Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

FRST.exe - needing help to run the process

Started by novicecomputergirl , Jun 27 2016 05:28 PM
Malware Removal

  • Please log in to reply

#31
RKinner
Posted 16 July 2016 - 08:48 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Error: (07/15/2016 09:55:17 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume RECOVERY.

 

 

Recovery is the D: drive so:

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. D:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You May receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check then reboot.  IF the disk check start automatically then no need to reboot.
 
 
Download the attached fixlist.txt to the same location as FRST
 
[attachment=81916:fixlist.txt]
 
Run FRST and press Fix
A fixlog.txt  will be generated please post that 
 
Run FRST again, check Addition.txt and then Scan.  Post both logs.
 
 
PS.  Heading back to Colorado tomorrow so expect delays.

  • 0

Advertisements

#32
novicecomputergirl
Posted 17 July 2016 - 08:35 AM

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Fix result of Farbar Recovery Scan Tool (x86) Version: 17-07-2016 02
Ran by C&T Muhammad (2016-07-17 06:24:36) Run:5
Running from C:\Users\C&T Muhammad\Desktop
Loaded Profiles: C&T Muhammad (Available Profiles: C&T Muhammad)
Boot Mode: Safe Mode (with Networking)
 
==============================================
 
fixlist content:
*****************
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
HKLM\...\Run: [BrowserPlugInHelper] => C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe
HKLM\...\Run: [MSC] => "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\MountPoints2: {3c91c9be-d30f-11e3-b065-0021703901a5} - F:\setup.exe -a
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\MountPoints2: {b3cccb3c-44fc-11e5-9abc-0021703901a5} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\start.exe
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\MountPoints2: {f9770cbb-84cd-11de-8a6a-0021703901a5} - H:\start.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-11-05]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-11-05]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll No File 
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll No File 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
URLSearchHook: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 - (No Name) - {238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} -  No File
URLSearchHook: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
SearchScopes: HKU\.DEFAULT -> DefaultScope {CF739809-1C6C-47C0-85B9-569DBB141420} URL = 
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> Backup.Old.DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={SearchTerms}&s_it=amonetizetest1-ie&tb_uuid=A348D76AC1BB458096F267DFB266A97A&tb_oid=24-07-2013&tb_mrud=24-07-2013
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={1FC92D32-0098-474D-81BF-9431C416E9C6}&mid=f8e11bf0b67b47d3a8f5d16836dde856-21abf109ef5bea8ce7654c8962254f79c0936920&lang=en&ds=ts018&coid=avgtbdists&cmpid=&pr=sa&d=2013-10-30 15:41:46&v=18.0.0.248&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = 
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: No Name -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> No File
Toolbar: HKLM - No Name - !{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} -  No File
Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.5.514 => not found
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S4 vToolbarUpdater18.1.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [1801752 2014-05-09] (AVG Secure Search)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 ATMFBUS; system32\DRIVERS\ATMFBUS.sys [X]
S3 ATMFCVsp; system32\DRIVERS\ATMFCVsp.sys [X]
S3 ATMFFLT; system32\DRIVERS\ATMFFLT.sys [X]
S3 ATMFMdm; system32\DRIVERS\ATMFMdm.sys [X]
S3 ATMFNET; system32\DRIVERS\ATMFNET.sys [X]
S3 ATMFNVsp; system32\DRIVERS\ATMFNVsp.sys [X]
S3 ATMFVsp; system32\DRIVERS\ATMFVsp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2016-07-13 15:00 - 2015-07-03 14:01 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-07-13 15:00 - 2015-07-03 12:21 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Citrix\GoToMeeting\3880\G2MOutlookAddin.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.29.2\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
Task: {1BA77315-56E6-4B66-BB78-1A8BA64A8CDA} - System32\Tasks\PCSpeedCleanPRO_Start => C:\Program Files\PC Speed Clean PRO\PCSpeedCleanPRO.exe
Task: {1F46C5D4-F14B-4DA3-9E68-5EA9C5A46168} - \Funmoods -> No File <==== ATTENTION
Task: {2BDFC3BF-59C4-4B71-AC97-0B1CB6940632} - System32\Tasks\{9D9E481C-AF45-4DAF-BA6D-4D8D6FBCC887} => pcalua.exe -a "C:\Users\C&amp;T Muhammad\AppData\Local\Temp\Reinstal\media_player_setup[1].exe" -d C:\Users\C&amp;TMUH~1\AppData\Local\Temp\Reinstal\ -c /RR /DIR:0Czx1Y0P1C1F1N1C1T1HtT0F1L1I1P1B1Y0M1P1Q1L1TtT0P1I1T2U1P1C1Y /BNDL:BBN_13054 /EB
Task: {720E7400-BAA3-4675-959D-37A9DC5D9E39} - System32\Tasks\PCSpeedCleanPRO_Popup => C:\Program Files\PC Speed Clean PRO\Splash.exe
Task: {729B3C78-77C6-4DDE-ADB0-95525A7F9E12} - no filepath
Task: {862BCDAE-47C9-4040-9E00-A85D0EA30C79} - no filepath
Task: {A895A013-451F-4045-AC73-5E52387D88C7} - \DriverUpdate Startup -> No File <==== ATTENTION
Task: {CD960298-1365-4A56-A3CC-07C610A84C4A} - no filepath
Task: {D25B5541-139A-46D1-A41C-54529A668CC3} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {E9A35101-1932-4BC7-9647-5AE779BCC361} - no filepath
Task: {ED38A655-3466-43EC-9EF6-641B53A4617C} - System32\Tasks\CodecUpdaterUpdaterLogonTask => C:\ProgramData\CodecUpdate\ix_updater.exe <==== ATTENTION
Task: {FECBCDAD-AF72-453B-A7E8-958F0B3C9F91} - no filepath
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CodecUpdaterUpdaterLogonTask.job => C:\ProgramData\CodecUpdate\ix_updater.exe@/schedule /profilepath C:\ProgramData\CodecUpdate\profile.ini <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{AC4E15DC-E56F-4AF0-8146-FC7692F56C37}.job => C:\Windows\system32\msfeedssync.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
EmptyTemp:
CMD: netsh winsock reset catalog 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
*****************
 
C:\Program Files\Microsoft Security Client\MsMpEng.exe
[832] C:\Program Files\Microsoft Security Client\MsMpEng.exe => process closed successfully.
C:\Program Files\Windows Media Player\wmpnscfg.exe
[1724] C:\Program Files\Windows Media Player\wmpnscfg.exe => process closed successfully.
C:\Windows\System32\wbem\unsecapp.exe
[1768] C:\Windows\System32\wbem\unsecapp.exe => process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BrowserPlugInHelper => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSC => value restored successfully
HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c91c9be-d30f-11e3-b065-0021703901a5}" => key removed successfully.
HKCR\CLSID\{3c91c9be-d30f-11e3-b065-0021703901a5} => key not found. 
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3cccb3c-44fc-11e5-9abc-0021703901a5}" => key removed successfully.
HKCR\CLSID\{b3cccb3c-44fc-11e5-9abc-0021703901a5} => key not found. 
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9770cbb-84cd-11de-8a6a-0021703901a5}" => key removed successfully.
HKCR\CLSID\{f9770cbb-84cd-11de-8a6a-0021703901a5} => key not found. 
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk => moved successfully
C:\Program Files\Dell\DellDock\DellDock.exe => not found.
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk => not found.
C:\Program Files\Dell\DellDock\DellDock.exe => not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007" => key removed successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011" => key removed successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} => value removed successfully.
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}" => key removed successfully.
HKCR\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => key not found. 
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}" => key removed successfully.
HKCR\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}" => key removed successfully.
HKCR\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} => value removed successfully.
HKCR\CLSID\!{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value removed successfully.
HKCR\CLSID\!{EF99BD32-C1FB-11D2-892F-0090271D4F88} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value removed successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} => value removed successfully.
HKCR\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => key removed successfully.
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKLM\Software\Mozilla\Firefox\Extensions\\avg@toolbar => value removed successfully.
C:\Program Files\mozilla firefox\defaults\pref\itms.js => moved successfully
MsMpSvc => Unable to stop service.
MsMpSvc => service removed successfully.
NisSrv => service removed successfully.
vToolbarUpdater18.1.5 => service removed successfully.
MpFilter => service removed successfully.
ATMFBUS => service removed successfully.
ATMFCVsp => service removed successfully.
ATMFFLT => service removed successfully.
ATMFMdm => service removed successfully.
ATMFNET => service removed successfully.
ATMFNVsp => service removed successfully.
ATMFVsp => service removed successfully.
IpInIp => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
"C:\Program Files\Microsoft Security Client" => Warning: FRST is scripted not to move this directory.
C:\Program Files\Malwarebytes Anti-Malware => moved successfully
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => key removed successfully.
"HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1BA77315-56E6-4B66-BB78-1A8BA64A8CDA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BA77315-56E6-4B66-BB78-1A8BA64A8CDA}" => key removed successfully.
C:\Windows\System32\Tasks\PCSpeedCleanPRO_Start => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCSpeedCleanPRO_Start" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F46C5D4-F14B-4DA3-9E68-5EA9C5A46168}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F46C5D4-F14B-4DA3-9E68-5EA9C5A46168}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BDFC3BF-59C4-4B71-AC97-0B1CB6940632}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BDFC3BF-59C4-4B71-AC97-0B1CB6940632}" => key removed successfully.
C:\Windows\System32\Tasks\{9D9E481C-AF45-4DAF-BA6D-4D8D6FBCC887} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9D9E481C-AF45-4DAF-BA6D-4D8D6FBCC887}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{720E7400-BAA3-4675-959D-37A9DC5D9E39}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{720E7400-BAA3-4675-959D-37A9DC5D9E39}" => key removed successfully.
C:\Windows\System32\Tasks\PCSpeedCleanPRO_Popup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCSpeedCleanPRO_Popup" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{729B3C78-77C6-4DDE-ADB0-95525A7F9E12}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{729B3C78-77C6-4DDE-ADB0-95525A7F9E12} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{862BCDAE-47C9-4040-9E00-A85D0EA30C79}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{862BCDAE-47C9-4040-9E00-A85D0EA30C79} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A895A013-451F-4045-AC73-5E52387D88C7}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A895A013-451F-4045-AC73-5E52387D88C7}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverUpdate Startup => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD960298-1365-4A56-A3CC-07C610A84C4A}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD960298-1365-4A56-A3CC-07C610A84C4A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D25B5541-139A-46D1-A41C-54529A668CC3}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D25B5541-139A-46D1-A41C-54529A668CC3}" => key removed successfully.
C:\Windows\System32\Tasks\LaunchSignup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9A35101-1932-4BC7-9647-5AE779BCC361}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9A35101-1932-4BC7-9647-5AE779BCC361} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED38A655-3466-43EC-9EF6-641B53A4617C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED38A655-3466-43EC-9EF6-641B53A4617C}" => key removed successfully.
C:\Windows\System32\Tasks\CodecUpdaterUpdaterLogonTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CodecUpdaterUpdaterLogonTask" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FECBCDAD-AF72-453B-A7E8-958F0B3C9F91}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FECBCDAD-AF72-453B-A7E8-958F0B3C9F91} => key not found. 
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\Windows\Tasks\CodecUpdaterUpdaterLogonTask.job => moved successfully
C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job => moved successfully
C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job => moved successfully
C:\Windows\Tasks\User_Feed_Synchronization-{AC4E15DC-E56F-4AF0-8146-FC7692F56C37}.job => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-TCP-x86 => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-UDP-x86 => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-In-UDP-x86 => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-TCP-NoScope-x86 => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-UDP-NoScope-x86 => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-In-UDP-NoScope-x86 => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMP-Out-TCP-x86 => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMP-Out-UDP-x86 => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMP-In-UDP-x86 => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7B0956BD-F3D2-483D-B46D-8A8571258DC6} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E72885C9-C635-4DBF-9775-C607C77F0F91} => value removed successfully.
 
========= netsh winsock reset catalog =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End ofCMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15834943 B
Java, Flash, Steam htmlcache => 379 B
Windows/system/drivers => 417379 B
Edge => 0 B
Chrome => 420478672 B
Firefox => 1476883 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 692 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
LocalService => 66228 B
NetworkService => 28680 B
C&T Muhammad => 21216172 B
 
RecycleBin => 476001 B
EmptyTemp: => 438.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 06:28:55 ====

  • 0

#33
novicecomputergirl
Posted 17 July 2016 - 08:35 AM

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2016 02
Ran by C&T Muhammad (administrator) on OFFICE-PC (17-07-2016 06:40:51)
Running from C:\Users\C&T Muhammad\Desktop
Loaded Profiles: C&T Muhammad (Available Profiles: C&T Muhammad)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6246400 2008-08-26] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2008-07-03] (Dell Inc.)
HKLM\...\Run: [DellOSD] => C:\Windows\System32\MediaButtons.exe [2166784 2008-05-08] ()
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-04-12] (RealNetworks, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM\...\Run: [RIM PeerManager] => C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4730616 2015-05-26] (BlackBerry Limited)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-07-14] (AVAST Software)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Google Update] => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Dropbox Update] => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-23] (Dropbox, Inc.)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Spotify Web Helper] => C:\Users\C&T Muhammad\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-05-19] (Spotify Ltd)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Spotify] => C:\Users\C&T Muhammad\AppData\Roaming\Spotify\Spotify.exe [6754928 2016-05-19] (Spotify Ltd)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssBranded.scr [8139264 2008-01-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-07-14] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{28AE79C2-D1A0-4CB7-9A73-B3B4F663F01D}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{A2D144FB-D371-4306-8E0E-6A9708623BAD}: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q={searchTerms}&crm=1
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {C603FAF6-5718-4F44-840A-EC8BA0159093} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {E5020A0D-E981-4474-B2BE-19D4FB675838} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-19] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-14] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-19] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-28] (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.5\ViProtocol.dll [2014-05-09] (AVG Secure Search)
 
FireFox:
========
FF ProfilePath: C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763
FF DefaultSearchEngine: Bing 
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-us
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.5\\npsitesafety.dll [No File]
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-04-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-04-12] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-05-22] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @unity3d.com/UnityPlayer -> C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll [2011-06-29] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @citrixonline.com/appdetectorplugin -> C:\Users\C&T Muhammad\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-12-07] (Citrix Online)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @fuzebox.com/Fuze Meeting NPAPI Plugin,version=1.0.0.1 -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll [2014-01-03] ( )
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @startmeeting.com/launcher -> C:\Users\C&T Muhammad\AppData\Local\SMPlugins\npsmlauncher.dll [2015-05-21] (Start Meeting)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @talk.google.com/O1DPlugin -> C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @tools.google.com/Google Update;version=3 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @tools.google.com/Google Update;version=9 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF user.js: detected! => C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763\user.js [2014-02-09]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-04-12] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-04-12] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\C&T Muhammad\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\C&T Muhammad\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763\searchplugins\bingp.xml [2015-09-30]
FF Extension: Adblock Plus - C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-24] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-15]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-15]
 
Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-14]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AERTFilters; C:\Windows\system32\AERTSrv.exe [73728 2008-08-26] (Andrea Electronics Corporation)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-14] (AVAST Software)
S3 BlackBerry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 RIM MDNS; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-05-26] (Apple Inc.)
S2 RIM Tunnel Service; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1355000 2015-05-26] (BlackBerry Limited)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-07-03] (Dell Inc.) [File not signed]
S2 MBAMScheduler; "C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-07-14] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-07-14] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91680 2016-07-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-07-14] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-07-14] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-07-14] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [438296 2016-07-14] (AVAST Software)
S3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-07-14] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-07-14] (AVAST Software)
S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [222056 2016-07-14] (AVAST Software)
S4 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-05-09] (AVG Technologies)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-07-03] (Broadcom Corporation)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-03-02] (Avanquest Software) [File not signed]
R3 DLXPDisplayName; C:\Windows\System32\DRIVERS\DLACPI.sys [14392 2008-04-16] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-07-17] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [69120 2015-01-14] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6.sys [14848 2015-05-26] (BlackBerry Limited)
S2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-05-08] (Windows ® Codename Longhorn DDK provider)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-02-18] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-17 06:40 - 2016-07-17 06:41 - 00022234 _____ C:\Users\C&T Muhammad\Desktop\FRST.txt
2016-07-17 06:24 - 2016-07-17 06:28 - 00036518 _____ C:\Users\C&T Muhammad\Desktop\Fixlog.txt
2016-07-17 06:23 - 2016-07-17 06:23 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\FRST-OlderVersion
2016-07-16 10:15 - 2016-07-16 10:15 - 00015360 _____ C:\Users\C&T Muhammad\Desktop\2016_2017 Grade Book MUI Homeschool.xls
2016-07-15 23:18 - 2016-07-15 23:18 - 00000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone 1 Browser.lnk
2016-07-15 23:16 - 2016-07-14 04:40 - 00319248 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-07-15 22:14 - 2016-07-15 23:18 - 00000000 _____ C:\Windows\system32\last.dump
2016-07-15 21:41 - 2016-07-17 06:23 - 01741824 _____ (Farbar) C:\Users\C&T Muhammad\Desktop\FRST.exe
2016-07-15 19:05 - 2016-07-15 19:05 - 00000207 _____ C:\Windows\tweaking.com-regbackup-OFFICE-PC-Windows-Vista-™-Home-Premium-(32-bit).dat
2016-07-15 19:05 - 2016-07-15 19:05 - 00000000 ____D C:\RegBackup
2016-07-15 19:03 - 2016-07-15 19:03 - 00005480 _____ C:\Users\C&T Muhammad\Desktop\Tweaking.com - Windows Repair - Pre-Scan.txt
2016-07-15 16:04 - 2016-07-15 16:04 - 00001914 _____ C:\Users\C&T Muhammad\Desktop\Tweaking.com - Windows Repair.lnk
2016-07-15 16:04 - 2016-07-15 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-07-15 16:03 - 2016-07-15 16:03 - 00000000 ____D C:\Program Files\Tweaking.com
2016-07-15 15:59 - 2016-07-15 16:05 - 00181338 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2016-07-15 15:37 - 2016-07-15 15:50 - 28923184 _____ (Tweaking.com) C:\Users\C&T Muhammad\Desktop\tweaking.com_windows_repair_aio_setup.exe
2016-07-14 10:05 - 2016-07-14 10:05 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-07-14 04:41 - 2016-07-14 04:41 - 00354152 _____ C:\unp305310122863377426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00353611 _____ C:\unp305310122852613426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00353159 _____ C:\unp305310122858541426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00352585 _____ C:\unp305310122857449426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00352013 _____ C:\unp305310122859789426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00350944 _____ C:\unp305310122856357426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00350847 _____ C:\unp305310122855265426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00350109 _____ C:\unp305310122854173426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00349768 _____ C:\unp305310122861973426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00349747 _____ C:\unp305310122860881426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00348888 _____ C:\unp305310122851365426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00346785 _____ C:\unp305310122808465426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00345205 _____ C:\unp305310122807373426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00343530 _____ C:\unp305310122805969426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00338254 _____ C:\unp305310123090357426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00335252 _____ C:\unp305310122636085426.mdmp
2016-07-14 04:40 - 2016-07-14 04:40 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2016-07-14 04:40 - 2016-07-14 04:40 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-07-11 12:47 - 2016-07-11 12:47 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\AVAST Software
2016-07-10 21:40 - 2016-07-10 21:40 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\AVG
2016-07-10 21:36 - 2016-07-10 21:39 - 00000000 ____D C:\ProgramData\Avg
2016-07-10 21:35 - 2016-07-10 21:40 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\Avg
2016-07-10 21:35 - 2016-07-10 21:37 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\AvgSetupLog
2016-07-10 20:30 - 2016-07-11 14:08 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\AvastSupport
2016-06-26 21:30 - 2016-07-17 06:40 - 00000000 ____D C:\FRST
2016-06-26 14:47 - 2016-06-26 12:07 - 54935552 _____ C:\Windows\system32\config\SOFTWARE.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 43511808 _____ C:\Windows\system32\config\COMPONENTS.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 30867456 _____ C:\Windows\system32\config\SYSTEM.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 01515520 _____ C:\Windows\system32\config\DEFAULT.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 00057344 _____ C:\Windows\system32\config\SAM.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 00028672 _____ C:\Windows\system32\config\SECURITY.OLD
2016-06-26 14:33 - 2016-06-26 14:33 - 00000000 ____D C:\Windows\system32\config\cackup
2016-06-26 14:33 - 2016-06-26 14:33 - 00000000 ____D C:\Windows\system32\config\backup
2016-06-21 10:16 - 2016-06-21 10:16 - 00297020 _____ C:\Users\C&T Muhammad\Downloads\Entering 4th Grade Summer Math Packet (2).pdf
2016-06-21 10:15 - 2016-06-21 10:16 - 00297020 _____ C:\Users\C&T Muhammad\Downloads\Entering 4th Grade Summer Math Packet.pdf
2016-06-20 04:57 - 2016-06-20 04:57 - 00235686 _____ C:\Users\C&T Muhammad\Downloads\VS111.pdf
2016-06-20 04:57 - 2016-06-20 04:57 - 00235686 _____ C:\Users\C&T Muhammad\Downloads\1 App for Birth Record VS111.pdf
2016-06-19 11:24 - 2016-07-14 07:30 - 00000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-19 11:24 - 2016-06-19 11:24 - 00000814 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-06-19 11:19 - 2016-07-14 04:40 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-06-19 11:14 - 2016-07-15 23:18 - 00001747 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-06-19 11:14 - 2016-07-13 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-06-19 11:12 - 2016-07-14 07:58 - 00438296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-06-19 11:12 - 2016-07-14 04:40 - 00816304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-19 11:12 - 2016-07-14 04:40 - 00222056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-19 11:12 - 2016-07-14 04:40 - 00184592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-06-19 11:12 - 2016-07-14 04:40 - 00091680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-19 11:12 - 2016-07-14 04:40 - 00066688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-06-19 11:12 - 2016-07-14 04:40 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-06-19 11:12 - 2016-07-14 04:40 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-19 11:12 - 2016-07-14 04:40 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-19 11:05 - 2016-06-19 11:06 - 05066104 _____ (AVAST Software) C:\Users\C&T Muhammad\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2016-06-19 10:32 - 2016-06-19 10:32 - 00000000 ____D C:\ProgramData\dbg
2016-06-19 09:48 - 2016-07-13 14:59 - 00000000 ____D C:\Program Files\Common Files\Java
2016-06-18 18:35 - 2016-06-18 18:35 - 02535247 _____ C:\Users\C&T Muhammad\Downloads\NoDocument (1).pdf
2016-06-18 12:44 - 2016-06-18 12:44 - 225955043 _____ C:\Windows\MEMORY.DMP
2016-06-18 12:44 - 2016-06-18 12:44 - 00147560 _____ C:\Windows\Minidump\Mini061816-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-17 06:35 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\inf
2016-07-17 06:35 - 2006-11-02 03:33 - 00748812 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-17 06:30 - 2011-04-09 21:29 - 00833736 _____ C:\Windows\ntbtlog.txt
2016-07-17 06:30 - 2006-11-02 05:47 - 00349648 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-17 06:24 - 2006-11-02 04:18 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-07-17 06:03 - 2006-11-02 06:01 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-17 06:03 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-17 06:03 - 2006-11-02 05:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-17 06:03 - 2006-11-02 05:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-17 06:02 - 2016-05-19 09:07 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\Spotify
2016-07-17 02:48 - 2015-07-03 12:21 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-17 02:29 - 2014-01-11 14:41 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Spotify
2016-07-16 07:43 - 2016-05-10 11:26 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Lexi Picture Folder
2016-07-16 07:42 - 2009-01-19 21:11 - 00088728 _____ C:\Users\C&T Muhammad\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-16 06:56 - 2006-11-02 05:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-07-15 22:07 - 2014-02-27 05:56 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-07-15 22:07 - 2013-03-28 13:34 - 00000258 __RSH C:\Users\C&T Muhammad\ntuser.pol
2016-07-15 22:07 - 2009-01-19 21:11 - 00000000 ____D C:\Users\C&T Muhammad
2016-07-15 21:38 - 2011-02-10 08:28 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\DESKTOP ITEMS
2016-07-15 16:12 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\SchCache
2016-07-14 12:24 - 2015-09-23 18:42 - 00001945 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-14 12:24 - 2015-09-23 18:42 - 00001933 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-14 10:02 - 2014-07-18 03:18 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Dropbox
2016-07-14 09:04 - 2013-11-16 04:05 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-07-14 09:04 - 2013-11-16 04:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-07-14 08:04 - 2008-11-05 17:03 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-13 15:03 - 2006-11-02 03:22 - 54935552 _____ C:\Windows\system32\config\software_previous
2016-07-13 15:00 - 2015-11-08 08:45 - 00000000 ____D C:\Program Files\Bonjour
2016-07-13 15:00 - 2015-07-03 14:01 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-07-13 15:00 - 2013-10-30 15:28 - 00000000 ____D C:\ProgramData\MFAData
2016-07-13 15:00 - 2010-06-04 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-13 15:00 - 2009-11-28 09:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-13 15:00 - 2006-11-02 05:37 - 00000000 ____D C:\Windows\ShellNew
2016-07-13 15:00 - 2006-11-02 05:37 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-13 15:00 - 2006-11-02 04:18 - 00000000 __RSD C:\Windows\Media
2016-07-13 15:00 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\spool
2016-07-13 15:00 - 2006-11-02 04:18 - 00000000 ____D C:\Program Files\Common Files\System
2016-07-13 15:00 - 2006-11-02 04:18 - 00000000 ____D C:\Program Files\Common Files\Services
2016-07-13 15:00 - 2006-11-02 03:22 - 30932992 _____ C:\Windows\system32\config\system_previous
2016-07-13 14:59 - 2016-03-31 15:10 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Research In Motion
2016-07-13 14:59 - 2016-03-28 22:58 - 00000000 ____D C:\Program Files\Common Files\XCPCSync.OEM
2016-07-13 14:59 - 2016-03-28 22:57 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\Research In Motion
2016-07-13 14:59 - 2016-03-28 22:45 - 00000000 ____D C:\Program Files\Common Files\Research In Motion
2016-07-13 14:59 - 2016-03-16 05:37 - 00000000 ____D C:\ProgramData\AutoKMS
2016-07-13 14:59 - 2016-03-15 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-07-13 14:59 - 2016-02-01 15:01 - 00000000 ____D C:\Program Files\Zoodles
2016-07-13 14:59 - 2016-02-01 15:01 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2016-07-13 14:59 - 2015-11-08 08:50 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2016-07-13 14:59 - 2015-11-08 08:50 - 00000000 ____D C:\Program Files\iPod
2016-07-13 14:59 - 2015-11-08 08:38 - 00000000 ____D C:\Program Files\Apple Software Update
2016-07-13 14:59 - 2015-09-30 18:02 - 00000000 ____D C:\Program Files\MSECache
2016-07-13 14:59 - 2015-07-03 12:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-13 14:59 - 2015-02-27 09:09 - 00000000 ____D C:\Users\C&T Muhammad\Graboid
2016-07-13 14:59 - 2015-02-27 09:01 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Graboid Inc
2016-07-13 14:59 - 2015-02-13 02:30 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\Fuze Box
2016-07-13 14:59 - 2015-01-08 14:41 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-13 14:59 - 2014-10-31 07:51 - 00000000 ____D C:\Users\C&T Muhammad\AppData\LocalLow\Google
2016-07-13 14:59 - 2014-09-07 08:00 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\Downloadius_S.A.R.L
2016-07-13 14:59 - 2014-08-24 18:44 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\EurekaLab s.a.s
2016-07-13 14:59 - 2014-08-16 05:01 - 00000000 ____D C:\ProgramData\Oracle
2016-07-13 14:59 - 2014-07-18 03:21 - 00000000 ____D C:\Program Files\Dropbox
2016-07-13 14:59 - 2014-06-13 15:37 - 00000000 ____D C:\ProgramData\AVAST Software
2016-07-13 14:59 - 2014-05-09 00:59 - 00000000 ____D C:\ProgramData\AVG Secure Search
2016-07-13 14:59 - 2011-10-15 14:01 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\ElevatedDiagnostics
2016-07-13 14:59 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\registration
2016-07-13 14:59 - 2006-11-02 04:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-07-13 14:45 - 2006-11-02 03:22 - 43511808 _____ C:\Windows\system32\config\components_previous
2016-07-13 14:45 - 2006-11-02 03:22 - 00057344 _____ C:\Windows\system32\config\sam_previous
2016-07-13 13:42 - 2006-11-02 03:22 - 01515520 _____ C:\Windows\system32\config\default_previous
2016-07-13 13:42 - 2006-11-02 03:22 - 00028672 _____ C:\Windows\system32\config\security_previous
2016-07-11 21:00 - 2010-09-01 09:42 - 00000000 ____D C:\Windows\Minidump
2016-07-11 12:50 - 2009-04-29 13:31 - 00001356 _____ C:\Users\C&T Muhammad\AppData\Local\d3d9caps.dat
2016-07-10 21:39 - 2013-10-30 15:34 - 00000000 ___HD C:\$AVG
2016-07-10 21:38 - 2013-10-30 15:33 - 00000000 ____D C:\Program Files\AVG
2016-07-10 20:17 - 2016-05-26 19:03 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Zaahidah
2016-07-08 17:21 - 2013-08-20 07:12 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Homeschool
2016-07-08 04:58 - 2012-05-21 10:34 - 00000000 ____D C:\Users\C&T Muhammad\AppData\LocalLow\Temp
2016-07-07 12:58 - 2009-01-19 21:12 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\Google
2016-07-07 12:58 - 2008-11-05 17:15 - 00000000 ____D C:\Program Files\Google
2016-07-06 18:19 - 2009-10-02 16:29 - 00400552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-26 13:07 - 2006-11-02 05:47 - 00187392 _____ C:\Windows\system32\umstartup.etl
2016-06-25 09:02 - 2013-08-14 03:12 - 00000000 ____D C:\Windows\system32\MRT
2016-06-24 06:23 - 2012-07-04 09:51 - 00000000 ____D C:\Program Files\Yahoo!
2016-06-24 06:19 - 2016-03-26 09:52 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Conscious Graphic ART
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 ___RD C:\Windows\Offline Web Pages
2016-06-23 19:13 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\Msdtc
2016-06-21 19:38 - 2016-02-01 19:14 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\SimpleTrend System
2016-06-21 19:38 - 2015-12-11 04:52 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Lexi ArmyROTC_ASU INFO
2016-06-19 11:18 - 2014-06-13 15:39 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-19 10:54 - 2009-09-18 11:15 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2016-06-19 09:51 - 2014-08-16 04:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-19 09:51 - 2010-10-01 12:36 - 00000000 ____D C:\Program Files\Java
2016-06-19 09:47 - 2015-12-11 11:25 - 00000000 ____D C:\Users\C&T Muhammad\.oracle_jre_usage
2016-06-19 09:45 - 2015-06-02 18:37 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
 
==================== Files in the root of some directories =======
 
2014-06-13 15:40 - 2014-06-14 11:00 - 0005265 _____ () C:\Users\C&T Muhammad\AppData\Roaming\callbanner.png
2011-06-15 06:16 - 2015-02-22 21:47 - 0018001 _____ () C:\Users\C&T Muhammad\AppData\Roaming\UserTile.png
2009-02-11 09:29 - 2009-03-02 21:51 - 0001468 _____ () C:\Users\C&T Muhammad\AppData\Roaming\wklnhst.dat
2009-04-29 13:31 - 2016-07-11 12:50 - 0001356 _____ () C:\Users\C&T Muhammad\AppData\Local\d3d9caps.dat
2009-02-11 14:46 - 2015-08-26 11:41 - 0231424 _____ () C:\Users\C&T Muhammad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-02-11 14:55 - 2009-05-04 08:34 - 0008248 _____ () C:\Users\C&T Muhammad\AppData\Local\en.ini
2015-12-05 09:02 - 2015-12-05 09:02 - 0004096 ____H () C:\Users\C&T Muhammad\AppData\Local\keyfile3.drm
2015-06-27 19:34 - 2015-06-27 19:34 - 0000000 _____ () C:\Users\C&T Muhammad\AppData\Local\{F5BEE43F-0374-41C2-851C-243CD3D16C21}
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-17 06:22
 
==================== End of FRST.txt ============================

  • 0

#34
novicecomputergirl
Posted 17 July 2016 - 08:35 AM

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-07-2016 02
Ran by C&T Muhammad (2016-07-17 06:42:11)
Running from C:\Users\C&T Muhammad\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2008-11-05 17:52:58)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2243051797-3227929194-3452157988-500 - Administrator - Disabled)
C&T Muhammad (S-1-5-21-2243051797-3227929194-3452157988-1000 - Administrator - Enabled) => C:\Users\C&T Muhammad
Guest (S-1-5-21-2243051797-3227929194-3452157988-501 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.1.2272 - AVAST Software)
BlackBerry 10 Desktop Software (Blend, Link, Drivers) (HKLM\...\{c33e77db-89b5-4abf-a1d1-97f8b35347e1}) (Version: 1.2.0.52 - BlackBerry)
BlackBerry Communication Drivers (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Device Drivers (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Link (Version: 1.2.4.39 - BlackBerry) Hidden
BlackBerry Link Remover (Version: 1.2.4.0 - BlackBerry Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version:  - )
Canon MP240 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series) (Version:  - )
Canon MP240 series User Registration (HKLM\...\Canon MP240 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Cisco EAP-FAST Module (HKLM\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CouponBridge (HKLM\...\{434F6E75-E8E7-46FA-9037-1D46FAC61ED1}) (Version: 1.0.5 - CouponFactory, LLC) <==== ATTENTION
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Driver Download Manager (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
DriverUpdate (HKLM\...\{97C97FAC-9153-409E-A9C8-A19AFABE7547}) (Version: 2.2.38275 - SlimWare Utilities, Inc.)
Dropbox (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
Fuze Meeting (HKLM\...\{88F800EE-C2E3-49F1-9A61-DB1EE6DD4245}) (Version: 14.1.3326 - Fuze Box, Inc.)
Fuze Web Installer (HKLM\...\{114c4a6b-dd6c-47d9-9639-de36f18ea7e4}) (Version: 14.12.22716.0 - FuzeBox)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
Graboid Video (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Graboid Video 5.2.1.0) (Version: 5.2.1.0 - Graboid Inc.)
Graboid Video (Version: 5.2.1.0 - Graboid Inc.) Hidden
Graboid Video 3.21 (HKLM\...\Graboid Video) (Version: 3.21 - Graboid Inc.)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
LeapFrog LeapReader Plugin (Version: 5.2.1.18456 - LeapFrog) Hidden
LeapFrog LeapReader Plugin (Version: 5.2.4.18512 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaButtons 4.0.0.19 (HKLM\...\{148DB7A0-BCA6-47DF-A715-DD01F9266478}) (Version: 4.0.0.19 - )
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 6.0 (x86 en-US) (HKLM\...\Mozilla Firefox 6.0 (x86 en-US)) (Version: 6.0 - Mozilla)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PictureMover (HKLM\...\{8E9D71EC-A34B-4af8-A320-34891813DE34}) (Version: 3.4.1.15 - Hewlett-Packard Company)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden
SafeZone Stable 1.48.2066.114 (Version: 1.48.2066.114 - Avast Software) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Spotify) (Version: 1.0.24.104.g92a22684 - Spotify AB)
StartMeeting (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\StartMeeting) (Version: 1.4.7954.1001 - Start Meeting LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.5 - Tweaking.com)
Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.5.1f5_24931 - Unity Technologies ApS)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapReader Plugin) (HKLM\...\LeapReaderPlugin) (Version:  - LeapFrog)
Video Player (HKLM\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Zoodles (HKLM\...\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1) (Version: 3.0.5 - Inquisitive Minds, Inc)
Zoodles (Version: 3.0.5 - Inquisitive Minds, Inc) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{4787082E-1BB0-4790-8346-4BA408818450}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\FuzeMeetingIEplugin.dll (Callwave Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{CFF3F401-4DA6-48be-9F16-6066CFA9374C}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\FuzeMeetingIEplugin.dll (Callwave Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1285BC55-FC9B-4B0D-813C-92F5ED1A960C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4803D706-EACD-4839-88C6-8E13BCB31F27} - System32\Tasks\avastBCLRestartS-1-5-21-2243051797-3227929194-3452157988-1000 => Chrome.exe 
Task: {49ABE083-581E-4BDF-BA2E-2C5BD0B3C310} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-03-26] (Siber Systems)
Task: {53A1E83C-B5F0-4410-B13B-1D80D8492BC4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {6584C4B6-D36A-4A37-8173-8AF5CC063D91} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {6E9B3878-76B1-4108-840E-0EB6D1B147CF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-14] (AVAST Software)
Task: {71BCC9A9-62F2-42BB-8707-3DA4B47598D5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {72FB8449-A6CD-41B4-B673-530748814F87} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {85B89FE3-04B9-4C21-A094-ACC411BBC4FA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {9D6972DC-EC86-4093-AA53-06F1D33E7055} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {A7E57A72-2C5F-4BCA-A41E-948E84E23570} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {A85DAAF7-1586-4856-BF12-17861B4B56D8} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {B2763B78-064A-4324-BF9F-D4BE2B7BC1AE} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B2A7718C-31BE-4147-8793-7A0BC1A1DC13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {C7B0BC51-9318-4C81-90E6-B37B2DB2E48D} - System32\Tasks\SafeZone scheduled Autoupdate 1468506618 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {C9254798-23AA-4387-BD4B-9E52632F1574} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D0B4881A-58B4-4FAA-AB3C-1C9F328CF1BA} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-08-18] (PC-Doctor, Inc.)
Task: {EDDD7BD2-0CF7-4704-B209-1F1344EB6234} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {F045A6E6-4D87-496A-8674-E526334A1413} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {F7917915-5179-4748-8926-5D398B66CB9F} - System32\Tasks\SafeZone scheduled Autoupdate 1466360567 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {FCF04EBF-4017-43F5-9A03-A2DED160299F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {FE8E9FF9-6D5F-4D61-9552-C8DEF1D2FBD4} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com
 
ShortcutWithArgument: C:\Users\C&T Muhammad\Desktop\DESKTOP ITEMS\Fuze Meeting .lnk -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\Fuze_Meeting.exe (Fuze Box Inc.) -> hxxps://www.fuzemeeting.com/fuze
ShortcutWithArgument: C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fuze Meeting\Fuze Meeting .lnk -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\Fuze_Meeting.exe (Fuze Box Inc.) -> hxxps://www.fuzemeeting.com/fuze
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [131]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\e-tmm.com -> hxxp://h36.e-tmm.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 03:23 - 2016-07-15 19:32 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^C&T Muhammad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^C&T Muhammad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: ECenter => C:\Dell\E-Center\EULALauncher.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
 
==================== Restore Points =========================
 
22-06-2016 03:03:33 Windows Update
23-06-2016 18:49:10 Windows Update
24-06-2016 03:00:12 Windows Update
24-06-2016 06:23:41 Removed Zoodles
25-06-2016 03:06:11 Windows Update
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/17/2016 06:39:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/17/2016 06:39:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/17/2016 06:38:51 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (07/17/2016 06:17:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/17/2016 06:17:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/17/2016 06:17:10 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (07/17/2016 02:07:38 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x8000ffff).
 
Error: (07/17/2016 02:07:38 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154.
 
 
Operation:
   Gathering Writer Data
   Executing Asynchronous Operation
 
Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata
 
Error: (07/17/2016 02:07:38 AM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered.  This will prevent any
VSS writers from receiving events.  This may be caused due to a setup failure or as a result of an 
application's installer or uninstaller.
 
 
Operation:
   Gathering Writer Data
   Executing Asynchronous Operation
 
Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata
 
Error: (07/17/2016 12:00:25 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x8000ffff).
 
 
System errors:
=============
Error: (07/17/2016 06:43:11 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume RECOVERY.
 
Error: (07/17/2016 06:43:10 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume RECOVERY.
 
Error: (07/17/2016 06:38:54 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
 
Error: (07/17/2016 06:38:51 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (07/17/2016 06:38:44 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (07/17/2016 06:32:02 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: aswRvrt
aswSnx
aswSP
aswVmm
spldr
Wanarpv6
 
Error: (07/17/2016 06:32:02 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Windows Firewall5 (0x5)
 
Error: (07/17/2016 06:31:10 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Windows\System32\bcmihvsrv.dll21
 
Error: (07/17/2016 06:24:52 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%834
 
Error Code: 0x8007043c
 
Error description: This service cannot be started in Safe Mode 
 
Reason: %%858
 
Error: (07/17/2016 06:24:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Microsoft Antimalware Service1150001Restart the service
 
 
CodeIntegrity:
===================================
  Date: 2016-07-17 06:41:26.824
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-17 06:41:26.496
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-17 06:41:26.153
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-17 06:41:25.794
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-17 05:55:02.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-17 05:55:02.430
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-17 05:55:01.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-17 05:55:00.558
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-17 05:54:59.996
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-17 05:54:59.419
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T5850 @ 2.16GHz
Percentage of memory in use: 19%
Total physical RAM: 3062.45 MB
Available physical RAM: 2472.45 MB
Total Virtual: 6325.19 MB
Available Virtual: 5959.5 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:217.83 GB) (Free:110.62 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.85 GB) NTFS
Drive h: (TONI-RAE'S) (Removable) (Total:14.71 GB) (Free:14.18 GB) FAT32
Drive o: (OS) (Network) (Total:217.83 GB) (Free:110.62 GB) NTFS
Drive z: (OS) (Network) (Total:217.83 GB) (Free:110.62 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 30000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=217.8 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End of Addition.txt ============================

  • 0

#35
novicecomputergirl
Posted 20 July 2016 - 08:21 AM

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

For a minute there my computer was loading fine and only Microsoft (outlook) seemed to be corrupt. However, when the computer reboots now - it goes back to the black screen stuck and not starting properly ?

 

Thank you again for your help and patience with me - . - I will await your response as I know you are traveling. 


  • 0

#36
RKinner
Posted 20 July 2016 - 08:09 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Black screen is usually a problem with the video driver.  See if it will boot into the Low Resolution Video option in the Safe Mode menu.  Or Perhaps Safe Mode with Networking.  If it works in Safe Mode with Networking you can go into msconfig and Go to Startup tab and uncheck everything.  OK and

reboot.  If it doesn't run faster then go back into msconfig and recheck the
things you turned off.  If it helps then go back and turn on a few items each
time until you find the culprit.

 

Error: (07/17/2016 06:43:11 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume RECOVERY.

 

 

This is your D drive.  To run Check disk:

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. D:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You may receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer? Click Yes to schedule the disk check, and restart.

 

I'm not sure why it should even be looking at Recovery.  Sometimes people make the mistake of setting up backups and pointing the backups at Recovery.  THere is no room in Recovery for backups.  This explains how to set up backups.  Make sure you are not pointing the backups to the D: drive.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Malware Removal

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP