFE1028086}.pdf
2016-06-09 14:57 - 2016-06-09 14:57 - 00077319 _____ C:\Users\C&T Muhammad\Downloads\{AAF07FC7-B8B4-4000-8E9F-A2266B676AA9}.pdf
2016-06-09 14:57 - 2016-06-09 14:57 - 00077319 _____ C:\Users\C&T Muhammad\Downloads\{AAF07FC7-B8B4-4000-8E9F-A2266B676AA9} (1).pdf
2016-06-07 11:17 - 2016-06-07 11:17 - 00050784 _____ C:\Users\C&T Muhammad\Downloads\todoandbemydreams1023final.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-26 21:10 - 2015-07-03 12:21 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-26 21:10 - 2011-04-09 21:29 - 01108498 _____ C:\Windows\ntbtlog.txt
2016-06-26 20:40 - 2009-04-29 13:31 - 00001356 _____ C:\Users\C&T Muhammad\AppData\Local\d3d9caps.dat
2016-06-26 18:34 - 2006-11-02 05:47 - 00349648 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-26 13:19 - 2015-09-23 18:40 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-26 13:19 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-26 13:07 - 2006-11-02 05:47 - 00187392 _____ C:\Windows\system32\umstartup.etl
2016-06-26 11:59 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\inf
2016-06-25 16:38 - 2009-11-28 09:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-25 12:16 - 2015-04-19 14:36 - 00000406 ____H C:\Windows\Tasks\User_Feed_Synchronization-{AC4E15DC-E56F-4AF0-8146-FC7692F56C37}.job
2016-06-25 12:04 - 2013-11-16 04:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-25 12:03 - 2015-09-23 18:40 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-25 12:02 - 2015-06-23 13:50 - 00000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job
2016-06-25 11:44 - 2006-11-02 03:33 - 00756792 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-25 11:26 - 2013-11-07 09:15 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job
2016-06-25 11:00 - 2014-06-13 15:35 - 00000302 _____ C:\Windows\Tasks\PCHelpers_period.job
2016-06-25 10:33 - 2006-11-02 05:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-25 10:33 - 2006-11-02 05:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-25 09:44 - 2010-06-04 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-25 09:02 - 2013-08-14 03:12 - 00000000 ____D C:\Windows\system32\MRT
2016-06-25 08:06 - 2006-11-02 03:24 - 139785240 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-06-25 05:41 - 2006-11-02 04:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-25 04:51 - 2015-07-03 14:02 - 00002154 _____ C:\Windows\epplauncher.mif
2016-06-25 04:51 - 2015-07-03 14:02 - 00001744 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-06-25 04:49 - 2015-07-03 14:01 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-06-24 20:01 - 2015-06-23 13:50 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job
2016-06-24 18:26 - 2013-11-07 09:15 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job
2016-06-24 17:09 - 2014-07-18 03:18 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Dropbox
2016-06-24 06:23 - 2012-07-04 09:51 - 00000000 ____D C:\Program Files\Yahoo!
2016-06-24 06:19 - 2016-03-26 09:52 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Conscious Graphic ART
2016-06-24 06:18 - 2016-05-19 09:07 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\Spotify
2016-06-24 06:18 - 2014-01-11 14:41 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Spotify
2016-06-23 22:27 - 2006-11-02 06:01 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-23 19:15 - 2006-11-02 03:22 - 54263808 _____ C:\Windows\system32\config\software_previous
2016-06-23 19:15 - 2006-11-02 03:22 - 31457280 _____ C:\Windows\system32\config\system_previous
2016-06-23 19:14 - 2006-11-02 05:37 - 00000000 ____D C:\Windows\ShellNew
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 __RSD C:\Windows\Media
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 ___RD C:\Windows\Offline Web Pages
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 ____D C:\Program Files\Common Files\Services
2016-06-23 19:13 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\spool
2016-06-23 19:13 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\Msdtc
2016-06-23 19:12 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\registration
2016-06-23 19:05 - 2006-11-02 03:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2016-06-23 19:05 - 2006-11-02 03:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2016-06-23 18:17 - 2009-01-19 21:11 - 00000000 ____D C:\Users\C&T Muhammad
2016-06-23 13:40 - 2006-11-02 03:22 - 42729472 _____ C:\Windows\system32\config\components_previous
2016-06-23 13:40 - 2006-11-02 03:22 - 01572864 _____ C:\Windows\system32\config\default_previous
2016-06-21 19:38 - 2016-02-01 19:14 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\SimpleTrend System
2016-06-21 19:38 - 2015-12-11 04:52 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Lexi ArmyROTC_ASU INFO
2016-06-21 10:16 - 2013-08-20 07:12 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Homeschool
2016-06-19 11:18 - 2014-06-13 15:39 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-19 11:18 - 2014-06-13 15:37 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-19 10:54 - 2009-09-18 11:15 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2016-06-19 09:51 - 2014-08-16 04:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-19 09:51 - 2010-10-01 12:36 - 00000000 ____D C:\Program Files\Java
2016-06-19 09:47 - 2015-12-11 11:25 - 00000000 ____D C:\Users\C&T Muhammad\.oracle_jre_usage
2016-06-19 09:45 - 2015-06-02 18:37 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-06-18 12:44 - 2010-09-01 09:42 - 00000000 ____D C:\Windows\Minidump
2016-06-16 17:04 - 2013-11-16 04:05 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-06-16 17:04 - 2013-11-16 04:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-06-16 08:43 - 2016-05-03 12:59 - 01569792 ____H C:\Users\C&T Muhammad\Desktop\~WRL1687.tmp
2016-06-16 08:30 - 2016-05-03 12:59 - 01568256 ____H C:\Users\C&T Muhammad\Desktop\~WRL3274.tmp
2016-06-16 08:30 - 2016-05-03 12:59 - 01568256 ____H C:\Users\C&T Muhammad\Desktop\~WRL3132.tmp
2016-06-16 07:14 - 2012-08-26 07:23 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\THINGS TO DO and Projects Working On
2016-06-16 07:12 - 2016-05-03 12:59 - 01570304 ____H C:\Users\C&T Muhammad\Desktop\~WRL0987.tmp
2016-06-15 13:29 - 2016-05-03 12:59 - 01526272 ____H C:\Users\C&T Muhammad\Desktop\~WRL1855.tmp
2016-06-15 13:07 - 2016-05-03 12:59 - 01308160 ____H C:\Users\C&T Muhammad\Desktop\~WRL2610.tmp
2016-06-15 13:03 - 2016-05-03 12:59 - 01216000 ____H C:\Users\C&T Muhammad\Desktop\~WRL2858.tmp
2016-06-13 14:18 - 2016-05-10 11:26 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Lexi Picture Folder
2016-06-11 11:59 - 2016-05-03 12:59 - 01050624 ____H C:\Users\C&T Muhammad\Desktop\~WRL0546.tmp
2016-06-11 11:58 - 2016-05-03 12:59 - 00966144 ____H C:\Users\C&T Muhammad\Desktop\~WRL3251.tmp
2016-06-09 22:32 - 2016-05-26 19:03 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Zaahidah
2016-06-09 14:45 - 2013-07-26 18:48 - 00000000 ____D C:\Users\C&T Muhammad\Documents\Homeschool
2016-06-01 19:59 - 2015-08-26 12:28 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\pictures for walgreens
2016-06-01 19:58 - 2016-05-16 12:16 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\DES NEW app
2016-05-28 06:19 - 2016-05-26 18:28 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\New Info To Organize
 
==================== Files in the root of some directories =======
 
2014-06-13 15:40 - 2014-06-14 11:00 - 0005265 _____ () C:\Users\C&T Muhammad\AppData\Roaming\callbanner.png
2011-06-15 06:16 - 2015-02-22 21:47 - 0018001 _____ () C:\Users\C&T Muhammad\AppData\Roaming\UserTile.png
2009-02-11 09:29 - 2009-03-02 21:51 - 0001468 _____ () C:\Users\C&T Muhammad\AppData\Roaming\wklnhst.dat
2009-04-29 13:31 - 2016-06-26 20:40 - 0001356 _____ () C:\Users\C&T Muhammad\AppData\Local\d3d9caps.dat
2009-02-11 14:46 - 2015-08-26 11:41 - 0231424 _____ () C:\Users\C&T Muhammad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-02-11 14:55 - 2009-05-04 08:34 - 0008248 _____ () C:\Users\C&T Muhammad\AppData\Local\en.ini
2015-12-05 09:02 - 2015-12-05 09:02 - 0004096 ____H () C:\Users\C&T Muhammad\AppData\Local\keyfile3.drm
2015-06-27 19:34 - 2015-06-27 19:34 - 0000000 _____ () C:\Users\C&T Muhammad\AppData\Local\{F5BEE43F-0374-41C2-851C-243CD3D16C21}
2015-04-07 18:59 - 2015-06-29 11:29 - 0000112 _____ () C:\ProgramData\2iSA11.dat
ZeroAccess:
C:\Users\C&T Muhammad\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
 
Files to move or delete:
====================
C:\ProgramData\2iSA11.dat
 
 
Some files in TEMP:
====================
C:\Users\C&T Muhammad\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\C&T Muhammad\AppData\Local\Temp\{A1C3F053-67AE-4103-8485-BDAF5E5EB176}-DropboxClient_5.4.24.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-26 19:18
 
==================== End of FRST.txt ============================

  • 0

#4
RKinner
Posted 06 July 2016 - 02:33 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Doesn't look like you did my last instructions correctly.

 

You need to download the fixlist.txt file to your desktop since that's where FRST is running from:  C:\Users\C&T Muhammad\Desktop

 

 

Then right click on FRST and Run As Admin.

 

When FRST comes up click on FIX not SCAN.

 

It will probably reboot.  There should be a fixlog.txt on your desktop.  That's what I want to see.  Go ahead and put it in a Reply.

 

Then go back and right click on FRST and run as admin.  Check the Addition.txt box then Hit Scan.  You should get two logs.  Post them both.


  • 0

#5
novicecomputergirl
Posted 07 July 2016 - 08:15 PM

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Here is the second one:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-06-2016 02
Ran by C&T Muhammad (2016-06-26 21:31:35)
Running from C:\Users\C&T Muhammad\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X86) (2008-11-05 17:52:58)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2243051797-3227929194-3452157988-500 - Administrator - Disabled)
C&T Muhammad (S-1-5-21-2243051797-3227929194-3452157988-1000 - Administrator - Enabled) => C:\Users\C&T Muhammad
Guest (S-1-5-21-2243051797-3227929194-3452157988-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software)
BlackBerry 10 Desktop Software (Blend, Link, Drivers) (HKLM\...\{c33e77db-89b5-4abf-a1d1-97f8b35347e1}) (Version: 1.2.0.52 - BlackBerry)
BlackBerry Communication Drivers (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Device Drivers (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Link (Version: 1.2.4.39 - BlackBerry) Hidden
BlackBerry Link Remover (Version: 1.2.4.0 - BlackBerry Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version: - )
Canon MP240 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series) (Version: - )
Canon MP240 series User Registration (HKLM\...\Canon MP240 series User Registration) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
Cisco EAP-FAST Module (HKLM\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CouponBridge (HKLM\...\{434F6E75-E8E7-46FA-9037-1D46FAC61ED1}) (Version: 1.0.5 - CouponFactory, LLC) <==== ATTENTION
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Driver Download Manager (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
DriverUpdate (HKLM\...\{97C97FAC-9153-409E-A9C8-A19AFABE7547}) (Version: 2.2.38275 - SlimWare Utilities, Inc.)
Dropbox (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Dropbox) (Version: 5.4.24 - Dropbox, Inc.)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
Fuze Meeting (HKLM\...\{88F800EE-C2E3-49F1-9A61-DB1EE6DD4245}) (Version: 14.1.3326 - Fuze Box, Inc.)
Fuze Web Installer (HKLM\...\{114c4a6b-dd6c-47d9-9639-de36f18ea7e4}) (Version: 14.12.22716.0 - FuzeBox)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
Graboid Video (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Graboid Video 5.2.1.0) (Version: 5.2.1.0 - Graboid Inc.)
Graboid Video (Version: 5.2.1.0 - Graboid Inc.) Hidden
Graboid Video 3.21 (HKLM\...\Graboid Video) (Version: 3.21 - Graboid Inc.)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
LeapFrog LeapReader Plugin (Version: 5.2.1.18456 - LeapFrog) Hidden
LeapFrog LeapReader Plugin (Version: 5.2.4.18512 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaButtons 4.0.0.19 (HKLM\...\{148DB7A0-BCA6-47DF-A715-DD01F9266478}) (Version: 4.0.0.19 - )
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 6.0 (x86 en-US) (HKLM\...\Mozilla Firefox 6.0 (x86 en-US)) (Version: 6.0 - Mozilla)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PictureMover (HKLM\...\{8E9D71EC-A34B-4af8-A320-34891813DE34}) (Version: 3.4.1.15 - Hewlett-Packard Company)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Spotify) (Version: 1.0.24.104.g92a22684 - Spotify AB)
StartMeeting (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\StartMeeting) (Version: 1.4.7954.1001 - Start Meeting LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.5.1f5_24931 - Unity Technologies ApS)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapReader Plugin) (HKLM\...\LeapReaderPlugin) (Version: - LeapFrog)
Video Player (HKLM\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Zoodles (HKLM\...\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1) (Version: 3.0.5 - Inquisitive Minds, Inc)
Zoodles (Version: 3.0.5 - Inquisitive Minds, Inc) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{4787082E-1BB0-4790-8346-4BA408818450}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\FuzeMeetingIEplugin.dll (Callwave Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Citrix\GoToMeeting\3880\G2MOutlookAddin.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.29.2\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{CFF3F401-4DA6-48be-9F16-6066CFA9374C}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\FuzeMeetingIEplugin.dll (Callwave Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1285BC55-FC9B-4B0D-813C-92F5ED1A960C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1BA77315-56E6-4B66-BB78-1A8BA64A8CDA} - System32\Tasks\PCSpeedCleanPRO_Start => C:\Program Files\PC Speed Clean PRO\PCSpeedCleanPRO.exe
Task: {1F46C5D4-F14B-4DA3-9E68-5EA9C5A46168} - \Funmoods -> No File <==== ATTENTION
Task: {2BDFC3BF-59C4-4B71-AC97-0B1CB6940632} - System32\Tasks\{9D9E481C-AF45-4DAF-BA6D-4D8D6FBCC887} => pcalua.exe -a "C:\Users\C&amp;T Muhammad\AppData\Local\Temp\Reinstal\media_player_setup[1].exe" -d C:\Users\C&amp;TMUH~1\AppData\Local\Temp\Reinstal\ -c /RR /DIR:0Czx1Y0P1C1F1N1C1T1HtT0F1L1I1P1B1Y0M1P1Q1L1TtT0P1I1T2U1P1C1Y /BNDL:BBN_13054 /EB
Task: {3786CD0D-2CF1-442C-83E8-53A57C9B8B27} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-19] (AVAST Software)
Task: {4803D706-EACD-4839-88C6-8E13BCB31F27} - System32\Tasks\avastBCLRestartS-1-5-21-2243051797-3227929194-3452157988-1000 => Chrome.exe
Task: {49ABE083-581E-4BDF-BA2E-2C5BD0B3C310} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-03-26] (Siber Systems)
Task: {53A1E83C-B5F0-4410-B13B-1D80D8492BC4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {6584C4B6-D36A-4A37-8173-8AF5CC063D91} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {71BCC9A9-62F2-42BB-8707-3DA4B47598D5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {720E7400-BAA3-4675-959D-37A9DC5D9E39} - System32\Tasks\PCSpeedCleanPRO_Popup => C:\Program Files\PC Speed Clean PRO\Splash.exe
Task: {729B3C78-77C6-4DDE-ADB0-95525A7F9E12} - \AmiUpdXp -> No File <==== ATTENTION
Task: {72FB8449-A6CD-41B4-B673-530748814F87} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {85B89FE3-04B9-4C21-A094-ACC411BBC4FA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {862BCDAE-47C9-4040-9E00-A85D0EA30C79} - System32\Tasks\PerfMonitor_strtp => C:\Program Files\Optimizer Elite Max\PerformanceMonitor.exe <==== ATTENTION
Task: {A7E57A72-2C5F-4BCA-A41E-948E84E23570} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {A85DAAF7-1586-4856-BF12-17861B4B56D8} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {A895A013-451F-4045-AC73-5E52387D88C7} - \DriverUpdate Startup -> No File <==== ATTENTION
Task: {B2763B78-064A-4324-BF9F-D4BE2B7BC1AE} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B2A7718C-31BE-4147-8793-7A0BC1A1DC13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {C9254798-23AA-4387-BD4B-9E52632F1574} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CD960298-1365-4A56-A3CC-07C610A84C4A} - System32\Tasks\CodecUpdaterUpdaterRefreshTask => C:\ProgramData\CodecUpdate\ix_updater.exe <==== ATTENTION
Task: {D0B4881A-58B4-4FAA-AB3C-1C9F328CF1BA} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-08-18] (PC-Doctor, Inc.)
Task: {D25B5541-139A-46D1-A41C-54529A668CC3} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {E9A35101-1932-4BC7-9647-5AE779BCC361} - System32\Tasks\PCHelpers1st => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: {ED38A655-3466-43EC-9EF6-641B53A4617C} - System32\Tasks\CodecUpdaterUpdaterLogonTask => C:\ProgramData\CodecUpdate\ix_updater.exe <==== ATTENTION
Task: {EDDD7BD2-0CF7-4704-B209-1F1344EB6234} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-16] (Adobe Systems Incorporated)
Task: {F045A6E6-4D87-496A-8674-E526334A1413} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {F7917915-5179-4748-8926-5D398B66CB9F} - System32\Tasks\SafeZone scheduled Autoupdate 1466360567 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {FCF04EBF-4017-43F5-9A03-A2DED160299F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {FE8E9FF9-6D5F-4D61-9552-C8DEF1D2FBD4} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {FECBCDAD-AF72-453B-A7E8-958F0B3C9F91} - System32\Tasks\PCHelpers_period => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CodecUpdaterUpdaterLogonTask.job => C:\ProgramData\CodecUpdate\ix_updater.exe@/schedule /profilepath C:\ProgramData\CodecUpdate\profile.ini <==== ATTENTION
Task: C:\Windows\Tasks\CodecUpdaterUpdaterRefreshTask.job => C:\ProgramData\CodecUpdate\ix_updater.exe6/profilepath C:\ProgramData\CodecUpdate\profile.ini <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCHelpers1st.job => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: C:\Windows\Tasks\PCHelpers_period.job => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: C:\Windows\Tasks\PerfMonitor_strtp.job => C:\Program Files\Optimizer Elite Max\PerformanceMonitor.exe <==== ATTENTION
Task: C:\Windows\Tasks\User_Feed_Synchronization-{AC4E15DC-E56F-4AF0-8146-FC7692F56C37}.job => C:\Windows\system32\msfeedssync.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\C&T Muhammad\Desktop\DESKTOP ITEMS\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=solimbav&subid=desktop&campid=vbi (No File)
Shortcut: C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=solimbav&subid=program&campid=vbi (No File)
Shortcut: C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com (No File)

==================== Loaded Modules (Whitelisted) ==============

2014-04-13 11:30 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-13 11:30 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2016-06-17 19:22 - 2016-06-14 11:36 - 17595072 _____ () C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\PepperFlash\22.0.0.192\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [131]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\.exe: exefile => <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\e-tmm.com -> hxxp://h36.e-tmm.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 03:23 - 2006-09-18 14:41 - 00000736 ____N C:\Windows\system32\Drivers\etc\hosts

::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^C&T Muhammad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^C&T Muhammad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: ECenter => C:\Dell\E-Center\EULALauncher.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/26/2016 08:34:51 PM) (Source: Microsoft Office 11) (EventID: 2001) (User: )
Description: Rejected Safe Mode action : Microsoft Office Research task pane.

Error: (06/26/2016 07:07:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/26/2016 07:07:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/26/2016 07:06:44 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/26/2016 07:05:52 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (06/26/2016 06:54:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (06/26/2016 06:39:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/26/2016 06:39:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/26/2016 06:38:32 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/26/2016 06:36:39 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e


System errors:
=============
Error: (06/26/2016 08:39:27 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}

Error: (06/26/2016 07:07:38 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume RECOVERY.

Error: (06/26/2016 07:07:37 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume RECOVERY.

Error: (06/26/2016 07:07:27 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (06/26/2016 07:06:52 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (06/26/2016 07:06:47 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (06/26/2016 07:06:44 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/26/2016 07:06:37 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/26/2016 07:05:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Windows\System32\bcmihvsrv.dll21

Error: (06/26/2016 07:03:19 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%834

Error Code: 0x8007043c

Error description: This service cannot be started in Safe Mode

Reason: %%858


CodeIntegrity:
===================================
Date: 2016-06-26 21:30:53.665
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-06-26 21:30:53.228
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-06-26 21:30:52.776
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-06-26 21:30:52.355
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-06-25 11:14:33.523
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-06-25 10:37:01.113
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-06-25 06:29:07.814
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-06-25 05:22:39.791
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-06-25 04:24:58.503
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-06-25 04:12:46.685
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5850 @ 2.16GHz
Percentage of memory in use: 57%
Total physical RAM: 3062.45 MB
Available physical RAM: 1292.38 MB
Total Virtual: 6375.14 MB
Available Virtual: 4649.47 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:217.83 GB) (Free:88.42 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 30000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=217.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
  • 0

#6
RKinner
Posted 08 July 2016 - 09:09 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Still doesn't look like you did my last instructions correctly.
 
You need to download the fixlist.txt file to your desktop since that's where FRST is running from:  C:\Users\C&T Muhammad\Desktop
 
 
Then right click on FRST and Run As Admin.
 
When FRST comes up click on FIX not SCAN.
 
It will probably reboot.  There should be a fixlog.txt on your desktop.  That's what I want to see.  Go ahead and put it in a Reply.

  • 0

#7
novicecomputergirl
Posted 09 July 2016 - 12:22 AM

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

This is the fixlog that generates on my desktop: My apologies again.. please bear with me. This is all I'm getting. I will also post the addition.textlog as well below the fixlog. These are the only (2) that generate on my desktop. 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 02-07-2016
Ran by C&T Muhammad (2016-07-08 23:09:18) Run:2
Running from C:\Users\C&T Muhammad\Desktop
Loaded Profiles: C&T Muhammad (Available Profiles: C&T Muhammad)
Boot Mode: Safe Mode (with Networking)
 
==============================================
 
fixlist content:
*****************
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\MountPoints2: {3c91c9be-d30f-11e3-b065-0021703901a5} - F:\setup.exe -a
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\MountPoints2: {b3cccb3c-44fc-11e5-9abc-0021703901a5} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\start.exe
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\MountPoints2: {f9770cbb-84cd-11de-8a6a-0021703901a5} - H:\start.exe
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-11-05]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-11-05]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Winsock: Catalog5 01 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =  
URLSearchHook: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 - (No Name) - {238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} -  No File
URLSearchHook: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
SearchScopes: HKLM -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q={searchTerms}&crm=1
SearchScopes: HKU\.DEFAULT -> DefaultScope {CF739809-1C6C-47C0-85B9-569DBB141420} URL = 
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> Backup.Old.DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={SearchTerms}&s_it=amonetizetest1-ie&tb_uuid=A348D76AC1BB458096F267DFB266A97A&tb_oid=24-07-2013&tb_mrud=24-07-2013
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={1FC92D32-0098-474D-81BF-9431C416E9C6}&mid=f8e11bf0b67b47d3a8f5d16836dde856-21abf109ef5bea8ce7654c8962254f79c0936920&lang=en&ds=ts018&coid=avgtbdists&cmpid=&pr=sa&d=2013-10-30 15:41:46&v=18.0.0.248&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = 
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {E5020A0D-E981-4474-B2BE-19D4FB675838} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: No Name -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> No File
Toolbar: HKLM - No Name - !{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} -  No File
Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.5\ViProtocol.dll [2014-05-09] (AVG Secure Search)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.5\\npsitesafety.dll [No File]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml [2014-05-09]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012-05-17]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-05-09]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.5.514 => not found
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
S4 vToolbarUpdater18.1.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [1801752 2014-05-09] (AVG Secure Search)
S3 ATMFBUS; system32\DRIVERS\ATMFBUS.sys [X]
S3 ATMFCVsp; system32\DRIVERS\ATMFCVsp.sys [X]
S3 ATMFFLT; system32\DRIVERS\ATMFFLT.sys [X]
S3 ATMFMdm; system32\DRIVERS\ATMFMdm.sys [X]
S3 ATMFNET; system32\DRIVERS\ATMFNET.sys [X]
S3 ATMFNVsp; system32\DRIVERS\ATMFNVsp.sys [X]
S3 ATMFVsp; system32\DRIVERS\ATMFVsp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2015-04-07 18:59 - 2015-06-29 11:29 - 0000112 _____ () C:\ProgramData\2iSA11.dat
ZeroAccess:
C:\Users\C&T Muhammad\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
C:\Users\C&T Muhammad\AppData\Local\Google\Desktop
C:\Program Files\Google\Desktop
CMD: netsh  winsock  reset catalog
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
CMD: Type C:\Windows\ntbtlog.txt
C:\Windows\ntbtlog.txt
Hosts:
EmptyTemp:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
*****************
 
HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value not found.
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c91c9be-d30f-11e3-b065-0021703901a5} => key not found. 
HKCR\CLSID\{3c91c9be-d30f-11e3-b065-0021703901a5} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3cccb3c-44fc-11e5-9abc-0021703901a5} => key not found. 
HKCR\CLSID\{b3cccb3c-44fc-11e5-9abc-0021703901a5} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9770cbb-84cd-11de-8a6a-0021703901a5} => key not found. 
HKCR\CLSID\{f9770cbb-84cd-11de-8a6a-0021703901a5} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value not found.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk => not found.
C:\Program Files\Dell\DellDock\DellDock.exe => not found.
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk => not found.
C:\Program Files\Dell\DellDock\DellDock.exe => not found.
"C:\Windows\system32\GroupPolicy\Machine" => not found.
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Policies\Google => key not found. 
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5 000000000005\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} => value not found.
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} => key not found. 
HKCR\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420} => key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value not found.
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => key not found. 
HKCR\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} => key not found. 
HKCR\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5020A0D-E981-4474-B2BE-19D4FB675838} => key not found. 
HKCR\CLSID\{E5020A0D-E981-4474-B2BE-19D4FB675838} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777} => key not found. 
HKCR\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} => value not found.
HKCR\CLSID\!{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value not found.
HKCR\CLSID\!{EF99BD32-C1FB-11D2-892F-0090271D4F88} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value not found.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} => value not found.
HKCR\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value not found.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKCR\PROTOCOLS\Handler\viprotocol => key not found. 
HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => key not found. 
HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key not found. 
"C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml" => not found.
"C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml" => not found.
"C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml" => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\avg@toolbar => value not found.
Chrome HomePage => removed successfully.
Chrome DefaultSearchURL => removed successfully.
Chrome DefaultSearchKeyword => removed successfully.
Chrome DefaultSuggestURL => removed successfully.
vToolbarUpdater18.1.5 => service not found.
ATMFBUS => service not found.
ATMFCVsp => service not found.
ATMFFLT => service not found.
ATMFMdm => service not found.
ATMFNET => service not found.
ATMFNVsp => service not found.
ATMFVsp => service not found.
IpInIp => service not found.
NwlnkFlt => service not found.
NwlnkFwd => service not found.
"C:\ProgramData\2iSA11.dat" => not found.
ZeroAccess: => Error: No automatic fix found for this entry.
"C:\Users\C&T Muhammad\AppData\Local\Google\Desktop\Install" => not found.
ZeroAccess: => Error: No automatic fix found for this entry.
"C:\Program Files\Google\Desktop\Install" => not found.
"C:\Users\C&T Muhammad\AppData\Local\Google\Desktop" => not found.
"C:\Program Files\Google\Desktop" => not found.
 
=========  netsh  winsock  reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========
 
 
========= End of CMD: =========
 
 
=========  Type C:\Windows\ntbtlog.txt =========
 
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver Realtek High Definition Audio
Did not load driver @oem41.inf,%cnc.devicedesc%;Canon MP240 ser
Did not load driver Canon MP240 series Printer
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver Realtek High Definition Audio
Did not load driver @oem41.inf,%cnc.devicedesc%;Canon MP240 ser
Did not load driver Canon MP240 series Printer
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
 Service Pack 2 7  8 2016 17:16:37.375
Loaded driver \SystemRoot\system32\ntkrnlpa.exe
Loaded driver \SystemRoot\system32\hal.dll
Loaded driver \SystemRoot\system32\kdcom.dll
Loaded driver \SystemRoot\system32\mcupdate_GenuineIntel.dll
Loaded driver \SystemRoot\system32\PSHED.dll
Loaded driver \SystemRoot\system32\BOOTVID.dll
Loaded driver \SystemRoot\system32\CLFS.SYS
Loaded driver \SystemRoot\system32\CI.dll
Loaded driver \SystemRoot\system32\drivers\Wdf01000.sys
Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS
Loaded driver \SystemRoot\system32\drivers\acpi.sys
Loaded driver \SystemRoot\system32\drivers\WMILIB.SYS
Loaded driver \SystemRoot\system32\drivers\msisadrv.sys
Loaded driver \SystemRoot\system32\drivers\pci.sys
Loaded driver \SystemRoot\System32\drivers\partmgr.sys
Loaded driver \SystemRoot\system32\drivers\volmgr.sys
Loaded driver \SystemRoot\System32\drivers\volmgrx.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelide.sys
Loaded driver \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
Loaded driver \SystemRoot\system32\drivers\pciide.sys
Loaded driver \SystemRoot\System32\drivers\mountmgr.sys
Loaded driver \SystemRoot\system32\drivers\atapi.sys
Loaded driver \SystemRoot\system32\drivers\ataport.SYS
Loaded driver \SystemRoot\system32\drivers\msahci.sys
Loaded driver \SystemRoot\system32\drivers\fltmgr.sys
Loaded driver \SystemRoot\system32\drivers\fileinfo.sys
Loaded driver \SystemRoot\system32\DRIVERS\MpFilter.sys
Loaded driver \SystemRoot\System32\Drivers\ksecdd.sys
Loaded driver \SystemRoot\system32\drivers\ndis.sys
Loaded driver \SystemRoot\system32\drivers\msrpc.sys
Loaded driver \SystemRoot\system32\drivers\NETIO.SYS
Loaded driver \SystemRoot\System32\drivers\tcpip.sys
Loaded driver \SystemRoot\System32\drivers\fwpkclnt.sys
Loaded driver \SystemRoot\System32\Drivers\aswRvrt.sys
Loaded driver \SystemRoot\System32\Drivers\aswVmm.sys
Loaded driver \SystemRoot\System32\Drivers\Ntfs.sys
Loaded driver \SystemRoot\system32\drivers\volsnap.sys
Loaded driver \SystemRoot\System32\Drivers\spldr.sys
Loaded driver \SystemRoot\System32\Drivers\mup.sys
Loaded driver \SystemRoot\System32\drivers\ecache.sys
Loaded driver \SystemRoot\system32\drivers\disk.sys
Loaded driver \SystemRoot\system32\drivers\CLASSPNP.SYS
Loaded driver \SystemRoot\system32\drivers\crcdisk.sys
Did not load driver @hal.inf,%acpiapic.devicedesc%;ACPI x86-based PC
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Loaded driver \SystemRoot\system32\DRIVERS\tunnel.sys
Loaded driver \SystemRoot\system32\DRIVERS\tunmp.sys
Loaded driver \SystemRoot\system32\DRIVERS\DLACPI.sys
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\bcmwl6.sys
Loaded driver \SystemRoot\system32\DRIVERS\ohci1394.sys
Loaded driver \SystemRoot\system32\DRIVERS\Rtlh86.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Loaded driver \SystemRoot\system32\DRIVERS\msiscsi.sys
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\rassstp.sys
Loaded driver \SystemRoot\System32\Drivers\rimvndis6.sys
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\umbus.sys
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Did not load driver Realtek High Definition Audio
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver Realtek High Definition Audio
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver Realtek High Definition Audio
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver Realtek High Definition Audio
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver Realtek High Definition Audio
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver aswSP.SYS
Did not load driver aswSnx.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Did not load driver kbdhid.SYS
Did not load driver aswKbd.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Did not load driver RDPCDD.SYS
Loaded driver \SystemRoot\system32\drivers\rdpencdd.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\tdx.sys
Loaded driver \SystemRoot\system32\DRIVERS\smb.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\system32\drivers\afd.sys
Loaded driver \SystemRoot\system32\drivers\aswRdr.sys
Loaded driver \SystemRoot\system32\DRIVERS\pacer.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver Wanarpv6.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\drivers\nsiproxy.sys
Loaded driver \SystemRoot\System32\Drivers\dfsc.sys
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver Realtek High Definition Audio
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS
Did not load driver Realtek High Definition Audio
Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver Realtek High Definition Audio
Did not load driver @oem41.inf,%cnc.devicedesc%;Canon MP240 ser
Loaded driver \SystemRoot\system32\DRIVERS\usbprint.sys
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver Realtek High Definition Audio
Did not load driver @oem41.inf,%cnc.devicedesc%;Canon MP240 ser
Did not load driver Canon MP240 series Printer
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver Realtek High Definition Audio
Did not load driver @oem41.inf,%cnc.devicedesc%;Canon MP240 ser
Did not load driver Canon MP240 series Printer
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver Realtek High Definition Audio
Did not load driver @oem41.inf,%cnc.devicedesc%;Canon MP240 ser
Did not load driver Canon MP240 series Printer
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver Realtek High Definition Audio
Did not load driver @oem41.inf,%cnc.devicedesc%;Canon MP240 ser
Did not load driver Canon MP240 series Printer
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver Realtek High Definition Audio
Did not load driver @oem41.inf,%cnc.devicedesc%;Canon MP240 ser
Did not load driver Canon MP240 series Printer
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\system32\drivers\aswKbd.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @oem35.inf,%icrgd0%;Mobile Intel® 965 Express Chipset Family
Did not load driver @oem35.inf,%icrgd1%;Mobile Intel® 965 Express Chipset Family
Did not load driver Realtek High Definition Audio
Did not load driver @oem41.inf,%cnc.devicedesc%;Canon MP240 ser
Did not load driver Canon MP240 series Printer
Did not load driver @xrxscan.inf,%xeroxwcpscan%;Xerox WorkCentre Pro Scanner
Did not load driver @mdmgen.inf,%gen%;Standard Modem
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Did not load driver @oem49.inf,%rimvserport%;RIM Virtual Serial Port v2
Loaded driver \SystemRoot\system32\drivers\WudfPf.sys
Loaded driver \SystemRoot\system32\DRIVERS\nwifi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Loaded driver \SystemRoot\system32\DRIVERS\bowser.sys
Loaded driver \SystemRoot\System32\drivers\mpsdrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb10.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb20.sys
 
========= End of CMD: =========
 
C:\Windows\ntbtlog.txt => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2101288 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 18036 B
Edge => 0 B
Chrome => 8376109 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 3390 B
C&T Muhammad => 69012 B
 
RecycleBin => 14656 B
EmptyTemp: => 10.1 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 23:10:23 ====

  • 0

#8
novicecomputergirl
Posted 09 July 2016 - 12:23 AM

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Additions.text log.... below:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-06-2016 02
Ran by C&T Muhammad (2016-06-26 21:31:35)
Running from C:\Users\C&T Muhammad\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X86) (2008-11-05 17:52:58)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2243051797-3227929194-3452157988-500 - Administrator - Disabled)
C&T Muhammad (S-1-5-21-2243051797-3227929194-3452157988-1000 - Administrator - Enabled) => C:\Users\C&T Muhammad
Guest (S-1-5-21-2243051797-3227929194-3452157988-501 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software)
BlackBerry 10 Desktop Software (Blend, Link, Drivers) (HKLM\...\{c33e77db-89b5-4abf-a1d1-97f8b35347e1}) (Version: 1.2.0.52 - BlackBerry)
BlackBerry Communication Drivers (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Device Drivers (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Link (Version: 1.2.4.39 - BlackBerry) Hidden
BlackBerry Link Remover (Version: 1.2.4.0 - BlackBerry Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version:  - )
Canon MP240 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series) (Version:  - )
Canon MP240 series User Registration (HKLM\...\Canon MP240 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Cisco EAP-FAST Module (HKLM\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CouponBridge (HKLM\...\{434F6E75-E8E7-46FA-9037-1D46FAC61ED1}) (Version: 1.0.5 - CouponFactory, LLC) <==== ATTENTION
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Driver Download Manager (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
DriverUpdate (HKLM\...\{97C97FAC-9153-409E-A9C8-A19AFABE7547}) (Version: 2.2.38275 - SlimWare Utilities, Inc.)
Dropbox (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Dropbox) (Version: 5.4.24 - Dropbox, Inc.)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
Fuze Meeting (HKLM\...\{88F800EE-C2E3-49F1-9A61-DB1EE6DD4245}) (Version: 14.1.3326 - Fuze Box, Inc.)
Fuze Web Installer (HKLM\...\{114c4a6b-dd6c-47d9-9639-de36f18ea7e4}) (Version: 14.12.22716.0 - FuzeBox)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
Graboid Video (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Graboid Video 5.2.1.0) (Version: 5.2.1.0 - Graboid Inc.)
Graboid Video (Version: 5.2.1.0 - Graboid Inc.) Hidden
Graboid Video 3.21 (HKLM\...\Graboid Video) (Version: 3.21 - Graboid Inc.)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
LeapFrog LeapReader Plugin (Version: 5.2.1.18456 - LeapFrog) Hidden
LeapFrog LeapReader Plugin (Version: 5.2.4.18512 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaButtons 4.0.0.19 (HKLM\...\{148DB7A0-BCA6-47DF-A715-DD01F9266478}) (Version: 4.0.0.19 - )
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 6.0 (x86 en-US) (HKLM\...\Mozilla Firefox 6.0 (x86 en-US)) (Version: 6.0 - Mozilla)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PictureMover (HKLM\...\{8E9D71EC-A34B-4af8-A320-34891813DE34}) (Version: 3.4.1.15 - Hewlett-Packard Company)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Spotify) (Version: 1.0.24.104.g92a22684 - Spotify AB)
StartMeeting (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\StartMeeting) (Version: 1.4.7954.1001 - Start Meeting LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.5.1f5_24931 - Unity Technologies ApS)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapReader Plugin) (HKLM\...\LeapReaderPlugin) (Version:  - LeapFrog)
Video Player (HKLM\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Zoodles (HKLM\...\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1) (Version: 3.0.5 - Inquisitive Minds, Inc)
Zoodles (Version: 3.0.5 - Inquisitive Minds, Inc) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{4787082E-1BB0-4790-8346-4BA408818450}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\FuzeMeetingIEplugin.dll (Callwave Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Citrix\GoToMeeting\3880\G2MOutlookAddin.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.29.2\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{CFF3F401-4DA6-48be-9F16-6066CFA9374C}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\FuzeMeetingIEplugin.dll (Callwave Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1285BC55-FC9B-4B0D-813C-92F5ED1A960C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1BA77315-56E6-4B66-BB78-1A8BA64A8CDA} - System32\Tasks\PCSpeedCleanPRO_Start => C:\Program Files\PC Speed Clean PRO\PCSpeedCleanPRO.exe
Task: {1F46C5D4-F14B-4DA3-9E68-5EA9C5A46168} - \Funmoods -> No File <==== ATTENTION
Task: {2BDFC3BF-59C4-4B71-AC97-0B1CB6940632} - System32\Tasks\{9D9E481C-AF45-4DAF-BA6D-4D8D6FBCC887} => pcalua.exe -a "C:\Users\C&amp;T Muhammad\AppData\Local\Temp\Reinstal\media_player_setup[1].exe" -d C:\Users\C&amp;TMUH~1\AppData\Local\Temp\Reinstal\ -c /RR /DIR:0Czx1Y0P1C1F1N1C1T1HtT0F1L1I1P1B1Y0M1P1Q1L1TtT0P1I1T2U1P1C1Y /BNDL:BBN_13054 /EB
Task: {3786CD0D-2CF1-442C-83E8-53A57C9B8B27} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-19] (AVAST Software)
Task: {4803D706-EACD-4839-88C6-8E13BCB31F27} - System32\Tasks\avastBCLRestartS-1-5-21-2243051797-3227929194-3452157988-1000 => Chrome.exe 
Task: {49ABE083-581E-4BDF-BA2E-2C5BD0B3C310} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-03-26] (Siber Systems)
Task: {53A1E83C-B5F0-4410-B13B-1D80D8492BC4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {6584C4B6-D36A-4A37-8173-8AF5CC063D91} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {71BCC9A9-62F2-42BB-8707-3DA4B47598D5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {720E7400-BAA3-4675-959D-37A9DC5D9E39} - System32\Tasks\PCSpeedCleanPRO_Popup => C:\Program Files\PC Speed Clean PRO\Splash.exe
Task: {729B3C78-77C6-4DDE-ADB0-95525A7F9E12} - \AmiUpdXp -> No File <==== ATTENTION
Task: {72FB8449-A6CD-41B4-B673-530748814F87} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {85B89FE3-04B9-4C21-A094-ACC411BBC4FA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {862BCDAE-47C9-4040-9E00-A85D0EA30C79} - System32\Tasks\PerfMonitor_strtp => C:\Program Files\Optimizer Elite Max\PerformanceMonitor.exe <==== ATTENTION
Task: {A7E57A72-2C5F-4BCA-A41E-948E84E23570} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {A85DAAF7-1586-4856-BF12-17861B4B56D8} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {A895A013-451F-4045-AC73-5E52387D88C7} - \DriverUpdate Startup -> No File <==== ATTENTION
Task: {B2763B78-064A-4324-BF9F-D4BE2B7BC1AE} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B2A7718C-31BE-4147-8793-7A0BC1A1DC13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {C9254798-23AA-4387-BD4B-9E52632F1574} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CD960298-1365-4A56-A3CC-07C610A84C4A} - System32\Tasks\CodecUpdaterUpdaterRefreshTask => C:\ProgramData\CodecUpdate\ix_updater.exe <==== ATTENTION
Task: {D0B4881A-58B4-4FAA-AB3C-1C9F328CF1BA} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-08-18] (PC-Doctor, Inc.)
Task: {D25B5541-139A-46D1-A41C-54529A668CC3} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {E9A35101-1932-4BC7-9647-5AE779BCC361} - System32\Tasks\PCHelpers1st => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: {ED38A655-3466-43EC-9EF6-641B53A4617C} - System32\Tasks\CodecUpdaterUpdaterLogonTask => C:\ProgramData\CodecUpdate\ix_updater.exe <==== ATTENTION
Task: {EDDD7BD2-0CF7-4704-B209-1F1344EB6234} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-16] (Adobe Systems Incorporated)
Task: {F045A6E6-4D87-496A-8674-E526334A1413} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {F7917915-5179-4748-8926-5D398B66CB9F} - System32\Tasks\SafeZone scheduled Autoupdate 1466360567 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {FCF04EBF-4017-43F5-9A03-A2DED160299F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {FE8E9FF9-6D5F-4D61-9552-C8DEF1D2FBD4} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {FECBCDAD-AF72-453B-A7E8-958F0B3C9F91} - System32\Tasks\PCHelpers_period => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CodecUpdaterUpdaterLogonTask.job => C:\ProgramData\CodecUpdate\ix_updater.exe@/schedule /profilepath C:\ProgramData\CodecUpdate\profile.ini <==== ATTENTION
Task: C:\Windows\Tasks\CodecUpdaterUpdaterRefreshTask.job => C:\ProgramData\CodecUpdate\ix_updater.exe6/profilepath C:\ProgramData\CodecUpdate\profile.ini <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCHelpers1st.job => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: C:\Windows\Tasks\PCHelpers_period.job => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: C:\Windows\Tasks\PerfMonitor_strtp.job => C:\Program Files\Optimizer Elite Max\PerformanceMonitor.exe <==== ATTENTION
Task: C:\Windows\Tasks\User_Feed_Synchronization-{AC4E15DC-E56F-4AF0-8146-FC7692F56C37}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\C&T Muhammad\Desktop\DESKTOP ITEMS\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=solimbav&subid=desktop&campid=vbi (No File)
Shortcut: C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=solimbav&subid=program&campid=vbi (No File)
Shortcut: C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com (No File)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-04-13 11:30 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-13 11:30 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2016-06-17 19:22 - 2016-06-14 11:36 - 17595072 _____ () C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\PepperFlash\22.0.0.192\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [131]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\.DEFAULT\Software\Classes\.exe: exefile =>  <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\e-tmm.com -> hxxp://h36.e-tmm.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 03:23 - 2006-09-18 14:41 - 00000736 ____N C:\Windows\system32\Drivers\etc\hosts
 
::1             localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^C&T Muhammad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^C&T Muhammad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: ECenter => C:\Dell\E-Center\EULALauncher.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
Could not list restore points
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/26/2016 08:34:51 PM) (Source: Microsoft Office 11) (EventID: 2001) (User: )
Description: Rejected Safe Mode action : Microsoft Office Research task pane.
 
Error: (06/26/2016 07:07:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/26/2016 07:07:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/26/2016 07:06:44 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (06/26/2016 07:05:52 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
 
Error: (06/26/2016 06:54:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
 
Error: (06/26/2016 06:39:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/26/2016 06:39:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/26/2016 06:38:32 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (06/26/2016 06:36:39 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
 
 
System errors:
=============
Error: (06/26/2016 08:39:27 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}
 
Error: (06/26/2016 07:07:38 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume RECOVERY.
 
Error: (06/26/2016 07:07:37 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume RECOVERY.
 
Error: (06/26/2016 07:07:27 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (06/26/2016 07:06:52 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (06/26/2016 07:06:47 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
 
Error: (06/26/2016 07:06:44 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (06/26/2016 07:06:37 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (06/26/2016 07:05:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Windows\System32\bcmihvsrv.dll21
 
Error: (06/26/2016 07:03:19 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%834
 
Error Code: 0x8007043c
 
Error description: This service cannot be started in Safe Mode 
 
Reason: %%858
 
 
CodeIntegrity:
===================================
  Date: 2016-06-26 21:30:53.665
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-26 21:30:53.228
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-26 21:30:52.776
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-26 21:30:52.355
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-25 11:14:33.523
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-25 10:37:01.113
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-25 06:29:07.814
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-25 05:22:39.791
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-25 04:24:58.503
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-25 04:12:46.685
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T5850 @ 2.16GHz
Percentage of memory in use: 57%
Total physical RAM: 3062.45 MB
Available physical RAM: 1292.38 MB
Total Virtual: 6375.14 MB
Available Virtual: 4649.47 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:217.83 GB) (Free:88.42 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.85 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 30000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=217.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#9
RKinner
Posted 09 July 2016 - 09:14 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Thank you for the Fixlog.

 

Can you run a new FRST scan with Addition.txt checked and post both logs?  (The addition.txt file you just posted is from 

 

2016-06-26


  • 0

#10
novicecomputergirl
Posted 09 July 2016 - 11:12 AM

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Okay give me a few minutes


  • 0

Advertisements

#11
novicecomputergirl
Posted 09 July 2016 - 11:23 AM

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-07-2016
Ran by C&T Muhammad (administrator) on OFFICE-PC (09-07-2016 10:18:25)
Running from C:\Users\C&T Muhammad\Desktop
Loaded Profiles: C&T Muhammad (Available Profiles: C&T Muhammad)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6246400 2008-08-26] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2008-07-03] (Dell Inc.)
HKLM\...\Run: [DellOSD] => C:\Windows\System32\MediaButtons.exe [2166784 2008-05-08] ()
HKLM\...\Run: [BrowserPlugInHelper] => C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-04-12] (RealNetworks, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM\...\Run: [RIM PeerManager] => C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4730616 2015-05-26] (BlackBerry Limited)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7405752 2016-06-23] (AVAST Software)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Google Update] => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Dropbox Update] => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-23] (Dropbox, Inc.)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Spotify Web Helper] => C:\Users\C&T Muhammad\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-05-19] (Spotify Ltd)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Spotify] => C:\Users\C&T Muhammad\AppData\Roaming\Spotify\Spotify.exe [6754928 2016-05-19] (Spotify Ltd)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\RunOnce: [Application Restart #0] => C:\Windows\ehome\ehtray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\RunOnce: [Application Restart #1] => C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\RunOnce: [Application Restart #2] => C:\Program Files\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\RunOnce: [Application Restart #3] => C:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssBranded.scr [8139264 2008-01-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-19] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{28AE79C2-D1A0-4CB7-9A73-B3B4F663F01D}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{A2D144FB-D371-4306-8E0E-6A9708623BAD}: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {C603FAF6-5718-4F44-840A-EC8BA0159093} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-19] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-19] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-19] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-28] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763
FF DefaultSearchEngine: Bing 
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-us
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-04-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-04-12] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-05-22] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @unity3d.com/UnityPlayer -> C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll [2011-06-29] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @citrixonline.com/appdetectorplugin -> C:\Users\C&T Muhammad\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-12-07] (Citrix Online)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @fuzebox.com/Fuze Meeting NPAPI Plugin,version=1.0.0.1 -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll [2014-01-03] ( )
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @startmeeting.com/launcher -> C:\Users\C&T Muhammad\AppData\Local\SMPlugins\npsmlauncher.dll [2015-05-21] (Start Meeting)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @talk.google.com/O1DPlugin -> C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @tools.google.com/Google Update;version=3 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @tools.google.com/Google Update;version=9 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF user.js: detected! => C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763\user.js [2014-02-09]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-04-12] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-04-12] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\C&T Muhammad\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\C&T Muhammad\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763\searchplugins\bingp.xml [2015-09-30]
FF Extension: Adblock Plus - C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-24] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-23]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]
 
Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-07-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-08]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-19]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AERTFilters; C:\Windows\system32\AERTSrv.exe [73728 2008-08-26] (Andrea Electronics Corporation)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-19] (AVAST Software)
S3 BlackBerry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 RIM MDNS; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-05-26] (Apple Inc.)
S2 RIM Tunnel Service; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1355000 2015-05-26] (BlackBerry Limited)
S2 SharedAccess; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-07-03] (Dell Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-06-19] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-06-19] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-06-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-06-19] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-06-19] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-06-19] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-06-19] (AVAST Software)
S3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [187208 2016-06-19] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [67216 2016-06-19] (AVAST Software)
S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-06-19] (AVAST Software)
S4 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-05-09] (AVG Technologies)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-07-03] (Broadcom Corporation)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-03-02] (Avanquest Software) [File not signed]
R3 DLXPDisplayName; C:\Windows\System32\DRIVERS\DLACPI.sys [14392 2008-04-16] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-06-27] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [69120 2015-01-14] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6.sys [14848 2015-05-26] (BlackBerry Limited)
S2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-05-08] (Windows ® Codename Longhorn DDK provider)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-02-18] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-08 23:12 - 2016-07-08 23:13 - 00083108 _____ C:\Windows\ntbtlog.txt
2016-07-07 12:57 - 2016-07-08 23:10 - 00059672 _____ C:\Users\C&T Muhammad\Desktop\Fixlog.txt
2016-06-26 21:31 - 2016-06-26 21:31 - 00044779 _____ C:\Users\C&T Muhammad\Desktop\Addition.txt
2016-06-26 21:30 - 2016-07-09 10:18 - 00023569 _____ C:\Users\C&T Muhammad\Desktop\FRST.txt
2016-06-26 21:30 - 2016-07-09 10:18 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\FRST-OlderVersion
2016-06-26 21:30 - 2016-07-09 10:18 - 00000000 ____D C:\FRST
2016-06-26 21:27 - 2016-07-09 10:18 - 01740288 _____ (Farbar) C:\Users\C&T Muhammad\Desktop\FRST.exe
2016-06-26 14:47 - 2016-06-26 12:07 - 54935552 _____ C:\Windows\system32\config\SOFTWARE.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 43511808 _____ C:\Windows\system32\config\COMPONENTS.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 30867456 _____ C:\Windows\system32\config\SYSTEM.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 01515520 _____ C:\Windows\system32\config\DEFAULT.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 00057344 _____ C:\Windows\system32\config\SAM.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 00028672 _____ C:\Windows\system32\config\SECURITY.OLD
2016-06-26 14:33 - 2016-06-26 14:33 - 00000000 ____D C:\Windows\system32\config\cackup
2016-06-26 14:33 - 2016-06-26 14:33 - 00000000 ____D C:\Windows\system32\config\backup
2016-06-24 17:08 - 2016-06-24 17:08 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-23 18:30 - 2016-06-19 11:10 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-06-21 10:16 - 2016-06-21 10:16 - 00297020 _____ C:\Users\C&T Muhammad\Downloads\Entering 4th Grade Summer Math Packet (2).pdf
2016-06-21 10:15 - 2016-06-21 10:16 - 00297020 _____ C:\Users\C&T Muhammad\Downloads\Entering 4th Grade Summer Math Packet.pdf
2016-06-20 04:57 - 2016-06-20 04:57 - 00235686 _____ C:\Users\C&T Muhammad\Downloads\VS111.pdf
2016-06-20 04:57 - 2016-06-20 04:57 - 00235686 _____ C:\Users\C&T Muhammad\Downloads\1 App for Birth Record VS111.pdf
2016-06-19 11:24 - 2016-06-19 11:24 - 00000814 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-06-19 11:24 - 2016-06-19 11:24 - 00000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-19 11:19 - 2016-06-19 11:18 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-06-19 11:15 - 2016-06-19 11:15 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\AVAST Software
2016-06-19 11:14 - 2016-06-23 19:40 - 00001747 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-06-19 11:14 - 2016-06-19 11:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-06-19 11:12 - 2016-06-19 11:11 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00221368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00187208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00067216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-19 11:12 - 2016-06-19 11:11 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-19 11:12 - 2016-06-19 11:09 - 00815792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-19 11:10 - 2016-06-19 11:10 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-19 11:05 - 2016-06-19 11:06 - 05066104 _____ (AVAST Software) C:\Users\C&T Muhammad\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2016-06-19 10:32 - 2016-06-19 10:32 - 00000000 ____D C:\ProgramData\dbg
2016-06-19 09:48 - 2016-06-19 09:48 - 00000000 ____D C:\Program Files\Common Files\Java
2016-06-18 18:35 - 2016-06-18 18:35 - 02535247 _____ C:\Users\C&T Muhammad\Downloads\NoDocument (1).pdf
2016-06-18 12:44 - 2016-06-18 12:44 - 225955043 _____ C:\Windows\MEMORY.DMP
2016-06-18 12:44 - 2016-06-18 12:44 - 00147560 _____ C:\Windows\Minidump\Mini061816-01.dmp
2016-06-16 15:20 - 2016-06-16 15:20 - 00626217 _____ C:\Users\C&T Muhammad\Downloads\lexi stid (2).zip
2016-06-16 15:15 - 2016-06-16 15:15 - 00626217 _____ C:\Users\C&T Muhammad\Downloads\lexi stid.zip
2016-06-16 15:15 - 2016-06-16 15:15 - 00626217 _____ C:\Users\C&T Muhammad\Downloads\lexi stid (1).zip
2016-06-15 08:34 - 2016-06-15 08:34 - 00176894 _____ C:\Users\C&T Muhammad\Downloads\Ecosoc Notification Letter.pdf
2016-06-13 15:05 - 2016-06-13 15:06 - 02535247 _____ C:\Users\C&T Muhammad\Downloads\NoDocument.pdf
2016-06-10 16:17 - 2016-06-10 16:17 - 01679475 _____ C:\Users\C&T Muhammad\Downloads\SelfLoveAff.pdf
2016-06-09 15:45 - 2016-06-09 15:45 - 02151760 _____ C:\Users\C&T Muhammad\Downloads\6 Steps to Manifest (2).pdf
2016-06-09 15:17 - 2016-06-09 15:17 - 00076729 _____ C:\Users\C&T Muhammad\Downloads\{6245E3C4-F4D9-4C24-B9BD-12EFE1028086}.pdf
2016-06-09 14:57 - 2016-06-09 14:57 - 00077319 _____ C:\Users\C&T Muhammad\Downloads\{AAF07FC7-B8B4-4000-8E9F-A2266B676AA9}.pdf
2016-06-09 14:57 - 2016-06-09 14:57 - 00077319 _____ C:\Users\C&T Muhammad\Downloads\{AAF07FC7-B8B4-4000-8E9F-A2266B676AA9} (1).pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-08 17:21 - 2016-05-26 19:03 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Zaahidah
2016-07-08 17:21 - 2013-08-20 07:12 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Homeschool
2016-07-08 04:58 - 2012-05-21 10:34 - 00000000 ____D C:\Users\C&T Muhammad\AppData\LocalLow\Temp
2016-07-07 12:58 - 2009-01-19 21:12 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\Google
2016-07-07 12:58 - 2009-01-19 21:11 - 00000000 ____D C:\Users\C&T Muhammad
2016-07-07 12:58 - 2008-11-05 17:15 - 00000000 ____D C:\Program Files\Google
2016-07-07 12:57 - 2006-11-02 04:18 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-07-01 15:24 - 2006-11-02 05:47 - 00349648 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-27 16:37 - 2015-07-03 12:21 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-26 20:40 - 2009-04-29 13:31 - 00001356 _____ C:\Users\C&T Muhammad\AppData\Local\d3d9caps.dat
2016-06-26 13:19 - 2015-09-23 18:40 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-26 13:19 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-26 13:07 - 2006-11-02 05:47 - 00187392 _____ C:\Windows\system32\umstartup.etl
2016-06-26 11:59 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\inf
2016-06-25 16:38 - 2009-11-28 09:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-25 12:16 - 2015-04-19 14:36 - 00000406 ____H C:\Windows\Tasks\User_Feed_Synchronization-{AC4E15DC-E56F-4AF0-8146-FC7692F56C37}.job
2016-06-25 12:04 - 2013-11-16 04:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-25 12:03 - 2015-09-23 18:40 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-25 12:02 - 2015-06-23 13:50 - 00000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job
2016-06-25 11:44 - 2006-11-02 03:33 - 00756792 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-25 11:26 - 2013-11-07 09:15 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job
2016-06-25 11:00 - 2014-06-13 15:35 - 00000302 _____ C:\Windows\Tasks\PCHelpers_period.job
2016-06-25 10:33 - 2006-11-02 05:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-25 10:33 - 2006-11-02 05:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-25 09:44 - 2010-06-04 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-25 09:02 - 2013-08-14 03:12 - 00000000 ____D C:\Windows\system32\MRT
2016-06-25 08:06 - 2006-11-02 03:24 - 139785240 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-06-25 05:41 - 2006-11-02 04:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-25 04:51 - 2015-07-03 14:02 - 00002154 _____ C:\Windows\epplauncher.mif
2016-06-25 04:51 - 2015-07-03 14:02 - 00001744 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-06-25 04:49 - 2015-07-03 14:01 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-06-24 20:01 - 2015-06-23 13:50 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job
2016-06-24 18:26 - 2013-11-07 09:15 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job
2016-06-24 17:09 - 2014-07-18 03:18 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Dropbox
2016-06-24 06:23 - 2012-07-04 09:51 - 00000000 ____D C:\Program Files\Yahoo!
2016-06-24 06:19 - 2016-03-26 09:52 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Conscious Graphic ART
2016-06-24 06:18 - 2016-05-19 09:07 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\Spotify
2016-06-24 06:18 - 2014-01-11 14:41 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Spotify
2016-06-23 22:27 - 2006-11-02 06:01 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-23 19:15 - 2006-11-02 03:22 - 54263808 _____ C:\Windows\system32\config\software_previous
2016-06-23 19:15 - 2006-11-02 03:22 - 31457280 _____ C:\Windows\system32\config\system_previous
2016-06-23 19:14 - 2006-11-02 05:37 - 00000000 ____D C:\Windows\ShellNew
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 __RSD C:\Windows\Media
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 ___RD C:\Windows\Offline Web Pages
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 ____D C:\Program Files\Common Files\Services
2016-06-23 19:13 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\spool
2016-06-23 19:13 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\Msdtc
2016-06-23 19:12 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\registration
2016-06-23 19:05 - 2006-11-02 03:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2016-06-23 19:05 - 2006-11-02 03:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2016-06-23 13:40 - 2006-11-02 03:22 - 42729472 _____ C:\Windows\system32\config\components_previous
2016-06-23 13:40 - 2006-11-02 03:22 - 01572864 _____ C:\Windows\system32\config\default_previous
2016-06-21 19:38 - 2016-02-01 19:14 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\SimpleTrend System
2016-06-21 19:38 - 2015-12-11 04:52 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Lexi ArmyROTC_ASU INFO
2016-06-19 11:18 - 2014-06-13 15:39 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-19 11:18 - 2014-06-13 15:37 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-19 10:54 - 2009-09-18 11:15 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2016-06-19 09:51 - 2014-08-16 04:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-19 09:51 - 2010-10-01 12:36 - 00000000 ____D C:\Program Files\Java
2016-06-19 09:47 - 2015-12-11 11:25 - 00000000 ____D C:\Users\C&T Muhammad\.oracle_jre_usage
2016-06-19 09:45 - 2015-06-02 18:37 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-06-18 12:44 - 2010-09-01 09:42 - 00000000 ____D C:\Windows\Minidump
2016-06-16 17:04 - 2013-11-16 04:05 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-06-16 17:04 - 2013-11-16 04:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-06-16 08:43 - 2016-05-03 12:59 - 01569792 ____H C:\Users\C&T Muhammad\Desktop\~WRL1687.tmp
2016-06-16 08:30 - 2016-05-03 12:59 - 01568256 ____H C:\Users\C&T Muhammad\Desktop\~WRL3274.tmp
2016-06-16 08:30 - 2016-05-03 12:59 - 01568256 ____H C:\Users\C&T Muhammad\Desktop\~WRL3132.tmp
2016-06-16 07:14 - 2012-08-26 07:23 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\THINGS TO DO and Projects Working On
2016-06-16 07:12 - 2016-05-03 12:59 - 01570304 ____H C:\Users\C&T Muhammad\Desktop\~WRL0987.tmp
2016-06-15 13:29 - 2016-05-03 12:59 - 01526272 ____H C:\Users\C&T Muhammad\Desktop\~WRL1855.tmp
2016-06-15 13:07 - 2016-05-03 12:59 - 01308160 ____H C:\Users\C&T Muhammad\Desktop\~WRL2610.tmp
2016-06-15 13:03 - 2016-05-03 12:59 - 01216000 ____H C:\Users\C&T Muhammad\Desktop\~WRL2858.tmp
2016-06-13 14:18 - 2016-05-10 11:26 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Lexi Picture Folder
2016-06-11 11:59 - 2016-05-03 12:59 - 01050624 ____H C:\Users\C&T Muhammad\Desktop\~WRL0546.tmp
2016-06-11 11:58 - 2016-05-03 12:59 - 00966144 ____H C:\Users\C&T Muhammad\Desktop\~WRL3251.tmp
2016-06-09 14:45 - 2013-07-26 18:48 - 00000000 ____D C:\Users\C&T Muhammad\Documents\Homeschool
 
==================== Files in the root of some directories =======
 
2014-06-13 15:40 - 2014-06-14 11:00 - 0005265 _____ () C:\Users\C&T Muhammad\AppData\Roaming\callbanner.png
2011-06-15 06:16 - 2015-02-22 21:47 - 0018001 _____ () C:\Users\C&T Muhammad\AppData\Roaming\UserTile.png
2009-02-11 09:29 - 2009-03-02 21:51 - 0001468 _____ () C:\Users\C&T Muhammad\AppData\Roaming\wklnhst.dat
2009-04-29 13:31 - 2016-06-26 20:40 - 0001356 _____ () C:\Users\C&T Muhammad\AppData\Local\d3d9caps.dat
2009-02-11 14:46 - 2015-08-26 11:41 - 0231424 _____ () C:\Users\C&T Muhammad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-02-11 14:55 - 2009-05-04 08:34 - 0008248 _____ () C:\Users\C&T Muhammad\AppData\Local\en.ini
2015-12-05 09:02 - 2015-12-05 09:02 - 0004096 ____H () C:\Users\C&T Muhammad\AppData\Local\keyfile3.drm
2015-06-27 19:34 - 2015-06-27 19:34 - 0000000 _____ () C:\Users\C&T Muhammad\AppData\Local\{F5BEE43F-0374-41C2-851C-243CD3D16C21}
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-08 23:28
 
==================== End of FRST.txt ============================

  • 0

#12
novicecomputergirl
Posted 09 July 2016 - 11:23 AM

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-07-2016
Ran by C&T Muhammad (2016-07-09 10:19:30)
Running from C:\Users\C&T Muhammad\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X86) (2008-11-05 17:52:58)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2243051797-3227929194-3452157988-500 - Administrator - Disabled)
C&T Muhammad (S-1-5-21-2243051797-3227929194-3452157988-1000 - Administrator - Enabled) => C:\Users\C&T Muhammad
Guest (S-1-5-21-2243051797-3227929194-3452157988-501 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software)
BlackBerry 10 Desktop Software (Blend, Link, Drivers) (HKLM\...\{c33e77db-89b5-4abf-a1d1-97f8b35347e1}) (Version: 1.2.0.52 - BlackBerry)
BlackBerry Communication Drivers (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Device Drivers (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Link (Version: 1.2.4.39 - BlackBerry) Hidden
BlackBerry Link Remover (Version: 1.2.4.0 - BlackBerry Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version:  - )
Canon MP240 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series) (Version:  - )
Canon MP240 series User Registration (HKLM\...\Canon MP240 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Cisco EAP-FAST Module (HKLM\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CouponBridge (HKLM\...\{434F6E75-E8E7-46FA-9037-1D46FAC61ED1}) (Version: 1.0.5 - CouponFactory, LLC) <==== ATTENTION
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Driver Download Manager (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
DriverUpdate (HKLM\...\{97C97FAC-9153-409E-A9C8-A19AFABE7547}) (Version: 2.2.38275 - SlimWare Utilities, Inc.)
Dropbox (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Dropbox) (Version: 5.4.24 - Dropbox, Inc.)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
Fuze Meeting (HKLM\...\{88F800EE-C2E3-49F1-9A61-DB1EE6DD4245}) (Version: 14.1.3326 - Fuze Box, Inc.)
Fuze Web Installer (HKLM\...\{114c4a6b-dd6c-47d9-9639-de36f18ea7e4}) (Version: 14.12.22716.0 - FuzeBox)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
Graboid Video (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Graboid Video 5.2.1.0) (Version: 5.2.1.0 - Graboid Inc.)
Graboid Video (Version: 5.2.1.0 - Graboid Inc.) Hidden
Graboid Video 3.21 (HKLM\...\Graboid Video) (Version: 3.21 - Graboid Inc.)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
LeapFrog LeapReader Plugin (Version: 5.2.1.18456 - LeapFrog) Hidden
LeapFrog LeapReader Plugin (Version: 5.2.4.18512 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaButtons 4.0.0.19 (HKLM\...\{148DB7A0-BCA6-47DF-A715-DD01F9266478}) (Version: 4.0.0.19 - )
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 6.0 (x86 en-US) (HKLM\...\Mozilla Firefox 6.0 (x86 en-US)) (Version: 6.0 - Mozilla)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PictureMover (HKLM\...\{8E9D71EC-A34B-4af8-A320-34891813DE34}) (Version: 3.4.1.15 - Hewlett-Packard Company)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Spotify) (Version: 1.0.24.104.g92a22684 - Spotify AB)
StartMeeting (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\StartMeeting) (Version: 1.4.7954.1001 - Start Meeting LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.5.1f5_24931 - Unity Technologies ApS)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapReader Plugin) (HKLM\...\LeapReaderPlugin) (Version:  - LeapFrog)
Video Player (HKLM\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Zoodles (HKLM\...\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1) (Version: 3.0.5 - Inquisitive Minds, Inc)
Zoodles (Version: 3.0.5 - Inquisitive Minds, Inc) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{4787082E-1BB0-4790-8346-4BA408818450}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\FuzeMeetingIEplugin.dll (Callwave Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Citrix\GoToMeeting\3880\G2MOutlookAddin.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.29.2\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{CFF3F401-4DA6-48be-9F16-6066CFA9374C}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\FuzeMeetingIEplugin.dll (Callwave Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1285BC55-FC9B-4B0D-813C-92F5ED1A960C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1BA77315-56E6-4B66-BB78-1A8BA64A8CDA} - System32\Tasks\PCSpeedCleanPRO_Start => C:\Program Files\PC Speed Clean PRO\PCSpeedCleanPRO.exe
Task: {1F46C5D4-F14B-4DA3-9E68-5EA9C5A46168} - \Funmoods -> No File <==== ATTENTION
Task: {2BDFC3BF-59C4-4B71-AC97-0B1CB6940632} - System32\Tasks\{9D9E481C-AF45-4DAF-BA6D-4D8D6FBCC887} => pcalua.exe -a "C:\Users\C&amp;T Muhammad\AppData\Local\Temp\Reinstal\media_player_setup[1].exe" -d C:\Users\C&amp;TMUH~1\AppData\Local\Temp\Reinstal\ -c /RR /DIR:0Czx1Y0P1C1F1N1C1T1HtT0F1L1I1P1B1Y0M1P1Q1L1TtT0P1I1T2U1P1C1Y /BNDL:BBN_13054 /EB
Task: {3786CD0D-2CF1-442C-83E8-53A57C9B8B27} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-19] (AVAST Software)
Task: {4803D706-EACD-4839-88C6-8E13BCB31F27} - System32\Tasks\avastBCLRestartS-1-5-21-2243051797-3227929194-3452157988-1000 => Chrome.exe 
Task: {49ABE083-581E-4BDF-BA2E-2C5BD0B3C310} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-03-26] (Siber Systems)
Task: {53A1E83C-B5F0-4410-B13B-1D80D8492BC4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {6584C4B6-D36A-4A37-8173-8AF5CC063D91} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {71BCC9A9-62F2-42BB-8707-3DA4B47598D5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {720E7400-BAA3-4675-959D-37A9DC5D9E39} - System32\Tasks\PCSpeedCleanPRO_Popup => C:\Program Files\PC Speed Clean PRO\Splash.exe
Task: {729B3C78-77C6-4DDE-ADB0-95525A7F9E12} - \AmiUpdXp -> No File <==== ATTENTION
Task: {72FB8449-A6CD-41B4-B673-530748814F87} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {85B89FE3-04B9-4C21-A094-ACC411BBC4FA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {862BCDAE-47C9-4040-9E00-A85D0EA30C79} - System32\Tasks\PerfMonitor_strtp => C:\Program Files\Optimizer Elite Max\PerformanceMonitor.exe <==== ATTENTION
Task: {A7E57A72-2C5F-4BCA-A41E-948E84E23570} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {A85DAAF7-1586-4856-BF12-17861B4B56D8} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {A895A013-451F-4045-AC73-5E52387D88C7} - \DriverUpdate Startup -> No File <==== ATTENTION
Task: {B2763B78-064A-4324-BF9F-D4BE2B7BC1AE} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B2A7718C-31BE-4147-8793-7A0BC1A1DC13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {C9254798-23AA-4387-BD4B-9E52632F1574} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CD960298-1365-4A56-A3CC-07C610A84C4A} - System32\Tasks\CodecUpdaterUpdaterRefreshTask => C:\ProgramData\CodecUpdate\ix_updater.exe <==== ATTENTION
Task: {D0B4881A-58B4-4FAA-AB3C-1C9F328CF1BA} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-08-18] (PC-Doctor, Inc.)
Task: {D25B5541-139A-46D1-A41C-54529A668CC3} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {E9A35101-1932-4BC7-9647-5AE779BCC361} - System32\Tasks\PCHelpers1st => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: {ED38A655-3466-43EC-9EF6-641B53A4617C} - System32\Tasks\CodecUpdaterUpdaterLogonTask => C:\ProgramData\CodecUpdate\ix_updater.exe <==== ATTENTION
Task: {EDDD7BD2-0CF7-4704-B209-1F1344EB6234} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-16] (Adobe Systems Incorporated)
Task: {F045A6E6-4D87-496A-8674-E526334A1413} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {F7917915-5179-4748-8926-5D398B66CB9F} - System32\Tasks\SafeZone scheduled Autoupdate 1466360567 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {FCF04EBF-4017-43F5-9A03-A2DED160299F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {FE8E9FF9-6D5F-4D61-9552-C8DEF1D2FBD4} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {FECBCDAD-AF72-453B-A7E8-958F0B3C9F91} - System32\Tasks\PCHelpers_period => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CodecUpdaterUpdaterLogonTask.job => C:\ProgramData\CodecUpdate\ix_updater.exe@/schedule /profilepath C:\ProgramData\CodecUpdate\profile.ini <==== ATTENTION
Task: C:\Windows\Tasks\CodecUpdaterUpdaterRefreshTask.job => C:\ProgramData\CodecUpdate\ix_updater.exe6/profilepath C:\ProgramData\CodecUpdate\profile.ini <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCHelpers1st.job => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: C:\Windows\Tasks\PCHelpers_period.job => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: C:\Windows\Tasks\PerfMonitor_strtp.job => C:\Program Files\Optimizer Elite Max\PerformanceMonitor.exe <==== ATTENTION
Task: C:\Windows\Tasks\User_Feed_Synchronization-{AC4E15DC-E56F-4AF0-8146-FC7692F56C37}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\C&T Muhammad\Desktop\DESKTOP ITEMS\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=solimbav&subid=desktop&campid=vbi (No File)
Shortcut: C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=solimbav&subid=program&campid=vbi (No File)
Shortcut: C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com (No File)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-04-13 11:30 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-13 11:30 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [131]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\.DEFAULT\Software\Classes\.exe: exefile =>  <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\e-tmm.com -> hxxp://h36.e-tmm.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 03:23 - 2016-07-08 23:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^C&T Muhammad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^C&T Muhammad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: ECenter => C:\Dell\E-Center\EULALauncher.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
Could not list restore points
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/08/2016 11:15:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/08/2016 11:15:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/08/2016 11:15:15 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (07/08/2016 11:14:01 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
 
 
System errors:
=============
Error: (07/09/2016 12:43:49 AM) (Source: Dhcp) (EventID: 1001) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00234E246914.  The following error occurred: 
%%121 = The semaphore timeout period has expired.
. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
 
Error: (07/09/2016 12:37:41 AM) (Source: Dhcp) (EventID: 1001) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00234E246914.  The following error occurred: 
%%121 = The semaphore timeout period has expired.
. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
 
Error: (07/08/2016 11:15:18 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
 
Error: (07/08/2016 11:15:15 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (07/08/2016 11:15:08 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (07/08/2016 11:14:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Windows\System32\bcmihvsrv.dll21
 
Error: (07/08/2016 11:12:31 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%834
 
Error Code: 0x8007043c
 
Error description: This service cannot be started in Safe Mode 
 
Reason: %%858
 
Error: (07/08/2016 11:11:08 PM) (Source: Dhcp) (EventID: 1001) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00234E246914.  The following error occurred: 
%%1223 = The operation was canceled by the user.
. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
 
 
CodeIntegrity:
===================================
  Date: 2016-07-09 10:18:44.838
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-09 10:18:44.448
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-09 10:18:44.058
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-09 10:18:43.652
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T5850 @ 2.16GHz
Percentage of memory in use: 26%
Total physical RAM: 3062.45 MB
Available physical RAM: 2245.99 MB
Total Virtual: 6327.14 MB
Available Virtual: 5720.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:217.83 GB) (Free:89.61 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.85 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 30000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=217.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#13
RKinner
Posted 09 July 2016 - 04:05 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

You had a nasty zero access infection.  The fixlist seems to have taken care of it but I want to run one more to clean up some junk.

 

 
Download the attached fixlist.txt to the same location as FRST
 
[attachment=81836:fixlist.txt]
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 
Since you have Avast let's let it run boot-time scan and see if it finds anything we missed:  It takes like 6 hours so I usually let it run at night.
 
 
Open Avast, Scan, Scan for Viruses, Change the Quick Scan (in the box in the center of the page) to Boot-time Scan.  Then at the bottom of the page click on Scan Settings.
 
Make sure both boxes are checked and click on the gray box to the right of the orange ones.  It should turn orange.  Change where it says "Fix Automatically" to "Move to
Chest."  OK.  Now click on Start and then close Avast.  Mute your speakers so it doesn't wake you up when Windows boots.
 
When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:
 
 
Copy and paste the text from the log to a Reply when done.
 

  • 0

#14
novicecomputergirl
Posted 10 July 2016 - 08:41 PM

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Please see new FRST scan logs (fixlist3 and additiontxt)

CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{035FBE31-3755-450A-
 
A775-5E6BBD43D344}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.135\psuser.dll 
 
=> No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-
 
96FB-C20E53081908}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.99\psuser.dll => 
 
No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{0F22A205-CFB0-4679-
 
8499-A6F44A80A208}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.25.5\psuser.dll => 
 
No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621
 
-8B1A9D49B448}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No 
 
File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{218D2740-5A50-42A8-
 
AB9F-62FF1B168782}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.69\psuser.dll => 
 
No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{320F0FDB-BE0A-4648-
 
9D18-4A2C3448C007}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.79\psuser.dll => 
 
No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{355EC88A-02E2-4547-
 
9DEE-F87426484BD1}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.23.9\psuser.dll => 
 
No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-
 
BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.1\psuser.dll => 
 
No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{62A0D750-DED9-448C-
 
B693-406B34BB0892}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.145\psuser.dll => 
 
No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{634059C0-D264-4B2C-
 
AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.123\psuser.dll => 
 
No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{78550997-5DEF-4A8A-
 
BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.13\psuser.dll => 
 
No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{793EE463-1304-471C-
 
ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.29.5\psuser.dll => 
 
No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{84B5A313-CD5D-4904-
 
8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Citrix\GoToMeeting\3880
 
\G2MOutlookAddin.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-
 
8899-F332194690F8}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.24.15\psuser.dll => 
 
No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{91EFB276-CEFE-48EC-
 
BB3A-57795A7B4008}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.149\psuser.dll 
 
=> No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{A45426FB-E444-42B2-
 
AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.22.3\psuser.dll => 
 
No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{A54D478D-4F70-4F72-
 
9A74-17C9986E35AB}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.165\psuser.dll => 
 
No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-
 
AFDD-41373F017C9A}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.26.9\psuser.dll => 
 
No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-
 
AE49-91990AE10998}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.115\psuser.dll => 
 
No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{CC182BE1-84CE-4A57-
 
B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.29.2\psuser.dll => 
 
No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D0336C0B-7919-4C04-
 
8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.25.11\psuser.dll => 
 
No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D166BD15-03AF-413A-
 
BEFD-0679FF410B49}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll 
 
=> No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-
 
906A-614ECF66DDAF}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.15\psuser.dll => 
 
No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{DB25D157-76D4-41C1-
 
97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.65\psuser.dll => 
 
No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-
 
9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.22.5\psuser.dll => 
 
No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB994D36-B312-46CE-
 
A40B-CF63980641F9}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.111\psuser.dll => 
 
No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-
 
AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.24.7\psuser.dll => 
 
No File
Task: {1BA77315-56E6-4B66-BB78-1A8BA64A8CDA} - System32\Tasks\PCSpeedCleanPRO_Start => C:\Program Files\PC 
 
Speed Clean PRO\PCSpeedCleanPRO.exe
Task: {1F46C5D4-F14B-4DA3-9E68-5EA9C5A46168} - \Funmoods -> No File <==== ATTENTION
Task: {2BDFC3BF-59C4-4B71-AC97-0B1CB6940632} - System32\Tasks\{9D9E481C-AF45-4DAF-BA6D-
 
4D8D6FBCC887} => pcalua.exe -a "C:\Users\C&amp;T Muhammad\AppData\Local\Temp\Reinstal\media_player_setup
 
[1].exe" -d C:\Users\C&amp;TMUH~1\AppData\Local\Temp\Reinstal\ -c /RR 
 
/DIR:0Czx1Y0P1C1F1N1C1T1HtT0F1L1I1P1B1Y0M1P1Q1L1TtT0P1I1T2U1P1C1Y /BNDL:BBN_13054 /EB
Task: {720E7400-BAA3-4675-959D-37A9DC5D9E39} - System32\Tasks\PCSpeedCleanPRO_Popup => C:\Program 
 
Files\PC Speed Clean PRO\Splash.exe
Task: {729B3C78-77C6-4DDE-ADB0-95525A7F9E12} - \AmiUpdXp -> No File <==== ATTENTION
Task: {862BCDAE-47C9-4040-9E00-A85D0EA30C79} - System32\Tasks\PerfMonitor_strtp => C:\Program 
 
Files\Optimizer Elite Max\PerformanceMonitor.exe <==== ATTENTION
Task: {A895A013-451F-4045-AC73-5E52387D88C7} - \DriverUpdate Startup -> No File <==== ATTENTION
Task: {CD960298-1365-4A56-A3CC-07C610A84C4A} - System32\Tasks\CodecUpdaterUpdaterRefreshTask => 
 
C:\ProgramData\CodecUpdate\ix_updater.exe <==== ATTENTION
Task: {D25B5541-139A-46D1-A41C-54529A668CC3} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC 
 
Backup\Signup Wizard.exe <==== ATTENTION
Task: {E9A35101-1932-4BC7-9647-5AE779BCC361} - System32\Tasks\PCHelpers1st => C:\Program Files\Optimizer Elite 
 
Max\Optimizer Elite Max.exe <==== ATTENTION
Task: {ED38A655-3466-43EC-9EF6-641B53A4617C} - System32\Tasks\CodecUpdaterUpdaterLogonTask => 
 
C:\ProgramData\CodecUpdate\ix_updater.exe <==== ATTENTION
Task: {FECBCDAD-AF72-453B-A7E8-958F0B3C9F91} - System32\Tasks\PCHelpers_period => C:\Program Files\Optimizer 
 
Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32
 
\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CodecUpdaterUpdaterLogonTask.job => C:\ProgramData\CodecUpdate\ix_updater.exe@/schedule 
 
/profilepath C:\ProgramData\CodecUpdate\profile.ini <==== ATTENTION
Task: C:\Windows\Tasks\CodecUpdaterUpdaterRefreshTask.job => 
 
C:\ProgramData\CodecUpdate\ix_updater.exe6/profilepath C:\ProgramData\CodecUpdate\profile.ini <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job => 
 
C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job => 
 
C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job => 
 
C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job => 
 
C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCHelpers1st.job => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== 
 
ATTENTION
Task: C:\Windows\Tasks\PCHelpers_period.job => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== 
 
ATTENTION
Task: C:\Windows\Tasks\PerfMonitor_strtp.job => C:\Program Files\Optimizer Elite Max\PerformanceMonitor.exe <==== 
 
ATTENTION
Task: C:\Windows\Tasks\User_Feed_Synchronization-{AC4E15DC-E56F-4AF0-8146-FC7692F56C37}.job => 
 
C:\Windows\system32\msfeedssync.exe
Shortcut: C:\Users\C&T Muhammad\Desktop\DESKTOP ITEMS\Create Amazing Presentations.lnk -> 
 
hxxp://www.emaze.com/lp/lp.php?affid=solimbav&subid=desktop&campid=vbi (No File)
Shortcut: C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing 
 
Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=solimbav&subid=program&campid=vbi (No File)
Shortcut: C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on 
 
MSN\target.lnk -> hxxp://www.msnusers.com (No File)
HKU\.DEFAULT\Software\Classes\.exe: exefile =>  <===== ATTENTION 
CMD: sc config winmgmt start= disabled 
CMD: net stop winmgmt
CMD: Ren \windows\System32\wbem\repository repository.old.
CMD: sc config winmgmt start= auto
CMD: net start winmgmt
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"

  • 0

#15
novicecomputergirl
Posted 10 July 2016 - 08:42 PM

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-07-2016 01
Ran by C&T Muhammad (2016-07-10 19:37:44)
Running from C:\Users\C&T Muhammad\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X86) (2008-11-05 17:52:58)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2243051797-3227929194-3452157988-500 - Administrator - Disabled)
C&T Muhammad (S-1-5-21-2243051797-3227929194-3452157988-1000 - Administrator - Enabled) => C:\Users\C&T Muhammad
Guest (S-1-5-21-2243051797-3227929194-3452157988-501 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software)
BlackBerry 10 Desktop Software (Blend, Link, Drivers) (HKLM\...\{c33e77db-89b5-4abf-a1d1-97f8b35347e1}) (Version: 1.2.0.52 - BlackBerry)
BlackBerry Communication Drivers (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Device Drivers (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Link (Version: 1.2.4.39 - BlackBerry) Hidden
BlackBerry Link Remover (Version: 1.2.4.0 - BlackBerry Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version:  - )
Canon MP240 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series) (Version:  - )
Canon MP240 series User Registration (HKLM\...\Canon MP240 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Cisco EAP-FAST Module (HKLM\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CouponBridge (HKLM\...\{434F6E75-E8E7-46FA-9037-1D46FAC61ED1}) (Version: 1.0.5 - CouponFactory, LLC) <==== ATTENTION
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Driver Download Manager (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
DriverUpdate (HKLM\...\{97C97FAC-9153-409E-A9C8-A19AFABE7547}) (Version: 2.2.38275 - SlimWare Utilities, Inc.)
Dropbox (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Dropbox) (Version: 5.4.24 - Dropbox, Inc.)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
Fuze Meeting (HKLM\...\{88F800EE-C2E3-49F1-9A61-DB1EE6DD4245}) (Version: 14.1.3326 - Fuze Box, Inc.)
Fuze Web Installer (HKLM\...\{114c4a6b-dd6c-47d9-9639-de36f18ea7e4}) (Version: 14.12.22716.0 - FuzeBox)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
Graboid Video (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Graboid Video 5.2.1.0) (Version: 5.2.1.0 - Graboid Inc.)
Graboid Video (Version: 5.2.1.0 - Graboid Inc.) Hidden
Graboid Video 3.21 (HKLM\...\Graboid Video) (Version: 3.21 - Graboid Inc.)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
LeapFrog LeapReader Plugin (Version: 5.2.1.18456 - LeapFrog) Hidden
LeapFrog LeapReader Plugin (Version: 5.2.4.18512 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaButtons 4.0.0.19 (HKLM\...\{148DB7A0-BCA6-47DF-A715-DD01F9266478}) (Version: 4.0.0.19 - )
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 6.0 (x86 en-US) (HKLM\...\Mozilla Firefox 6.0 (x86 en-US)) (Version: 6.0 - Mozilla)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PictureMover (HKLM\...\{8E9D71EC-A34B-4af8-A320-34891813DE34}) (Version: 3.4.1.15 - Hewlett-Packard Company)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Spotify) (Version: 1.0.24.104.g92a22684 - Spotify AB)
StartMeeting (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\StartMeeting) (Version: 1.4.7954.1001 - Start Meeting LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.5.1f5_24931 - Unity Technologies ApS)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapReader Plugin) (HKLM\...\LeapReaderPlugin) (Version:  - LeapFrog)
Video Player (HKLM\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Zoodles (HKLM\...\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1) (Version: 3.0.5 - Inquisitive Minds, Inc)
Zoodles (Version: 3.0.5 - Inquisitive Minds, Inc) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{4787082E-1BB0-4790-8346-4BA408818450}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\FuzeMeetingIEplugin.dll (Callwave Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Citrix\GoToMeeting\3880\G2MOutlookAddin.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.29.2\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{CFF3F401-4DA6-48be-9F16-6066CFA9374C}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\FuzeMeetingIEplugin.dll (Callwave Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1285BC55-FC9B-4B0D-813C-92F5ED1A960C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1BA77315-56E6-4B66-BB78-1A8BA64A8CDA} - System32\Tasks\PCSpeedCleanPRO_Start => C:\Program Files\PC Speed Clean PRO\PCSpeedCleanPRO.exe
Task: {1F46C5D4-F14B-4DA3-9E68-5EA9C5A46168} - \Funmoods -> No File <==== ATTENTION
Task: {2BDFC3BF-59C4-4B71-AC97-0B1CB6940632} - System32\Tasks\{9D9E481C-AF45-4DAF-BA6D-4D8D6FBCC887} => pcalua.exe -a "C:\Users\C&amp;T Muhammad\AppData\Local\Temp\Reinstal\media_player_setup[1].exe" -d C:\Users\C&amp;TMUH~1\AppData\Local\Temp\Reinstal\ -c /RR /DIR:0Czx1Y0P1C1F1N1C1T1HtT0F1L1I1P1B1Y0M1P1Q1L1TtT0P1I1T2U1P1C1Y /BNDL:BBN_13054 /EB
Task: {3786CD0D-2CF1-442C-83E8-53A57C9B8B27} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-19] (AVAST Software)
Task: {4803D706-EACD-4839-88C6-8E13BCB31F27} - System32\Tasks\avastBCLRestartS-1-5-21-2243051797-3227929194-3452157988-1000 => Chrome.exe 
Task: {49ABE083-581E-4BDF-BA2E-2C5BD0B3C310} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-03-26] (Siber Systems)
Task: {53A1E83C-B5F0-4410-B13B-1D80D8492BC4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {6584C4B6-D36A-4A37-8173-8AF5CC063D91} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {71BCC9A9-62F2-42BB-8707-3DA4B47598D5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {720E7400-BAA3-4675-959D-37A9DC5D9E39} - System32\Tasks\PCSpeedCleanPRO_Popup => C:\Program Files\PC Speed Clean PRO\Splash.exe
Task: {729B3C78-77C6-4DDE-ADB0-95525A7F9E12} - \AmiUpdXp -> No File <==== ATTENTION
Task: {72FB8449-A6CD-41B4-B673-530748814F87} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {85B89FE3-04B9-4C21-A094-ACC411BBC4FA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {862BCDAE-47C9-4040-9E00-A85D0EA30C79} - System32\Tasks\PerfMonitor_strtp => C:\Program Files\Optimizer Elite Max\PerformanceMonitor.exe <==== ATTENTION
Task: {A7E57A72-2C5F-4BCA-A41E-948E84E23570} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {A85DAAF7-1586-4856-BF12-17861B4B56D8} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {A895A013-451F-4045-AC73-5E52387D88C7} - \DriverUpdate Startup -> No File <==== ATTENTION
Task: {B2763B78-064A-4324-BF9F-D4BE2B7BC1AE} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B2A7718C-31BE-4147-8793-7A0BC1A1DC13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {C9254798-23AA-4387-BD4B-9E52632F1574} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CD960298-1365-4A56-A3CC-07C610A84C4A} - System32\Tasks\CodecUpdaterUpdaterRefreshTask => C:\ProgramData\CodecUpdate\ix_updater.exe <==== ATTENTION
Task: {D0B4881A-58B4-4FAA-AB3C-1C9F328CF1BA} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-08-18] (PC-Doctor, Inc.)
Task: {D25B5541-139A-46D1-A41C-54529A668CC3} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {E9A35101-1932-4BC7-9647-5AE779BCC361} - System32\Tasks\PCHelpers1st => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: {ED38A655-3466-43EC-9EF6-641B53A4617C} - System32\Tasks\CodecUpdaterUpdaterLogonTask => C:\ProgramData\CodecUpdate\ix_updater.exe <==== ATTENTION
Task: {EDDD7BD2-0CF7-4704-B209-1F1344EB6234} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-16] (Adobe Systems Incorporated)
Task: {F045A6E6-4D87-496A-8674-E526334A1413} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {F7917915-5179-4748-8926-5D398B66CB9F} - System32\Tasks\SafeZone scheduled Autoupdate 1466360567 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {FCF04EBF-4017-43F5-9A03-A2DED160299F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {FE8E9FF9-6D5F-4D61-9552-C8DEF1D2FBD4} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {FECBCDAD-AF72-453B-A7E8-958F0B3C9F91} - System32\Tasks\PCHelpers_period => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CodecUpdaterUpdaterLogonTask.job => C:\ProgramData\CodecUpdate\ix_updater.exe@/schedule /profilepath C:\ProgramData\CodecUpdate\profile.ini <==== ATTENTION
Task: C:\Windows\Tasks\CodecUpdaterUpdaterRefreshTask.job => C:\ProgramData\CodecUpdate\ix_updater.exe6/profilepath C:\ProgramData\CodecUpdate\profile.ini <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCHelpers1st.job => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: C:\Windows\Tasks\PCHelpers_period.job => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: C:\Windows\Tasks\PerfMonitor_strtp.job => C:\Program Files\Optimizer Elite Max\PerformanceMonitor.exe <==== ATTENTION
Task: C:\Windows\Tasks\User_Feed_Synchronization-{AC4E15DC-E56F-4AF0-8146-FC7692F56C37}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\C&T Muhammad\Desktop\DESKTOP ITEMS\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=solimbav&subid=desktop&campid=vbi (No File)
Shortcut: C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=solimbav&subid=program&campid=vbi (No File)
Shortcut: C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com (No File)
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [131]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\.DEFAULT\Software\Classes\.exe: exefile =>  <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\e-tmm.com -> hxxp://h36.e-tmm.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 03:23 - 2016-07-08 23:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^C&T Muhammad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^C&T Muhammad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: ECenter => C:\Dell\E-Center\EULALauncher.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
Could not list restore points
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/10/2016 08:35:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/10/2016 08:35:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/10/2016 08:34:58 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (07/10/2016 08:05:19 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
 
Error: (07/08/2016 11:15:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/08/2016 11:15:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/08/2016 11:15:15 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (07/08/2016 11:14:01 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
 
 
System errors:
=============
Error: (07/10/2016 08:35:03 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (07/10/2016 08:35:00 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
 
Error: (07/10/2016 08:34:58 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (07/10/2016 08:34:50 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (07/10/2016 08:16:26 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 0.0.0.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.9.0218.00
 
Source Path: 4.9.0218.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (07/10/2016 08:16:21 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 
 
Update Source: %NT AUTHORITY15
 
Update Stage: 4.9.0218.00
 
Source Path: 4.9.0218.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (07/10/2016 08:15:27 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.225.913.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.9.0218.00
 
Source Path: 4.9.0218.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (07/10/2016 08:15:27 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (07/10/2016 08:05:28 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Windows\System32\bcmihvsrv.dll21
 
Error: (07/10/2016 08:05:03 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%834
 
Error Code: 0x8007043c
 
Error description: This service cannot be started in Safe Mode 
 
Reason: %%858
 
 
CodeIntegrity:
===================================
  Date: 2016-07-10 19:37:05.304
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-10 19:37:04.914
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-10 19:37:04.524
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-10 19:37:04.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-09 10:18:44.838
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-09 10:18:44.448
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-09 10:18:44.058
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-09 10:18:43.652
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T5850 @ 2.16GHz
Percentage of memory in use: 29%
Total physical RAM: 3062.45 MB
Available physical RAM: 2171.98 MB
Total Virtual: 6325.16 MB
Available Virtual: 5650.11 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:217.83 GB) (Free:89.36 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.85 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 30000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=217.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Malware Removal

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP