Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FRST.exe - needing help to run the process

Malware Removal

  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP

You posted the fixlist and not the fixlog.  Let's try again.

 

You need to download the fixlist.txt file to your desktop since that's where FRST is running from:  C:\Users\C&T Muhammad\Desktop

 

Attached File  fixlist.txt   20.4KB   27 downloads

 

Then right click on FRST and Run As Admin.

 

When FRST comes up click on FIX not SCAN.

 

It will probably reboot.  There should be a fixlog.txt on your desktop.  That's what I want to see.  Go ahead and put it in a Reply.

 

Then go back and right click on FRST and run as admin.  Check the Addition.txt box then Hit Scan.  You should get two logs.  Post them both.

 

 


  • 0

Advertisements


#17
novicecomputergirl

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

I will be running the AVAST scan overnight as suggested then will post the text from the log tomorrow.

 

Thank you!


  • 0

#18
novicecomputergirl

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

I am having a bit of trouble running the avast scan in safe mode with networking. It tells me that "an unexpected error has occurred on the server" ??

 

It is not allowing me to run any scans.


  • 0

#19
novicecomputergirl

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

I tried installing AVG -protection - will this work as an alternate to AVAST?

 

When I try to scan it only gives me a command prompt screen to start ( I believe because I'm in safe mode with networking). Please advise


  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP

AVG is not as good as Avast.  Try running the fixlist from my last post then see if AVAST is happy.


  • 0

#21
novicecomputergirl

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

This is what I received:6:26 AM 7/11/2016 CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Citrix\GoToMeeting\3880\G2MOutlookAddin.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.29.2\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
Task: {1BA77315-56E6-4B66-BB78-1A8BA64A8CDA} - System32\Tasks\PCSpeedCleanPRO_Start => C:\Program Files\PC Speed Clean PRO\PCSpeedCleanPRO.exe
Task: {1F46C5D4-F14B-4DA3-9E68-5EA9C5A46168} - \Funmoods -> No File <==== ATTENTION
Task: {2BDFC3BF-59C4-4B71-AC97-0B1CB6940632} - System32\Tasks\{9D9E481C-AF45-4DAF-BA6D-4D8D6FBCC887} => pcalua.exe -a "C:\Users\C&amp;T Muhammad\AppData\Local\Temp\Reinstal\media_player_setup[1].exe" -d C:\Users\C&amp;TMUH~1\AppData\Local\Temp\Reinstal\ -c /RR /DIR:0Czx1Y0P1C1F1N1C1T1HtT0F1L1I1P1B1Y0M1P1Q1L1TtT0P1I1T2U1P1C1Y /BNDL:BBN_13054 /EB
Task: {720E7400-BAA3-4675-959D-37A9DC5D9E39} - System32\Tasks\PCSpeedCleanPRO_Popup => C:\Program Files\PC Speed Clean PRO\Splash.exe
Task: {729B3C78-77C6-4DDE-ADB0-95525A7F9E12} - \AmiUpdXp -> No File <==== ATTENTION
Task: {862BCDAE-47C9-4040-9E00-A85D0EA30C79} - System32\Tasks\PerfMonitor_strtp => C:\Program Files\Optimizer Elite Max\PerformanceMonitor.exe <==== ATTENTION
Task: {A895A013-451F-4045-AC73-5E52387D88C7} - \DriverUpdate Startup -> No File <==== ATTENTION
Task: {CD960298-1365-4A56-A3CC-07C610A84C4A} - System32\Tasks\CodecUpdaterUpdaterRefreshTask => C:\ProgramData\CodecUpdate\ix_updater.exe <==== ATTENTION
Task: {D25B5541-139A-46D1-A41C-54529A668CC3} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {E9A35101-1932-4BC7-9647-5AE779BCC361} - System32\Tasks\PCHelpers1st => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: {ED38A655-3466-43EC-9EF6-641B53A4617C} - System32\Tasks\CodecUpdaterUpdaterLogonTask => C:\ProgramData\CodecUpdate\ix_updater.exe <==== ATTENTION
Task: {FECBCDAD-AF72-453B-A7E8-958F0B3C9F91} - System32\Tasks\PCHelpers_period => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CodecUpdaterUpdaterLogonTask.job => C:\ProgramData\CodecUpdate\[email protected]/schedule /profilepath C:\ProgramData\CodecUpdate\profile.ini <==== ATTENTION
Task: C:\Windows\Tasks\CodecUpdaterUpdaterRefreshTask.job => C:\ProgramData\CodecUpdate\ix_updater.exe6/profilepath C:\ProgramData\CodecUpdate\profile.ini <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCHelpers1st.job => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: C:\Windows\Tasks\PCHelpers_period.job => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: C:\Windows\Tasks\PerfMonitor_strtp.job => C:\Program Files\Optimizer Elite Max\PerformanceMonitor.exe <==== ATTENTION
Task: C:\Windows\Tasks\User_Feed_Synchronization-{AC4E15DC-E56F-4AF0-8146-FC7692F56C37}.job => C:\Windows\system32\msfeedssync.exe
Shortcut: C:\Users\C&T Muhammad\Desktop\DESKTOP ITEMS\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=solimbav&subid=desktop&campid=vbi (No File)
Shortcut: C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=solimbav&subid=program&campid=vbi (No File)
Shortcut: C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com (No File)
HKU\.DEFAULT\Software\Classes\.exe: exefile =>  <===== ATTENTION 
CMD: sc config winmgmt start= disabled /y
CMD: net stop winmgmt
CMD: Ren \windows\System32\wbem\repository repository.old.
CMD: sc config winmgmt start= auto
CMD: net start winmgmt
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"

  • 0

#22
novicecomputergirl

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Avast still not running properly. I went to control panel -> reinstall/uninstall programs for avast and chose fix. It did its thing and said that it was successful??

 

I'm not sure why its not connecting to server?


  • 0

#23
novicecomputergirl

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Also when I re-boot - normally I'm still getting the "Black screen" and cursor problem?


  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP
You need to download the fixlist.txt file to your desktop since that's where FRST is running from:  C:\Users\C&T Muhammad\Desktop
 
Attached File  fixlist.txt   20.4KB   30 downloads
 
Then right click on FRST and Run As Admin.
 
When FRST comes up click on FIX not SCAN.
 
It will probably reboot.  There should be a fixlog.txt on your desktop.  That's what I want to see.  Go ahead and put it in a Reply.
 
Then go back and right click on FRST and run as admin.  Check the Addition.txt box then Hit Scan.  You should get two logs.  Post them both.
 
Then try Avast.
 

  • 0

#25
novicecomputergirl

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Fix result of Farbar Recovery Scan Tool (x86) Version: 10-07-2016 01
Ran by C&T Muhammad (2016-07-11 12:24:15) Run:4
Running from C:\Users\C&T Muhammad\Desktop
Loaded Profiles: C&T Muhammad (Available Profiles: C&T Muhammad)
Boot Mode: Safe Mode (with Networking)
 
==============================================
 
fixlist content:
*****************
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Citrix\GoToMeeting\3880\G2MOutlookAddin.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.29.2\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
Task: {1BA77315-56E6-4B66-BB78-1A8BA64A8CDA} - System32\Tasks\PCSpeedCleanPRO_Start => C:\Program Files\PC Speed Clean PRO\PCSpeedCleanPRO.exe
Task: {1F46C5D4-F14B-4DA3-9E68-5EA9C5A46168} - \Funmoods -> No File <==== ATTENTION
Task: {2BDFC3BF-59C4-4B71-AC97-0B1CB6940632} - System32\Tasks\{9D9E481C-AF45-4DAF-BA6D-4D8D6FBCC887} => pcalua.exe -a "C:\Users\C&amp;T Muhammad\AppData\Local\Temp\Reinstal\media_player_setup[1].exe" -d C:\Users\C&amp;TMUH~1\AppData\Local\Temp\Reinstal\ -c /RR /DIR:0Czx1Y0P1C1F1N1C1T1HtT0F1L1I1P1B1Y0M1P1Q1L1TtT0P1I1T2U1P1C1Y /BNDL:BBN_13054 /EB
Task: {720E7400-BAA3-4675-959D-37A9DC5D9E39} - System32\Tasks\PCSpeedCleanPRO_Popup => C:\Program Files\PC Speed Clean PRO\Splash.exe
Task: {729B3C78-77C6-4DDE-ADB0-95525A7F9E12} - \AmiUpdXp -> No File <==== ATTENTION
Task: {862BCDAE-47C9-4040-9E00-A85D0EA30C79} - System32\Tasks\PerfMonitor_strtp => C:\Program Files\Optimizer Elite Max\PerformanceMonitor.exe <==== ATTENTION
Task: {A895A013-451F-4045-AC73-5E52387D88C7} - \DriverUpdate Startup -> No File <==== ATTENTION
Task: {CD960298-1365-4A56-A3CC-07C610A84C4A} - System32\Tasks\CodecUpdaterUpdaterRefreshTask => C:\ProgramData\CodecUpdate\ix_updater.exe <==== ATTENTION
Task: {D25B5541-139A-46D1-A41C-54529A668CC3} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {E9A35101-1932-4BC7-9647-5AE779BCC361} - System32\Tasks\PCHelpers1st => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: {ED38A655-3466-43EC-9EF6-641B53A4617C} - System32\Tasks\CodecUpdaterUpdaterLogonTask => C:\ProgramData\CodecUpdate\ix_updater.exe <==== ATTENTION
Task: {FECBCDAD-AF72-453B-A7E8-958F0B3C9F91} - System32\Tasks\PCHelpers_period => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CodecUpdaterUpdaterLogonTask.job => C:\ProgramData\CodecUpdate\[email protected]/schedule /profilepath C:\ProgramData\CodecUpdate\profile.ini <==== ATTENTION
Task: C:\Windows\Tasks\CodecUpdaterUpdaterRefreshTask.job => C:\ProgramData\CodecUpdate\ix_updater.exe6/profilepath C:\ProgramData\CodecUpdate\profile.ini <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCHelpers1st.job => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: C:\Windows\Tasks\PCHelpers_period.job => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: C:\Windows\Tasks\PerfMonitor_strtp.job => C:\Program Files\Optimizer Elite Max\PerformanceMonitor.exe <==== ATTENTION
Task: C:\Windows\Tasks\User_Feed_Synchronization-{AC4E15DC-E56F-4AF0-8146-FC7692F56C37}.job => C:\Windows\system32\msfeedssync.exe
Shortcut: C:\Users\C&T Muhammad\Desktop\DESKTOP ITEMS\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=solimbav&subid=desktop&campid=vbi (No File)
Shortcut: C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=solimbav&subid=program&campid=vbi (No File)
Shortcut: C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com (No File)
HKU\.DEFAULT\Software\Classes\.exe: exefile =>  <===== ATTENTION 
CMD: sc config winmgmt start= disabled /y
CMD: net stop winmgmt
CMD: Ren \windows\System32\wbem\repository repository.old.
CMD: sc config winmgmt start= auto
CMD: net start winmgmt
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
 
 
 
 
 
*****************
 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9} => key not found. 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BA77315-56E6-4B66-BB78-1A8BA64A8CDA} => key not found. 
C:\Windows\System32\Tasks\PCSpeedCleanPRO_Start => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCSpeedCleanPRO_Start => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F46C5D4-F14B-4DA3-9E68-5EA9C5A46168} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BDFC3BF-59C4-4B71-AC97-0B1CB6940632} => key not found. 
C:\Windows\System32\Tasks\{9D9E481C-AF45-4DAF-BA6D-4D8D6FBCC887} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9D9E481C-AF45-4DAF-BA6D-4D8D6FBCC887} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{720E7400-BAA3-4675-959D-37A9DC5D9E39} => key not found. 
C:\Windows\System32\Tasks\PCSpeedCleanPRO_Popup => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCSpeedCleanPRO_Popup => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{729B3C78-77C6-4DDE-ADB0-95525A7F9E12} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{862BCDAE-47C9-4040-9E00-A85D0EA30C79} => key not found. 
C:\Windows\System32\Tasks\PerfMonitor_strtp => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PerfMonitor_strtp => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A895A013-451F-4045-AC73-5E52387D88C7} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverUpdate Startup => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD960298-1365-4A56-A3CC-07C610A84C4A} => key not found. 
C:\Windows\System32\Tasks\CodecUpdaterUpdaterRefreshTask => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CodecUpdaterUpdaterRefreshTask => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D25B5541-139A-46D1-A41C-54529A668CC3} => key not found. 
C:\Windows\System32\Tasks\LaunchSignup => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9A35101-1932-4BC7-9647-5AE779BCC361} => key not found. 
C:\Windows\System32\Tasks\PCHelpers1st => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCHelpers1st => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED38A655-3466-43EC-9EF6-641B53A4617C} => key not found. 
C:\Windows\System32\Tasks\CodecUpdaterUpdaterLogonTask => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CodecUpdaterUpdaterLogonTask => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FECBCDAD-AF72-453B-A7E8-958F0B3C9F91} => key not found. 
C:\Windows\System32\Tasks\PCHelpers_period => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCHelpers_period => key not found. 
C:\Windows\Tasks\Adobe Flash Player Updater.job => not found.
C:\Windows\Tasks\CodecUpdaterUpdaterLogonTask.job => not found.
C:\Windows\Tasks\CodecUpdaterUpdaterRefreshTask.job => not found.
C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job => not found.
C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job => not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => not found.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job => not found.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job => not found.
C:\Windows\Tasks\PCHelpers1st.job => not found.
C:\Windows\Tasks\PCHelpers_period.job => not found.
C:\Windows\Tasks\PerfMonitor_strtp.job => not found.
C:\Windows\Tasks\User_Feed_Synchronization-{AC4E15DC-E56F-4AF0-8146-FC7692F56C37}.job => not found.
Shortcut: C:\Users\C&T Muhammad\Desktop\DESKTOP ITEMS\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=solimbav&subid=desktop&campid=vbi (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=solimbav&subid=program&campid=vbi (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com (No File) => Error: No automatic fix found for this entry.
HKU\.DEFAULT\Software\Classes\.exe => key not found. 
 
========= sc config winmgmt start= disabled /y =========
 
DESCRIPTION:
        Modifies a service entry in the registry and Service Database.
USAGE:
        sc <server> config [service name] <option1> <option2>...
 
OPTIONS:
NOTE: The option name includes the equal sign.
      A space is required between the equal sign and the value.
 type= <own|share|interact|kernel|filesys|rec|adapt>
 start= <boot|system|auto|demand|disabled|delayed-auto>
 error= <normal|severe|critical|ignore>
 binPath= <BinaryPathName>
 group= <LoadOrderGroup>
 tag= <yes|no>
 depend= <Dependencies(separated by / (forward slash))>
 obj= <AccountName|ObjectName>
 DisplayName= <display name>
 password= <password>
 
========= End ofCMD: =========
 
 
========= net stop winmgmt =========
 
The Windows Management Instrumentation service is stopping.
The Windows Management Instrumentation service was stopped successfully.
 
 
========= End ofCMD: =========
 
 
========= Ren \windows\System32\wbem\repository repository.old. =========
 
A duplicate file name exists, or the file
cannot be found.
 
========= End ofCMD: =========
 
 
========= sc config winmgmt start= auto =========
 
[SC] ChangeServiceConfig SUCCESS
 
========= End ofCMD: =========
 
 
========= net start winmgmt =========
 
The Windows Management Instrumentation service is starting.
The Windows Management Instrumentation service was started successfully.
 
 
========= End ofCMD: =========
 
 
========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========
 
 
========= End ofCMD: =========
 
 
==== End of Fixlog 12:25:39 ====

  • 0

Advertisements


#26
novicecomputergirl

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-07-2016 01
Ran by C&T Muhammad (administrator) on OFFICE-PC (11-07-2016 12:27:20)
Running from C:\Users\C&T Muhammad\Desktop
Loaded Profiles: C&T Muhammad (Available Profiles: C&T Muhammad)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6246400 2008-08-26] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2008-07-03] (Dell Inc.)
HKLM\...\Run: [DellOSD] => C:\Windows\System32\MediaButtons.exe [2166784 2008-05-08] ()
HKLM\...\Run: [BrowserPlugInHelper] => C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-04-12] (RealNetworks, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM\...\Run: [RIM PeerManager] => C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4730616 2015-05-26] (BlackBerry Limited)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8897712 2016-07-10] (AVAST Software)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [5351184 2016-06-29] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Google Update] => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Dropbox Update] => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-23] (Dropbox, Inc.)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Spotify Web Helper] => C:\Users\C&T Muhammad\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-05-19] (Spotify Ltd)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Spotify] => C:\Users\C&T Muhammad\AppData\Roaming\Spotify\Spotify.exe [6754928 2016-05-19] (Spotify Ltd)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\RunOnce: [Application Restart #0] => C:\Windows\ehome\ehtray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\RunOnce: [Application Restart #1] => C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\RunOnce: [Application Restart #2] => C:\Program Files\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\RunOnce: [Application Restart #3] => C:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssBranded.scr [8139264 2008-01-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-07-10] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{28AE79C2-D1A0-4CB7-9A73-B3B4F663F01D}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{A2D144FB-D371-4306-8E0E-6A9708623BAD}: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {C603FAF6-5718-4F44-840A-EC8BA0159093} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-19] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-19] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-28] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763
FF DefaultSearchEngine: Bing 
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-us
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-04-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-04-12] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-05-22] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @unity3d.com/UnityPlayer -> C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll [2011-06-29] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @citrixonline.com/appdetectorplugin -> C:\Users\C&T Muhammad\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-12-07] (Citrix Online)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @fuzebox.com/Fuze Meeting NPAPI Plugin,version=1.0.0.1 -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll [2014-01-03] ( )
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @startmeeting.com/launcher -> C:\Users\C&T Muhammad\AppData\Local\SMPlugins\npsmlauncher.dll [2015-05-21] (Start Meeting)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @talk.google.com/O1DPlugin -> C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @tools.google.com/Google Update;version=3 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @tools.google.com/Google Update;version=9 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF user.js: detected! => C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763\user.js [2014-02-09]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-04-12] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-04-12] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\C&T Muhammad\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\C&T Muhammad\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763\searchplugins\bingp.xml [2015-09-30]
FF Extension: Adblock Plus - C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-24] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-10]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]
 
Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-07-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-08]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-19]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AERTFilters; C:\Windows\system32\AERTSrv.exe [73728 2008-08-26] (Andrea Electronics Corporation)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-10] (AVAST Software)
S2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4092672 2016-06-29] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [890128 2016-06-21] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [594904 2016-06-29] (AVG Technologies CZ, s.r.o.)
S3 BlackBerry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 RIM MDNS; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-05-26] (Apple Inc.)
S2 RIM Tunnel Service; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1355000 2015-05-26] (BlackBerry Limited)
S2 SharedAccess; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-07-03] (Dell Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-07-10] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-07-10] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91680 2016-07-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-07-10] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-07-10] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-07-10] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [438296 2016-07-10] (AVAST Software)
S3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-07-10] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-07-10] (AVAST Software)
S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [222056 2016-07-10] (AVAST Software)
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [255744 2016-06-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [201472 2016-06-01] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [212736 2016-06-01] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [191744 2016-06-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [217344 2016-06-01] (AVG Technologies CZ, s.r.o.)
S4 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-05-09] (AVG Technologies)
S0 avgunivx; C:\Windows\System32\DRIVERS\avgunivx.sys [65280 2016-06-01] (AVG Technologies CZ, s.r.o.)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-07-03] (Broadcom Corporation)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-03-02] (Avanquest Software) [File not signed]
R3 DLXPDisplayName; C:\Windows\System32\DRIVERS\DLACPI.sys [14392 2008-04-16] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-07-09] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [69120 2015-01-14] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6.sys [14848 2015-05-26] (BlackBerry Limited)
S2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-05-08] (Windows ® Codename Longhorn DDK provider)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-02-18] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-11 06:22 - 2016-07-11 06:28 - 00020926 _____ C:\Users\C&T Muhammad\Desktop\fixlist (1).txt
2016-07-10 21:40 - 2016-07-10 21:40 - 00000775 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-07-10 21:40 - 2016-07-10 21:40 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\AVG
2016-07-10 21:40 - 2016-07-10 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-07-10 21:36 - 2016-07-10 21:39 - 00000000 ____D C:\ProgramData\Avg
2016-07-10 21:35 - 2016-07-10 21:40 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\Avg
2016-07-10 21:35 - 2016-07-10 21:37 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\AvgSetupLog
2016-07-10 21:22 - 2016-07-10 21:22 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2016-07-10 21:22 - 2016-07-10 21:22 - 00319248 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-07-10 21:22 - 2016-07-10 21:22 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-07-10 21:19 - 2016-07-10 21:23 - 00000350 ____H C:\Windows\Tasks\avast! Emergency Update.job
2016-07-10 21:19 - 2016-07-10 21:19 - 00000472 _____ C:\Windows\Tasks\SafeZone scheduled Autoupdate 1466360567.job
2016-07-10 20:30 - 2016-07-10 20:39 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\AvastSupport
2016-07-08 23:12 - 2016-07-10 21:46 - 00415744 _____ C:\Windows\ntbtlog.txt
2016-07-07 12:57 - 2016-07-11 12:25 - 00021105 _____ C:\Users\C&T Muhammad\Desktop\Fixlog.txt
2016-06-26 21:30 - 2016-07-11 12:27 - 00024972 _____ C:\Users\C&T Muhammad\Desktop\FRST.txt
2016-06-26 21:30 - 2016-07-11 12:27 - 00000000 ____D C:\FRST
2016-06-26 21:30 - 2016-07-10 19:36 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\FRST-OlderVersion
2016-06-26 21:27 - 2016-07-10 19:36 - 01741312 _____ (Farbar) C:\Users\C&T Muhammad\Desktop\FRST.exe
2016-06-26 14:47 - 2016-06-26 12:07 - 54935552 _____ C:\Windows\system32\config\SOFTWARE.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 43511808 _____ C:\Windows\system32\config\COMPONENTS.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 30867456 _____ C:\Windows\system32\config\SYSTEM.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 01515520 _____ C:\Windows\system32\config\DEFAULT.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 00057344 _____ C:\Windows\system32\config\SAM.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 00028672 _____ C:\Windows\system32\config\SECURITY.OLD
2016-06-26 14:33 - 2016-06-26 14:33 - 00000000 ____D C:\Windows\system32\config\cackup
2016-06-26 14:33 - 2016-06-26 14:33 - 00000000 ____D C:\Windows\system32\config\backup
2016-06-24 17:08 - 2016-06-24 17:08 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-21 10:16 - 2016-06-21 10:16 - 00297020 _____ C:\Users\C&T Muhammad\Downloads\Entering 4th Grade Summer Math Packet (2).pdf
2016-06-21 10:15 - 2016-06-21 10:16 - 00297020 _____ C:\Users\C&T Muhammad\Downloads\Entering 4th Grade Summer Math Packet.pdf
2016-06-20 04:57 - 2016-06-20 04:57 - 00235686 _____ C:\Users\C&T Muhammad\Downloads\VS111.pdf
2016-06-20 04:57 - 2016-06-20 04:57 - 00235686 _____ C:\Users\C&T Muhammad\Downloads\1 App for Birth Record VS111.pdf
2016-06-19 11:24 - 2016-06-19 11:24 - 00000814 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-06-19 11:24 - 2016-06-19 11:24 - 00000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-19 11:19 - 2016-07-10 21:22 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-06-19 11:15 - 2016-06-19 11:15 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\AVAST Software
2016-06-19 11:14 - 2016-07-10 21:19 - 00001791 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-06-19 11:14 - 2016-06-19 11:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-06-19 11:12 - 2016-07-10 21:23 - 00438296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-06-19 11:12 - 2016-07-10 21:22 - 00816304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-19 11:12 - 2016-07-10 21:22 - 00222056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-19 11:12 - 2016-07-10 21:22 - 00184592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-06-19 11:12 - 2016-07-10 21:22 - 00091680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-19 11:12 - 2016-07-10 21:22 - 00066688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-06-19 11:12 - 2016-07-10 21:22 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-06-19 11:12 - 2016-07-10 21:22 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-19 11:12 - 2016-07-10 21:22 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-19 11:05 - 2016-06-19 11:06 - 05066104 _____ (AVAST Software) C:\Users\C&T Muhammad\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2016-06-19 10:32 - 2016-06-19 10:32 - 00000000 ____D C:\ProgramData\dbg
2016-06-19 09:48 - 2016-06-19 09:48 - 00000000 ____D C:\Program Files\Common Files\Java
2016-06-18 18:35 - 2016-06-18 18:35 - 02535247 _____ C:\Users\C&T Muhammad\Downloads\NoDocument (1).pdf
2016-06-18 12:44 - 2016-06-18 12:44 - 225955043 _____ C:\Windows\MEMORY.DMP
2016-06-18 12:44 - 2016-06-18 12:44 - 00147560 _____ C:\Windows\Minidump\Mini061816-01.dmp
2016-06-16 15:20 - 2016-06-16 15:20 - 00626217 _____ C:\Users\C&T Muhammad\Downloads\lexi stid (2).zip
2016-06-16 15:15 - 2016-06-16 15:15 - 00626217 _____ C:\Users\C&T Muhammad\Downloads\lexi stid.zip
2016-06-16 15:15 - 2016-06-16 15:15 - 00626217 _____ C:\Users\C&T Muhammad\Downloads\lexi stid (1).zip
2016-06-15 08:34 - 2016-06-15 08:34 - 00176894 _____ C:\Users\C&T Muhammad\Downloads\Ecosoc Notification Letter.pdf
2016-06-13 15:05 - 2016-06-13 15:06 - 02535247 _____ C:\Users\C&T Muhammad\Downloads\NoDocument.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-10 21:49 - 2013-10-30 15:28 - 00000000 ____D C:\ProgramData\MFAData
2016-07-10 21:41 - 2011-02-10 08:28 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\DESKTOP ITEMS
2016-07-10 21:41 - 2009-04-29 13:31 - 00001356 _____ C:\Users\C&T Muhammad\AppData\Local\d3d9caps.dat
2016-07-10 21:39 - 2013-10-30 15:34 - 00000000 ___HD C:\$AVG
2016-07-10 21:38 - 2013-10-30 15:33 - 00000000 ____D C:\Program Files\AVG
2016-07-10 21:26 - 2006-11-02 05:47 - 00349648 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-10 20:17 - 2016-05-26 19:03 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Zaahidah
2016-07-09 11:30 - 2015-07-03 12:21 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-08 17:21 - 2013-08-20 07:12 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Homeschool
2016-07-08 04:58 - 2012-05-21 10:34 - 00000000 ____D C:\Users\C&T Muhammad\AppData\LocalLow\Temp
2016-07-07 12:58 - 2009-01-19 21:12 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\Google
2016-07-07 12:58 - 2009-01-19 21:11 - 00000000 ____D C:\Users\C&T Muhammad
2016-07-07 12:58 - 2008-11-05 17:15 - 00000000 ____D C:\Program Files\Google
2016-07-07 12:57 - 2006-11-02 04:18 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-06-26 13:19 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-26 13:07 - 2006-11-02 05:47 - 00187392 _____ C:\Windows\system32\umstartup.etl
2016-06-26 11:59 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\inf
2016-06-25 16:38 - 2009-11-28 09:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-25 11:44 - 2006-11-02 03:33 - 00756792 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-25 10:33 - 2006-11-02 05:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-25 10:33 - 2006-11-02 05:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-25 09:44 - 2010-06-04 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-25 09:02 - 2013-08-14 03:12 - 00000000 ____D C:\Windows\system32\MRT
2016-06-25 08:06 - 2006-11-02 03:24 - 139785240 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-06-25 05:41 - 2006-11-02 04:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-25 04:51 - 2015-07-03 14:02 - 00002154 _____ C:\Windows\epplauncher.mif
2016-06-25 04:51 - 2015-07-03 14:02 - 00001744 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-06-25 04:49 - 2015-07-03 14:01 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-06-24 17:09 - 2014-07-18 03:18 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Dropbox
2016-06-24 06:23 - 2012-07-04 09:51 - 00000000 ____D C:\Program Files\Yahoo!
2016-06-24 06:19 - 2016-03-26 09:52 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Conscious Graphic ART
2016-06-24 06:18 - 2016-05-19 09:07 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\Spotify
2016-06-24 06:18 - 2014-01-11 14:41 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Spotify
2016-06-23 22:27 - 2006-11-02 06:01 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-23 19:15 - 2006-11-02 03:22 - 54263808 _____ C:\Windows\system32\config\software_previous
2016-06-23 19:15 - 2006-11-02 03:22 - 31457280 _____ C:\Windows\system32\config\system_previous
2016-06-23 19:14 - 2006-11-02 05:37 - 00000000 ____D C:\Windows\ShellNew
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 __RSD C:\Windows\Media
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 ___RD C:\Windows\Offline Web Pages
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 ____D C:\Program Files\Common Files\Services
2016-06-23 19:13 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\spool
2016-06-23 19:13 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\Msdtc
2016-06-23 19:12 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\registration
2016-06-23 19:05 - 2006-11-02 03:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2016-06-23 19:05 - 2006-11-02 03:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2016-06-23 13:40 - 2006-11-02 03:22 - 42729472 _____ C:\Windows\system32\config\components_previous
2016-06-23 13:40 - 2006-11-02 03:22 - 01572864 _____ C:\Windows\system32\config\default_previous
2016-06-21 19:38 - 2016-02-01 19:14 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\SimpleTrend System
2016-06-21 19:38 - 2015-12-11 04:52 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Lexi ArmyROTC_ASU INFO
2016-06-19 11:18 - 2014-06-13 15:39 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-19 11:18 - 2014-06-13 15:37 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-19 10:54 - 2009-09-18 11:15 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2016-06-19 09:51 - 2014-08-16 04:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-19 09:51 - 2010-10-01 12:36 - 00000000 ____D C:\Program Files\Java
2016-06-19 09:47 - 2015-12-11 11:25 - 00000000 ____D C:\Users\C&T Muhammad\.oracle_jre_usage
2016-06-19 09:45 - 2015-06-02 18:37 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-06-18 12:44 - 2010-09-01 09:42 - 00000000 ____D C:\Windows\Minidump
2016-06-16 17:04 - 2013-11-16 04:05 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-06-16 17:04 - 2013-11-16 04:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-06-16 08:43 - 2016-05-03 12:59 - 01569792 ____H C:\Users\C&T Muhammad\Desktop\~WRL1687.tmp
2016-06-16 08:30 - 2016-05-03 12:59 - 01568256 ____H C:\Users\C&T Muhammad\Desktop\~WRL3274.tmp
2016-06-16 08:30 - 2016-05-03 12:59 - 01568256 ____H C:\Users\C&T Muhammad\Desktop\~WRL3132.tmp
2016-06-16 07:14 - 2012-08-26 07:23 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\THINGS TO DO and Projects Working On
2016-06-16 07:12 - 2016-05-03 12:59 - 01570304 ____H C:\Users\C&T Muhammad\Desktop\~WRL0987.tmp
2016-06-15 13:29 - 2016-05-03 12:59 - 01526272 ____H C:\Users\C&T Muhammad\Desktop\~WRL1855.tmp
2016-06-15 13:07 - 2016-05-03 12:59 - 01308160 ____H C:\Users\C&T Muhammad\Desktop\~WRL2610.tmp
2016-06-15 13:03 - 2016-05-03 12:59 - 01216000 ____H C:\Users\C&T Muhammad\Desktop\~WRL2858.tmp
2016-06-13 14:18 - 2016-05-10 11:26 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Lexi Picture Folder
2016-06-11 11:59 - 2016-05-03 12:59 - 01050624 ____H C:\Users\C&T Muhammad\Desktop\~WRL0546.tmp
2016-06-11 11:58 - 2016-05-03 12:59 - 00966144 ____H C:\Users\C&T Muhammad\Desktop\~WRL3251.tmp
 
==================== Files in the root of some directories =======
 
2014-06-13 15:40 - 2014-06-14 11:00 - 0005265 _____ () C:\Users\C&T Muhammad\AppData\Roaming\callbanner.png
2011-06-15 06:16 - 2015-02-22 21:47 - 0018001 _____ () C:\Users\C&T Muhammad\AppData\Roaming\UserTile.png
2009-02-11 09:29 - 2009-03-02 21:51 - 0001468 _____ () C:\Users\C&T Muhammad\AppData\Roaming\wklnhst.dat
2009-04-29 13:31 - 2016-07-10 21:41 - 0001356 _____ () C:\Users\C&T Muhammad\AppData\Local\d3d9caps.dat
2009-02-11 14:46 - 2015-08-26 11:41 - 0231424 _____ () C:\Users\C&T Muhammad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-02-11 14:55 - 2009-05-04 08:34 - 0008248 _____ () C:\Users\C&T Muhammad\AppData\Local\en.ini
2015-12-05 09:02 - 2015-12-05 09:02 - 0004096 ____H () C:\Users\C&T Muhammad\AppData\Local\keyfile3.drm
2015-06-27 19:34 - 2015-06-27 19:34 - 0000000 _____ () C:\Users\C&T Muhammad\AppData\Local\{F5BEE43F-0374-41C2-851C-243CD3D16C21}
 
Some files in TEMP:
====================
C:\Users\C&T Muhammad\AppData\Local\Temp\avg-0211b845-9cd4-486c-8242-a95a88ca003d.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-11 10:05
 
==================== End of FRST.txt ============================

  • 0

#27
novicecomputergirl

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-07-2016 01
Ran by C&T Muhammad (2016-07-11 12:28:24)
Running from C:\Users\C&T Muhammad\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X86) (2008-11-05 17:52:58)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2243051797-3227929194-3452157988-500 - Administrator - Disabled)
C&T Muhammad (S-1-5-21-2243051797-3227929194-3452157988-1000 - Administrator - Enabled) => C:\Users\C&T Muhammad
Guest (S-1-5-21-2243051797-3227929194-3452157988-501 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.1.2272 - AVAST Software)
AVG (Version: 16.91.7688 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4613 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.91.7688 - AVG Technologies)
BlackBerry 10 Desktop Software (Blend, Link, Drivers) (HKLM\...\{c33e77db-89b5-4abf-a1d1-97f8b35347e1}) (Version: 1.2.0.52 - BlackBerry)
BlackBerry Communication Drivers (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Device Drivers (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Link (Version: 1.2.4.39 - BlackBerry) Hidden
BlackBerry Link Remover (Version: 1.2.4.0 - BlackBerry Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version:  - )
Canon MP240 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series) (Version:  - )
Canon MP240 series User Registration (HKLM\...\Canon MP240 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Cisco EAP-FAST Module (HKLM\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CouponBridge (HKLM\...\{434F6E75-E8E7-46FA-9037-1D46FAC61ED1}) (Version: 1.0.5 - CouponFactory, LLC) <==== ATTENTION
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Driver Download Manager (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
DriverUpdate (HKLM\...\{97C97FAC-9153-409E-A9C8-A19AFABE7547}) (Version: 2.2.38275 - SlimWare Utilities, Inc.)
Dropbox (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Dropbox) (Version: 5.4.24 - Dropbox, Inc.)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
FMW 1 (Version: 1.102.4 - AVG Technologies) Hidden
Fuze Meeting (HKLM\...\{88F800EE-C2E3-49F1-9A61-DB1EE6DD4245}) (Version: 14.1.3326 - Fuze Box, Inc.)
Fuze Web Installer (HKLM\...\{114c4a6b-dd6c-47d9-9639-de36f18ea7e4}) (Version: 14.12.22716.0 - FuzeBox)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
Graboid Video (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Graboid Video 5.2.1.0) (Version: 5.2.1.0 - Graboid Inc.)
Graboid Video (Version: 5.2.1.0 - Graboid Inc.) Hidden
Graboid Video 3.21 (HKLM\...\Graboid Video) (Version: 3.21 - Graboid Inc.)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
LeapFrog LeapReader Plugin (Version: 5.2.1.18456 - LeapFrog) Hidden
LeapFrog LeapReader Plugin (Version: 5.2.4.18512 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaButtons 4.0.0.19 (HKLM\...\{148DB7A0-BCA6-47DF-A715-DD01F9266478}) (Version: 4.0.0.19 - )
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 6.0 (x86 en-US) (HKLM\...\Mozilla Firefox 6.0 (x86 en-US)) (Version: 6.0 - Mozilla)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PictureMover (HKLM\...\{8E9D71EC-A34B-4af8-A320-34891813DE34}) (Version: 3.4.1.15 - Hewlett-Packard Company)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Spotify) (Version: 1.0.24.104.g92a22684 - Spotify AB)
StartMeeting (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\StartMeeting) (Version: 1.4.7954.1001 - Start Meeting LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.5.1f5_24931 - Unity Technologies ApS)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapReader Plugin) (HKLM\...\LeapReaderPlugin) (Version:  - LeapFrog)
Video Player (HKLM\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Zoodles (HKLM\...\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1) (Version: 3.0.5 - Inquisitive Minds, Inc)
Zoodles (Version: 3.0.5 - Inquisitive Minds, Inc) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{4787082E-1BB0-4790-8346-4BA408818450}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\FuzeMeetingIEplugin.dll (Callwave Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{CFF3F401-4DA6-48be-9F16-6066CFA9374C}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\FuzeMeetingIEplugin.dll (Callwave Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1285BC55-FC9B-4B0D-813C-92F5ED1A960C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {3786CD0D-2CF1-442C-83E8-53A57C9B8B27} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-10] (AVAST Software)
Task: {4803D706-EACD-4839-88C6-8E13BCB31F27} - System32\Tasks\avastBCLRestartS-1-5-21-2243051797-3227929194-3452157988-1000 => Chrome.exe 
Task: {49ABE083-581E-4BDF-BA2E-2C5BD0B3C310} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-03-26] (Siber Systems)
Task: {53A1E83C-B5F0-4410-B13B-1D80D8492BC4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {6584C4B6-D36A-4A37-8173-8AF5CC063D91} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {71BCC9A9-62F2-42BB-8707-3DA4B47598D5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {72FB8449-A6CD-41B4-B673-530748814F87} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {85B89FE3-04B9-4C21-A094-ACC411BBC4FA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {A7E57A72-2C5F-4BCA-A41E-948E84E23570} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {A85DAAF7-1586-4856-BF12-17861B4B56D8} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {B2763B78-064A-4324-BF9F-D4BE2B7BC1AE} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B2A7718C-31BE-4147-8793-7A0BC1A1DC13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {C9254798-23AA-4387-BD4B-9E52632F1574} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D0B4881A-58B4-4FAA-AB3C-1C9F328CF1BA} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-08-18] (PC-Doctor, Inc.)
Task: {EDDD7BD2-0CF7-4704-B209-1F1344EB6234} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-16] (Adobe Systems Incorporated)
Task: {F045A6E6-4D87-496A-8674-E526334A1413} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {F7917915-5179-4748-8926-5D398B66CB9F} - System32\Tasks\SafeZone scheduled Autoupdate 1466360567 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {FCF04EBF-4017-43F5-9A03-A2DED160299F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {FE8E9FF9-6D5F-4D61-9552-C8DEF1D2FBD4} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\SafeZone scheduled Autoupdate 1466360567.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\C&T Muhammad\Desktop\DESKTOP ITEMS\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=solimbav&subid=desktop&campid=vbi (No File)
Shortcut: C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=solimbav&subid=program&campid=vbi (No File)
Shortcut: C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com (No File)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-04-13 11:30 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-13 11:30 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [131]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\e-tmm.com -> hxxp://h36.e-tmm.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 03:23 - 2016-07-08 23:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^C&T Muhammad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^C&T Muhammad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: ECenter => C:\Dell\E-Center\EULALauncher.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
Could not list restore points
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/11/2016 12:26:27 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
 
 
System errors:
=============
 
CodeIntegrity:
===================================
  Date: 2016-07-11 12:27:44.027
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-11 12:27:43.637
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-11 12:27:43.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-11 12:27:42.857
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-11 12:27:35.374
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgunivx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-11 12:27:34.984
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgunivx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-11 12:27:34.594
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgunivx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-11 12:27:34.199
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgunivx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-11 12:27:33.606
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgmfx86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-11 12:27:33.216
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgmfx86.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T5850 @ 2.16GHz
Percentage of memory in use: 32%
Total physical RAM: 3062.45 MB
Available physical RAM: 2061.7 MB
Total Virtual: 6327.15 MB
Available Virtual: 5583.26 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:217.83 GB) (Free:87.82 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.85 GB) NTFS
Drive h: (TONI-RAE'S) (Removable) (Total:14.71 GB) (Free:14.18 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 30000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=217.8 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End of Addition.txt ============================

  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP

We are having problems with WMI for some reason.  

 

I think we need to try 
Windows Repair all in one
 
 
Download it and save it then run it.
 
You can skip to step 4 or 5 where it lets you choose what to repair.
 
Make sure all of these are checked before hitting Start:
 
 
Register System Files
Repair WMI
 
 
Reboot when done and run a FRST scan (with Addition.txt checked) and post both logs.

  • 0

#29
novicecomputergirl

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-07-2016 02
Ran by C&T Muhammad (administrator) on OFFICE-PC (15-07-2016 21:53:52)
Running from C:\Users\C&T Muhammad\Desktop
Loaded Profiles: C&T Muhammad (Available Profiles: C&T Muhammad)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6246400 2008-08-26] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2008-07-03] (Dell Inc.)
HKLM\...\Run: [DellOSD] => C:\Windows\System32\MediaButtons.exe [2166784 2008-05-08] ()
HKLM\...\Run: [BrowserPlugInHelper] => C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-04-12] (RealNetworks, Inc.)
HKLM\...\Run: [MSC] => "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM\...\Run: [RIM PeerManager] => C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4730616 2015-05-26] (BlackBerry Limited)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-07-14] (AVAST Software)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Google Update] => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Dropbox Update] => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-23] (Dropbox, Inc.)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Spotify Web Helper] => C:\Users\C&T Muhammad\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-05-19] (Spotify Ltd)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Run: [Spotify] => C:\Users\C&T Muhammad\AppData\Roaming\Spotify\Spotify.exe [6754928 2016-05-19] (Spotify Ltd)
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\MountPoints2: {3c91c9be-d30f-11e3-b065-0021703901a5} - F:\setup.exe -a
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\MountPoints2: {b3cccb3c-44fc-11e5-9abc-0021703901a5} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\start.exe
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\MountPoints2: {f9770cbb-84cd-11de-8a6a-0021703901a5} - H:\start.exe
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssBranded.scr [8139264 2008-01-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-07-14] (AVAST Software)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-11-05]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-11-05]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll No File 
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll No File 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{28AE79C2-D1A0-4CB7-9A73-B3B4F663F01D}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{A2D144FB-D371-4306-8E0E-6A9708623BAD}: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
URLSearchHook: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 - (No Name) - {238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} -  No File
URLSearchHook: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q={searchTerms}&crm=1
SearchScopes: HKU\.DEFAULT -> DefaultScope {CF739809-1C6C-47C0-85B9-569DBB141420} URL = 
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> Backup.Old.DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={SearchTerms}&s_it=amonetizetest1-ie&tb_uuid=A348D76AC1BB458096F267DFB266A97A&tb_oid=24-07-2013&tb_mrud=24-07-2013
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={1FC92D32-0098-474D-81BF-9431C416E9C6}&mid=f8e11bf0b67b47d3a8f5d16836dde856-21abf109ef5bea8ce7654c8962254f79c0936920&lang=en&ds=ts018&coid=avgtbdists&cmpid=&pr=sa&d=2013-10-30 15:41:46&v=18.0.0.248&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {C603FAF6-5718-4F44-840A-EC8BA0159093} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = 
SearchScopes: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> {E5020A0D-E981-4474-B2BE-19D4FB675838} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-19] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-14] (AVAST Software)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: No Name -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-19] (Oracle Corporation)
Toolbar: HKLM - No Name - !{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} -  No File
Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-28] (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.5\ViProtocol.dll [2014-05-09] (AVG Secure Search)
 
FireFox:
========
FF ProfilePath: C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763
FF DefaultSearchEngine: Bing 
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-us
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.5\\npsitesafety.dll [No File]
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-04-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-04-12] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-05-22] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @unity3d.com/UnityPlayer -> C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll [2011-06-29] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @citrixonline.com/appdetectorplugin -> C:\Users\C&T Muhammad\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-12-07] (Citrix Online)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @fuzebox.com/Fuze Meeting NPAPI Plugin,version=1.0.0.1 -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll [2014-01-03] ( )
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @startmeeting.com/launcher -> C:\Users\C&T Muhammad\AppData\Local\SMPlugins\npsmlauncher.dll [2015-05-21] (Start Meeting)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @talk.google.com/O1DPlugin -> C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @tools.google.com/Google Update;version=3 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2243051797-3227929194-3452157988-1000: @tools.google.com/Google Update;version=9 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF user.js: detected! => C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763\user.js [2014-02-09]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-04-12] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-04-12] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\C&T Muhammad\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\C&T Muhammad\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763\searchplugins\bingp.xml [2015-09-30]
FF Extension: Adblock Plus - C:\Users\C&T Muhammad\AppData\Roaming\Mozilla\Firefox\Profiles\vx5wbjwi.default-1384568325763\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-24] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.5.514 => not found
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-14]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-14]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]
 
Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\C&T Muhammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-14]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AERTFilters; C:\Windows\system32\AERTSrv.exe [73728 2008-08-26] (Andrea Electronics Corporation)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-14] (AVAST Software)
S3 BlackBerry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 RIM MDNS; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-05-26] (Apple Inc.)
S2 RIM Tunnel Service; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1355000 2015-05-26] (BlackBerry Limited)
S4 vToolbarUpdater18.1.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [1801752 2014-05-09] (AVG Secure Search)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-07-03] (Dell Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-07-14] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-07-14] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91680 2016-07-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-07-14] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-07-14] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-07-14] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [438296 2016-07-14] (AVAST Software)
S3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-07-14] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-07-14] (AVAST Software)
S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [222056 2016-07-14] (AVAST Software)
S4 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-05-09] (AVG Technologies)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-07-03] (Broadcom Corporation)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-03-02] (Avanquest Software) [File not signed]
R3 DLXPDisplayName; C:\Windows\System32\DRIVERS\DLACPI.sys [14392 2008-04-16] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-07-15] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [69120 2015-01-14] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6.sys [14848 2015-05-26] (BlackBerry Limited)
S2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-05-08] (Windows ® Codename Longhorn DDK provider)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-02-18] ()
S3 ATMFBUS; system32\DRIVERS\ATMFBUS.sys [X]
S3 ATMFCVsp; system32\DRIVERS\ATMFCVsp.sys [X]
S3 ATMFFLT; system32\DRIVERS\ATMFFLT.sys [X]
S3 ATMFMdm; system32\DRIVERS\ATMFMdm.sys [X]
S3 ATMFNET; system32\DRIVERS\ATMFNET.sys [X]
S3 ATMFNVsp; system32\DRIVERS\ATMFNVsp.sys [X]
S3 ATMFVsp; system32\DRIVERS\ATMFVsp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-15 21:43 - 2016-07-15 21:53 - 00027941 _____ C:\Users\C&T Muhammad\Desktop\FRST.txt
2016-07-15 21:41 - 2016-07-15 21:46 - 01741312 _____ (Farbar) C:\Users\C&T Muhammad\Desktop\FRST.exe
2016-07-15 19:05 - 2016-07-15 19:05 - 00000207 _____ C:\Windows\tweaking.com-regbackup-OFFICE-PC-Windows-Vista-™-Home-Premium-(32-bit).dat
2016-07-15 19:05 - 2016-07-15 19:05 - 00000000 ____D C:\RegBackup
2016-07-15 19:03 - 2016-07-15 19:03 - 00005480 _____ C:\Users\C&T Muhammad\Desktop\Tweaking.com - Windows Repair - Pre-Scan.txt
2016-07-15 16:04 - 2016-07-15 16:04 - 00001914 _____ C:\Users\C&T Muhammad\Desktop\Tweaking.com - Windows Repair.lnk
2016-07-15 16:04 - 2016-07-15 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-07-15 16:03 - 2016-07-15 16:03 - 00000000 ____D C:\Program Files\Tweaking.com
2016-07-15 15:59 - 2016-07-15 16:05 - 00181338 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2016-07-15 15:37 - 2016-07-15 15:50 - 28923184 _____ (Tweaking.com) C:\Users\C&T Muhammad\Desktop\tweaking.com_windows_repair_aio_setup.exe
2016-07-14 10:05 - 2016-07-14 10:05 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-07-14 07:30 - 2016-07-14 07:30 - 00000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone 1 Browser.lnk
2016-07-14 04:41 - 2016-07-14 04:41 - 00354152 _____ C:\unp305310122863377426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00353611 _____ C:\unp305310122852613426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00353159 _____ C:\unp305310122858541426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00352585 _____ C:\unp305310122857449426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00352013 _____ C:\unp305310122859789426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00350944 _____ C:\unp305310122856357426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00350847 _____ C:\unp305310122855265426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00350109 _____ C:\unp305310122854173426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00349768 _____ C:\unp305310122861973426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00349747 _____ C:\unp305310122860881426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00348888 _____ C:\unp305310122851365426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00346785 _____ C:\unp305310122808465426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00345205 _____ C:\unp305310122807373426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00343530 _____ C:\unp305310122805969426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00338254 _____ C:\unp305310123090357426.mdmp
2016-07-14 04:41 - 2016-07-14 04:41 - 00335252 _____ C:\unp305310122636085426.mdmp
2016-07-14 04:40 - 2016-07-14 04:40 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2016-07-14 04:40 - 2016-07-14 04:40 - 00319248 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-07-14 04:40 - 2016-07-14 04:40 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-07-11 12:47 - 2016-07-11 12:47 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\AVAST Software
2016-07-10 21:40 - 2016-07-10 21:40 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\AVG
2016-07-10 21:36 - 2016-07-10 21:39 - 00000000 ____D C:\ProgramData\Avg
2016-07-10 21:35 - 2016-07-10 21:40 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\Avg
2016-07-10 21:35 - 2016-07-10 21:37 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\AvgSetupLog
2016-07-10 20:30 - 2016-07-11 14:08 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\AvastSupport
2016-06-26 21:30 - 2016-07-15 21:53 - 00000000 ____D C:\FRST
2016-06-26 14:47 - 2016-06-26 12:07 - 54935552 _____ C:\Windows\system32\config\SOFTWARE.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 43511808 _____ C:\Windows\system32\config\COMPONENTS.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 30867456 _____ C:\Windows\system32\config\SYSTEM.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 01515520 _____ C:\Windows\system32\config\DEFAULT.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 00057344 _____ C:\Windows\system32\config\SAM.OLD
2016-06-26 14:47 - 2016-06-26 12:07 - 00028672 _____ C:\Windows\system32\config\SECURITY.OLD
2016-06-26 14:33 - 2016-06-26 14:33 - 00000000 ____D C:\Windows\system32\config\cackup
2016-06-26 14:33 - 2016-06-26 14:33 - 00000000 ____D C:\Windows\system32\config\backup
2016-06-21 10:16 - 2016-06-21 10:16 - 00297020 _____ C:\Users\C&T Muhammad\Downloads\Entering 4th Grade Summer Math Packet (2).pdf
2016-06-21 10:15 - 2016-06-21 10:16 - 00297020 _____ C:\Users\C&T Muhammad\Downloads\Entering 4th Grade Summer Math Packet.pdf
2016-06-20 04:57 - 2016-06-20 04:57 - 00235686 _____ C:\Users\C&T Muhammad\Downloads\VS111.pdf
2016-06-20 04:57 - 2016-06-20 04:57 - 00235686 _____ C:\Users\C&T Muhammad\Downloads\1 App for Birth Record VS111.pdf
2016-06-19 11:24 - 2016-06-19 11:24 - 00000814 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-06-19 11:24 - 2016-06-19 11:24 - 00000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-19 11:19 - 2016-07-14 04:40 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-06-19 11:14 - 2016-07-13 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-06-19 11:14 - 2016-06-23 19:40 - 00001747 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-06-19 11:12 - 2016-07-14 07:58 - 00438296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-06-19 11:12 - 2016-07-14 04:40 - 00816304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-19 11:12 - 2016-07-14 04:40 - 00222056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-19 11:12 - 2016-07-14 04:40 - 00184592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-06-19 11:12 - 2016-07-14 04:40 - 00091680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-19 11:12 - 2016-07-14 04:40 - 00066688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-06-19 11:12 - 2016-07-14 04:40 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-06-19 11:12 - 2016-07-14 04:40 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-19 11:12 - 2016-07-14 04:40 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-19 11:05 - 2016-06-19 11:06 - 05066104 _____ (AVAST Software) C:\Users\C&T Muhammad\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2016-06-19 10:32 - 2016-06-19 10:32 - 00000000 ____D C:\ProgramData\dbg
2016-06-19 09:48 - 2016-07-13 14:59 - 00000000 ____D C:\Program Files\Common Files\Java
2016-06-18 18:35 - 2016-06-18 18:35 - 02535247 _____ C:\Users\C&T Muhammad\Downloads\NoDocument (1).pdf
2016-06-18 12:44 - 2016-06-18 12:44 - 225955043 _____ C:\Windows\MEMORY.DMP
2016-06-18 12:44 - 2016-06-18 12:44 - 00147560 _____ C:\Windows\Minidump\Mini061816-01.dmp
2016-06-16 15:20 - 2016-06-16 15:20 - 00626217 _____ C:\Users\C&T Muhammad\Downloads\lexi stid (2).zip
2016-06-16 15:15 - 2016-06-16 15:15 - 00626217 _____ C:\Users\C&T Muhammad\Downloads\lexi stid.zip
2016-06-16 15:15 - 2016-06-16 15:15 - 00626217 _____ C:\Users\C&T Muhammad\Downloads\lexi stid (1).zip
2016-06-15 08:34 - 2016-06-15 08:34 - 00176894 _____ C:\Users\C&T Muhammad\Downloads\Ecosoc Notification Letter.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-15 21:40 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\inf
2016-07-15 21:40 - 2006-11-02 03:33 - 00748812 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-15 21:38 - 2011-02-10 08:28 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\DESKTOP ITEMS
2016-07-15 21:36 - 2011-04-09 21:29 - 00656170 _____ C:\Windows\ntbtlog.txt
2016-07-15 21:36 - 2006-11-02 05:47 - 00349648 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-15 16:12 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\SchCache
2016-07-15 16:10 - 2006-11-02 06:01 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-15 16:10 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-15 16:10 - 2006-11-02 05:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-15 16:10 - 2006-11-02 05:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-15 16:08 - 2015-07-03 12:21 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-15 16:06 - 2015-04-19 14:36 - 00000406 ____H C:\Windows\Tasks\User_Feed_Synchronization-{AC4E15DC-E56F-4AF0-8146-FC7692F56C37}.job
2016-07-15 16:04 - 2013-11-16 04:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-15 16:03 - 2015-09-23 18:40 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-15 16:01 - 2015-06-23 13:50 - 00000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job
2016-07-15 15:26 - 2013-11-07 09:15 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job
2016-07-14 20:01 - 2015-06-23 13:50 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job
2016-07-14 18:26 - 2013-11-07 09:15 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job
2016-07-14 18:03 - 2015-09-23 18:40 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-14 15:33 - 2016-05-19 09:07 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\Spotify
2016-07-14 15:32 - 2014-01-11 14:41 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Spotify
2016-07-14 12:24 - 2015-09-23 18:42 - 00001945 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-14 12:24 - 2015-09-23 18:42 - 00001933 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-14 10:02 - 2014-07-18 03:18 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Dropbox
2016-07-14 09:04 - 2013-11-16 04:05 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-07-14 09:04 - 2013-11-16 04:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-07-14 08:04 - 2008-11-05 17:03 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-13 15:03 - 2009-01-19 21:11 - 00000000 ____D C:\Users\C&T Muhammad
2016-07-13 15:03 - 2006-11-02 03:22 - 54935552 _____ C:\Windows\system32\config\software_previous
2016-07-13 15:00 - 2015-11-08 08:45 - 00000000 ____D C:\Program Files\Bonjour
2016-07-13 15:00 - 2015-07-03 14:01 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-07-13 15:00 - 2015-07-03 12:21 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-07-13 15:00 - 2013-10-30 15:28 - 00000000 ____D C:\ProgramData\MFAData
2016-07-13 15:00 - 2010-06-04 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-13 15:00 - 2009-11-28 09:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-13 15:00 - 2006-11-02 05:37 - 00000000 ____D C:\Windows\ShellNew
2016-07-13 15:00 - 2006-11-02 05:37 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-13 15:00 - 2006-11-02 04:18 - 00000000 __RSD C:\Windows\Media
2016-07-13 15:00 - 2006-11-02 04:18 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-07-13 15:00 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\spool
2016-07-13 15:00 - 2006-11-02 04:18 - 00000000 ____D C:\Program Files\Common Files\System
2016-07-13 15:00 - 2006-11-02 04:18 - 00000000 ____D C:\Program Files\Common Files\Services
2016-07-13 15:00 - 2006-11-02 03:22 - 30932992 _____ C:\Windows\system32\config\system_previous
2016-07-13 14:59 - 2016-03-31 15:10 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Research In Motion
2016-07-13 14:59 - 2016-03-28 22:58 - 00000000 ____D C:\Program Files\Common Files\XCPCSync.OEM
2016-07-13 14:59 - 2016-03-28 22:57 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\Research In Motion
2016-07-13 14:59 - 2016-03-28 22:45 - 00000000 ____D C:\Program Files\Common Files\Research In Motion
2016-07-13 14:59 - 2016-03-16 05:37 - 00000000 ____D C:\ProgramData\AutoKMS
2016-07-13 14:59 - 2016-03-15 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-07-13 14:59 - 2016-02-01 15:01 - 00000000 ____D C:\Program Files\Zoodles
2016-07-13 14:59 - 2016-02-01 15:01 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2016-07-13 14:59 - 2015-11-08 08:50 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2016-07-13 14:59 - 2015-11-08 08:50 - 00000000 ____D C:\Program Files\iPod
2016-07-13 14:59 - 2015-11-08 08:38 - 00000000 ____D C:\Program Files\Apple Software Update
2016-07-13 14:59 - 2015-09-30 18:02 - 00000000 ____D C:\Program Files\MSECache
2016-07-13 14:59 - 2015-07-03 12:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-13 14:59 - 2015-02-27 09:09 - 00000000 ____D C:\Users\C&T Muhammad\Graboid
2016-07-13 14:59 - 2015-02-27 09:01 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\Graboid Inc
2016-07-13 14:59 - 2015-02-13 02:30 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\Fuze Box
2016-07-13 14:59 - 2015-01-08 14:41 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-13 14:59 - 2014-10-31 07:51 - 00000000 ____D C:\Users\C&T Muhammad\AppData\LocalLow\Google
2016-07-13 14:59 - 2014-09-07 08:00 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\Downloadius_S.A.R.L
2016-07-13 14:59 - 2014-08-24 18:44 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Roaming\EurekaLab s.a.s
2016-07-13 14:59 - 2014-08-16 05:01 - 00000000 ____D C:\ProgramData\Oracle
2016-07-13 14:59 - 2014-07-18 03:21 - 00000000 ____D C:\Program Files\Dropbox
2016-07-13 14:59 - 2014-06-13 15:37 - 00000000 ____D C:\ProgramData\AVAST Software
2016-07-13 14:59 - 2014-05-09 00:59 - 00000000 ____D C:\ProgramData\AVG Secure Search
2016-07-13 14:59 - 2011-10-15 14:01 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\ElevatedDiagnostics
2016-07-13 14:59 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\registration
2016-07-13 14:59 - 2006-11-02 04:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-07-13 14:45 - 2006-11-02 03:22 - 43511808 _____ C:\Windows\system32\config\components_previous
2016-07-13 14:45 - 2006-11-02 03:22 - 00057344 _____ C:\Windows\system32\config\sam_previous
2016-07-13 13:42 - 2006-11-02 03:22 - 01515520 _____ C:\Windows\system32\config\default_previous
2016-07-13 13:42 - 2006-11-02 03:22 - 00028672 _____ C:\Windows\system32\config\security_previous
2016-07-11 21:00 - 2010-09-01 09:42 - 00000000 ____D C:\Windows\Minidump
2016-07-11 12:50 - 2009-04-29 13:31 - 00001356 _____ C:\Users\C&T Muhammad\AppData\Local\d3d9caps.dat
2016-07-10 21:39 - 2013-10-30 15:34 - 00000000 ___HD C:\$AVG
2016-07-10 21:38 - 2013-10-30 15:33 - 00000000 ____D C:\Program Files\AVG
2016-07-10 20:17 - 2016-05-26 19:03 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Zaahidah
2016-07-08 17:21 - 2013-08-20 07:12 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Homeschool
2016-07-08 04:58 - 2012-05-21 10:34 - 00000000 ____D C:\Users\C&T Muhammad\AppData\LocalLow\Temp
2016-07-07 12:58 - 2009-01-19 21:12 - 00000000 ____D C:\Users\C&T Muhammad\AppData\Local\Google
2016-07-07 12:58 - 2008-11-05 17:15 - 00000000 ____D C:\Program Files\Google
2016-06-26 13:07 - 2006-11-02 05:47 - 00187392 _____ C:\Windows\system32\umstartup.etl
2016-06-25 09:02 - 2013-08-14 03:12 - 00000000 ____D C:\Windows\system32\MRT
2016-06-24 06:23 - 2012-07-04 09:51 - 00000000 ____D C:\Program Files\Yahoo!
2016-06-24 06:19 - 2016-03-26 09:52 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Conscious Graphic ART
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-06-23 19:14 - 2006-11-02 04:18 - 00000000 ___RD C:\Windows\Offline Web Pages
2016-06-23 19:13 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\Msdtc
2016-06-21 19:38 - 2016-02-01 19:14 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\SimpleTrend System
2016-06-21 19:38 - 2015-12-11 04:52 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\Lexi ArmyROTC_ASU INFO
2016-06-19 11:18 - 2014-06-13 15:39 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-19 10:54 - 2009-09-18 11:15 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2016-06-19 09:51 - 2014-08-16 04:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-19 09:51 - 2010-10-01 12:36 - 00000000 ____D C:\Program Files\Java
2016-06-19 09:47 - 2015-12-11 11:25 - 00000000 ____D C:\Users\C&T Muhammad\.oracle_jre_usage
2016-06-19 09:45 - 2015-06-02 18:37 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-06-16 08:43 - 2016-05-03 12:59 - 01569792 ____H C:\Users\C&T Muhammad\Desktop\~WRL1687.tmp
2016-06-16 08:30 - 2016-05-03 12:59 - 01568256 ____H C:\Users\C&T Muhammad\Desktop\~WRL3274.tmp
2016-06-16 08:30 - 2016-05-03 12:59 - 01568256 ____H C:\Users\C&T Muhammad\Desktop\~WRL3132.tmp
2016-06-16 07:14 - 2012-08-26 07:23 - 00000000 ____D C:\Users\C&T Muhammad\Desktop\THINGS TO DO and Projects Working On
2016-06-16 07:12 - 2016-05-03 12:59 - 01570304 ____H C:\Users\C&T Muhammad\Desktop\~WRL0987.tmp
2016-06-15 13:29 - 2016-05-03 12:59 - 01526272 ____H C:\Users\C&T Muhammad\Desktop\~WRL1855.tmp
2016-06-15 13:07 - 2016-05-03 12:59 - 01308160 ____H C:\Users\C&T Muhammad\Desktop\~WRL2610.tmp
2016-06-15 13:03 - 2016-05-03 12:59 - 01216000 ____H C:\Users\C&T Muhammad\Desktop\~WRL2858.tmp
 
==================== Files in the root of some directories =======
 
2014-06-13 15:40 - 2014-06-14 11:00 - 0005265 _____ () C:\Users\C&T Muhammad\AppData\Roaming\callbanner.png
2011-06-15 06:16 - 2015-02-22 21:47 - 0018001 _____ () C:\Users\C&T Muhammad\AppData\Roaming\UserTile.png
2009-02-11 09:29 - 2009-03-02 21:51 - 0001468 _____ () C:\Users\C&T Muhammad\AppData\Roaming\wklnhst.dat
2009-04-29 13:31 - 2016-07-11 12:50 - 0001356 _____ () C:\Users\C&T Muhammad\AppData\Local\d3d9caps.dat
2009-02-11 14:46 - 2015-08-26 11:41 - 0231424 _____ () C:\Users\C&T Muhammad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-02-11 14:55 - 2009-05-04 08:34 - 0008248 _____ () C:\Users\C&T Muhammad\AppData\Local\en.ini
2015-12-05 09:02 - 2015-12-05 09:02 - 0004096 ____H () C:\Users\C&T Muhammad\AppData\Local\keyfile3.drm
2015-06-27 19:34 - 2015-06-27 19:34 - 0000000 _____ () C:\Users\C&T Muhammad\AppData\Local\{F5BEE43F-0374-41C2-851C-243CD3D16C21}
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-15 21:51
 
==================== End of FRST.txt ============================

  • 0

#30
novicecomputergirl

novicecomputergirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-07-2016 02
Ran by C&T Muhammad (2016-07-15 21:54:38)
Running from C:\Users\C&T Muhammad\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2008-11-05 17:52:58)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2243051797-3227929194-3452157988-500 - Administrator - Disabled)
C&T Muhammad (S-1-5-21-2243051797-3227929194-3452157988-1000 - Administrator - Enabled) => C:\Users\C&T Muhammad
Guest (S-1-5-21-2243051797-3227929194-3452157988-501 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.1.2272 - AVAST Software)
BlackBerry 10 Desktop Software (Blend, Link, Drivers) (HKLM\...\{c33e77db-89b5-4abf-a1d1-97f8b35347e1}) (Version: 1.2.0.52 - BlackBerry)
BlackBerry Communication Drivers (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Device Drivers (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Link (Version: 1.2.4.39 - BlackBerry) Hidden
BlackBerry Link Remover (Version: 1.2.4.0 - BlackBerry Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version:  - )
Canon MP240 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series) (Version:  - )
Canon MP240 series User Registration (HKLM\...\Canon MP240 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Cisco EAP-FAST Module (HKLM\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CouponBridge (HKLM\...\{434F6E75-E8E7-46FA-9037-1D46FAC61ED1}) (Version: 1.0.5 - CouponFactory, LLC) <==== ATTENTION
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Driver Download Manager (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
DriverUpdate (HKLM\...\{97C97FAC-9153-409E-A9C8-A19AFABE7547}) (Version: 2.2.38275 - SlimWare Utilities, Inc.)
Dropbox (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
Fuze Meeting (HKLM\...\{88F800EE-C2E3-49F1-9A61-DB1EE6DD4245}) (Version: 14.1.3326 - Fuze Box, Inc.)
Fuze Web Installer (HKLM\...\{114c4a6b-dd6c-47d9-9639-de36f18ea7e4}) (Version: 14.12.22716.0 - FuzeBox)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
Graboid Video (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Graboid Video 5.2.1.0) (Version: 5.2.1.0 - Graboid Inc.)
Graboid Video (Version: 5.2.1.0 - Graboid Inc.) Hidden
Graboid Video 3.21 (HKLM\...\Graboid Video) (Version: 3.21 - Graboid Inc.)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
LeapFrog LeapReader Plugin (Version: 5.2.1.18456 - LeapFrog) Hidden
LeapFrog LeapReader Plugin (Version: 5.2.4.18512 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaButtons 4.0.0.19 (HKLM\...\{148DB7A0-BCA6-47DF-A715-DD01F9266478}) (Version: 4.0.0.19 - )
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 6.0 (x86 en-US) (HKLM\...\Mozilla Firefox 6.0 (x86 en-US)) (Version: 6.0 - Mozilla)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PictureMover (HKLM\...\{8E9D71EC-A34B-4af8-A320-34891813DE34}) (Version: 3.4.1.15 - Hewlett-Packard Company)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden
SafeZone Stable 1.48.2066.114 (Version: 1.48.2066.114 - Avast Software) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\Spotify) (Version: 1.0.24.104.g92a22684 - Spotify AB)
StartMeeting (HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\StartMeeting) (Version: 1.4.7954.1001 - Start Meeting LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.5 - Tweaking.com)
Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.5.1f5_24931 - Unity Technologies ApS)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapReader Plugin) (HKLM\...\LeapReaderPlugin) (Version:  - LeapFrog)
Video Player (HKLM\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Zoodles (HKLM\...\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1) (Version: 3.0.5 - Inquisitive Minds, Inc)
Zoodles (Version: 3.0.5 - Inquisitive Minds, Inc) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{4787082E-1BB0-4790-8346-4BA408818450}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\FuzeMeetingIEplugin.dll (Callwave Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Citrix\GoToMeeting\3880\G2MOutlookAddin.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe ()
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.29.2\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{CFF3F401-4DA6-48be-9F16-6066CFA9374C}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\FuzeMeetingIEplugin.dll (Callwave Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1285BC55-FC9B-4B0D-813C-92F5ED1A960C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1BA77315-56E6-4B66-BB78-1A8BA64A8CDA} - System32\Tasks\PCSpeedCleanPRO_Start => C:\Program Files\PC Speed Clean PRO\PCSpeedCleanPRO.exe
Task: {1F46C5D4-F14B-4DA3-9E68-5EA9C5A46168} - \Funmoods -> No File <==== ATTENTION
Task: {2BDFC3BF-59C4-4B71-AC97-0B1CB6940632} - System32\Tasks\{9D9E481C-AF45-4DAF-BA6D-4D8D6FBCC887} => pcalua.exe -a "C:\Users\C&amp;T Muhammad\AppData\Local\Temp\Reinstal\media_player_setup[1].exe" -d C:\Users\C&amp;TMUH~1\AppData\Local\Temp\Reinstal\ -c /RR /DIR:0Czx1Y0P1C1F1N1C1T1HtT0F1L1I1P1B1Y0M1P1Q1L1TtT0P1I1T2U1P1C1Y /BNDL:BBN_13054 /EB
Task: {3786CD0D-2CF1-442C-83E8-53A57C9B8B27} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-14] (AVAST Software)
Task: {4803D706-EACD-4839-88C6-8E13BCB31F27} - System32\Tasks\avastBCLRestartS-1-5-21-2243051797-3227929194-3452157988-1000 => Chrome.exe 
Task: {49ABE083-581E-4BDF-BA2E-2C5BD0B3C310} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-03-26] (Siber Systems)
Task: {51EC7DDF-9ADC-4688-B80D-A3CF5C74DF00} - System32\Tasks\SafeZone scheduled Autoupdate 1468506618 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {53A1E83C-B5F0-4410-B13B-1D80D8492BC4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {6584C4B6-D36A-4A37-8173-8AF5CC063D91} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {71BCC9A9-62F2-42BB-8707-3DA4B47598D5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {720E7400-BAA3-4675-959D-37A9DC5D9E39} - System32\Tasks\PCSpeedCleanPRO_Popup => C:\Program Files\PC Speed Clean PRO\Splash.exe
Task: {729B3C78-77C6-4DDE-ADB0-95525A7F9E12} - no filepath
Task: {72FB8449-A6CD-41B4-B673-530748814F87} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {85B89FE3-04B9-4C21-A094-ACC411BBC4FA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {862BCDAE-47C9-4040-9E00-A85D0EA30C79} - no filepath
Task: {9D6972DC-EC86-4093-AA53-06F1D33E7055} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {A7E57A72-2C5F-4BCA-A41E-948E84E23570} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {A85DAAF7-1586-4856-BF12-17861B4B56D8} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {A895A013-451F-4045-AC73-5E52387D88C7} - \DriverUpdate Startup -> No File <==== ATTENTION
Task: {B2763B78-064A-4324-BF9F-D4BE2B7BC1AE} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B2A7718C-31BE-4147-8793-7A0BC1A1DC13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {C9254798-23AA-4387-BD4B-9E52632F1574} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CD960298-1365-4A56-A3CC-07C610A84C4A} - no filepath
Task: {D0B4881A-58B4-4FAA-AB3C-1C9F328CF1BA} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-08-18] (PC-Doctor, Inc.)
Task: {D25B5541-139A-46D1-A41C-54529A668CC3} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {E9A35101-1932-4BC7-9647-5AE779BCC361} - no filepath
Task: {ED38A655-3466-43EC-9EF6-641B53A4617C} - System32\Tasks\CodecUpdaterUpdaterLogonTask => C:\ProgramData\CodecUpdate\ix_updater.exe <==== ATTENTION
Task: {EDDD7BD2-0CF7-4704-B209-1F1344EB6234} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {F045A6E6-4D87-496A-8674-E526334A1413} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {F7917915-5179-4748-8926-5D398B66CB9F} - System32\Tasks\SafeZone scheduled Autoupdate 1466360567 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {FCF04EBF-4017-43F5-9A03-A2DED160299F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {FE8E9FF9-6D5F-4D61-9552-C8DEF1D2FBD4} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2243051797-3227929194-3452157988-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {FECBCDAD-AF72-453B-A7E8-958F0B3C9F91} - no filepath
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CodecUpdaterUpdaterLogonTask.job => C:\ProgramData\CodecUpdate\[email protected]/schedule /profilepath C:\ProgramData\CodecUpdate\profile.ini <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job => C:\Users\C&T Muhammad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000Core.job => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2243051797-3227929194-3452157988-1000UA.job => C:\Users\C&T Muhammad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{AC4E15DC-E56F-4AF0-8146-FC7692F56C37}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com (No File)
 
ShortcutWithArgument: C:\Users\C&T Muhammad\Desktop\DESKTOP ITEMS\Fuze Meeting .lnk -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\Fuze_Meeting.exe (Fuze Box Inc.) -> hxxps://www.fuzemeeting.com/fuze
ShortcutWithArgument: C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fuze Meeting\Fuze Meeting .lnk -> C:\Users\C&T Muhammad\AppData\Local\Fuze Box\Fuze Meeting\Fuze_Meeting.exe (Fuze Box Inc.) -> hxxps://www.fuzemeeting.com/fuze
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [131]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\...\e-tmm.com -> hxxp://h36.e-tmm.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 03:23 - 2016-07-15 19:32 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2243051797-3227929194-3452157988-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\C&T Muhammad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^C&T Muhammad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^C&T Muhammad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: ECenter => C:\Dell\E-Center\EULALauncher.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
 
==================== Restore Points =========================
 
22-06-2016 03:03:33 Windows Update
23-06-2016 18:49:10 Windows Update
24-06-2016 03:00:12 Windows Update
24-06-2016 06:23:41 Removed Zoodles
25-06-2016 03:06:11 Windows Update
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/15/2016 09:38:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/15/2016 09:38:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/15/2016 09:37:52 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (07/15/2016 07:35:26 PM) (Source: LoadPerf) (EventID: 3009) (User: )
Description: .NET CLR Networking 4.0.0.02
 
Error: (07/15/2016 07:35:26 PM) (Source: LoadPerf) (EventID: 3009) (User: )
Description: .NET Data Provider for Oracle2
 
Error: (07/15/2016 07:33:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.
 
Error: (07/15/2016 07:33:53 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (07/15/2016 07:33:38 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.
 
Error: (07/15/2016 07:33:38 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (07/15/2016 07:32:51 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
 
System errors:
=============
Error: (07/15/2016 09:55:17 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume RECOVERY.
 
Error: (07/15/2016 09:55:17 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume RECOVERY.
 
Error: (07/15/2016 09:46:05 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068BITS{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (07/15/2016 09:37:58 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (07/15/2016 09:37:55 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
 
Error: (07/15/2016 09:37:52 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (07/15/2016 09:37:44 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (07/15/2016 09:37:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: aswRvrt
aswSnx
aswSP
aswVmm
MpFilter
spldr
Wanarpv6
 
Error: (07/15/2016 09:37:10 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Windows Firewall5 (0x5)
 
Error: (07/15/2016 09:36:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Windows\System32\bcmihvsrv.dll21
 
 
CodeIntegrity:
===================================
  Date: 2016-07-15 21:54:01.944
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-15 21:54:01.600
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-15 21:54:01.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-15 21:54:00.930
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-15 14:35:46.992
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-15 14:35:41.487
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-15 10:08:48.512
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-15 10:08:47.915
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-15 10:08:47.306
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-15 10:08:46.709
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T5850 @ 2.16GHz
Percentage of memory in use: 24%
Total physical RAM: 3062.45 MB
Available physical RAM: 2300.91 MB
Total Virtual: 6327.15 MB
Available Virtual: 5845.76 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:217.83 GB) (Free:112.83 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.85 GB) NTFS
Drive o: (OS) (Network) (Total:217.83 GB) (Free:112.83 GB) NTFS
Drive z: (OS) (Network) (Total:217.83 GB) (Free:112.83 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 30000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=217.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0






Similar Topics


Also tagged with one or more of these keywords: Malware Removal

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP