Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Invalid external drive H:/ and f:/ keep popping up in explorer

external drive pop up explorer.exe

  • Please log in to reply

#1
Evelyn Smith

Evelyn Smith

    New Member

  • Member
  • Pip
  • 4 posts

Hi,

After I used 2 different cameras that I plugged into my USB drive, I keep having explorer.exe popping up their drive names saying "F:/ or H:/ The directory name is invalid." I can't even close the windows because hundreds are popping up over and over and I can't even do anything unless I end explorer.exe task. This isn't my computer but my husband likes to dabble in music sample websites so it could have come from there. I have no idea. I also noticed that anytime I use a process that can enable the "always on top" feature. ex. Task manager, the screen starts flashing. I really think it's either a hack or a virus. If it's a virus, it's definitely responding to everything I do.

 

Here is my FRST.txt file:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2016

Ran by ALLAH is UP (administrator) on ALLAHISUP-PC (30-06-2016 23:52:55)

Running from C:\Users\ALLAH is UP\Downloads

Loaded Profiles: ALLAH is UP (Available Profiles: ALLAH is UP & DefaultAppPool)

Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe

() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe

(Microsoft Corporation) C:\Windows\System32\mqsvc.exe

(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe

() C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-11-02] (Realtek Semiconductor)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe

HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe

HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()

HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"

HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6570256 2016-06-09] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-10-08] (Power Software Ltd)

HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23972712 2016-05-31] (Dropbox, Inc.)

HKU\S-1-5-21-436150743-3596999183-3093125189-1000\...\RunOnce: [Uninstall C:\Users\ALLAH is UP\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ALLAH is UP\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"

ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk [2015-11-07]

ShortcutTarget: NETGEAR WNA1100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()

Startup: C:\Users\ALLAH is UP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch ShareMouse.lnk [2015-12-31]

ShortcutTarget: Launch ShareMouse.lnk ->  (No File)

Startup: C:\Users\ALLAH is UP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk [2015-12-05]

ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61

Tcpip\..\Interfaces\{198b4aa9-9dc7-4069-a127-c7186133f369}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Tcpip\..\Interfaces\{bf9f04bb-c5eb-494c-9375-71bc1da463d8}: [DhcpNameServer] 209.18.47.62 209.18.47.61

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 

HKU\S-1-5-21-436150743-3596999183-3093125189-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://emachines.msn.com

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_47&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAtDyEyCzy0AtC0F0FyCtBtCyDtAyB0AtN0D0Tzu0StCyEtCyCtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyC0AtC0ByEtByDyCtGtAtBzzyBtGtByDzztAtGyEtCtB0AtGzy0C0D0FtByD0BzzzytDyCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCzztA0F0EyC0FtGyEyBtDzytGyEtAtAtAtGzzzy0BzztGtD0CyEtCyBtA0F0CtCtB0A0D2QtN0A0LzuyE%26cr%3D1644942901%26a%3Dwncy_pwrisofs_15_47%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_47&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAtDyEyCzy0AtC0F0FyCtBtCyDtAyB0AtN0D0Tzu0StCyEtCyCtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyC0AtC0ByEtByDyCtGtAtBzzyBtGtByDzztAtGyEtCtB0AtGzy0C0D0FtByD0BzzzytDyCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCzztA0F0EyC0FtGyEyBtDzytGyEtAtAtAtGzzzy0BzztGtD0CyEtCyBtA0F0CtCtB0A0D2QtN0A0LzuyE%26cr%3D1644942901%26a%3Dwncy_pwrisofs_15_47%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}

SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-436150743-3596999183-3093125189-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_47&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAtDyEyCzy0AtC0F0FyCtBtCyDtAyB0AtN0D0Tzu0StCyEtCyCtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyC0AtC0ByEtByDyCtGtAtBzzyBtGtByDzztAtGyEtCtB0AtGzy0C0D0FtByD0BzzzytDyCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCzztA0F0EyC0FtGyEyBtDzytGyEtAtAtAtGzzzy0BzztGtD0CyEtCyBtA0F0CtCtB0A0D2QtN0A0LzuyE%26cr%3D1644942901%26a%3Dwncy_pwrisofs_15_47%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-31] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-31] ()

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)

 

Chrome: 

=======

CHR Profile: C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-17]

CHR Extension: (Google Docs) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-17]

CHR Extension: (Google Drive) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-17]

CHR Extension: (YouTube) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-17]

CHR Extension: (Adblock Plus) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-28]

CHR Extension: (Google Search) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-17]

CHR Extension: (Google Sheets) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-17]

CHR Extension: (Google Docs Offline) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31]

CHR Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\heajfgnegopeedndeahkdjedjkjcmnpb [2016-06-07]

CHR Extension: (Online For Disconnect) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbbibfnbfeolainmnliccbfipijonao [2015-11-17]

CHR Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2016-06-29]

CHR Extension: (Chrome Web Store Payments) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-09]

CHR Extension: (Gmail) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-17]

CHR Extension: (Ad.Block Plus) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppokofpeodofmocjcgjamemiiddhjpbe [2015-11-17]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [636312 2016-06-09] (AVG Technologies CZ, s.r.o.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5165824 2016-06-09] (AVG Technologies CZ, s.r.o.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [705528 2016-06-09] (AVG Technologies CZ, s.r.o.)

S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-17] (Dropbox, Inc.)

S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-17] (Dropbox, Inc.)

S3 NetcamStudioSvc64; C:\Program Files\Netcam Studio - 64-bit\NetcamStudio.Service.exe [4051264 2016-01-06] (Moonware Studios)

R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]

S4 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)

S4 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [5653736 2015-12-07] (RealVNC Ltd)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-05-18] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-05-02] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [247040 2016-05-05] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-05-02] (AVG Technologies CZ, s.r.o.)

R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-05] (AVG Technologies CZ, s.r.o.)

R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)

S3 DGUSBAP; C:\Windows\system32\DRIVERS\dgmbx2.sys [194864 2011-02-13] (Avid Technology, Inc.)

R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.)

S3 MBX2DFU; C:\Windows\SYSTEM32\DRIVERS\dgmbx2fu.sys [32944 2011-02-13] (Avid Technology, Inc.)

R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)

R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )

S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [12400 2016-01-28] (Macrovision Europe Ltd) [File not signed]

R3 VBAudioVMAUXVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmauxvaio64_win7.sys [41192 2015-11-21] (Windows ® Win 7 DDK provider)

R3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-11-21] (Windows ® Win 7 DDK provider)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

U3 idsvc; no ImagePath

U3 swmidi; no ImagePath

U3 wpcsvc; no ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-06-30 00:00 - 2016-06-30 00:01 - 00045425 _____ C:\Users\ALLAH is UP\Downloads\Addition.txt

2016-06-29 23:58 - 2016-06-30 23:52 - 00019882 _____ C:\Users\ALLAH is UP\Downloads\FRST.txt

2016-06-29 23:58 - 2016-06-30 23:52 - 00000000 ____D C:\FRST

2016-06-29 23:57 - 2016-06-29 23:57 - 02390016 _____ (Farbar) C:\Users\ALLAH is UP\Downloads\FRST64.exe

2016-06-29 23:10 - 2016-06-30 23:14 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

2016-06-19 16:40 - 2016-06-19 16:40 - 00373965 _____ C:\Users\ALLAH is UP\Downloads\012714.pdf

2016-06-09 04:45 - 2016-06-09 04:45 - 00000382 _____ C:\WINDOWS\Tasks\AVG-SSU_0616avz.job

2016-06-09 04:45 - 2016-06-09 04:45 - 00000000 ____D C:\ProgramData\Avg_Update_0616avz

2016-06-07 03:17 - 2016-06-07 03:18 - 00281404 _____ C:\WINDOWS\Minidump\060716-52046-01.dmp

2016-06-07 03:17 - 2016-06-07 03:17 - 00000000 ____D C:\WINDOWS\Minidump

2016-06-07 03:14 - 2016-06-29 21:18 - 00171579 _____ C:\WINDOWS\system32\DICoInst64.bak

2016-06-07 03:13 - 2010-10-09 13:53 - 00170584 _____ (EGOSYS, Inc.) C:\WINDOWS\system32\DICoInst64.dll

2016-06-07 03:12 - 2016-06-07 03:12 - 00000000 ____D C:\Program Files (x86)\TASCAM

2016-06-07 03:12 - 2011-01-08 06:44 - 00103512 _____ C:\WINDOWS\SysWOW64\US800Asio32.dll

2016-06-07 03:11 - 2016-06-07 03:11 - 02722289 _____ C:\Users\ALLAH is UP\Downloads\us800_win_v1_0_8_20110107.zip

2016-06-06 22:18 - 2016-06-06 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-06-30 23:14 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-06-30 18:44 - 2015-11-07 16:42 - 00000000 ____D C:\ProgramData\MFAData

2016-06-30 16:50 - 2015-12-26 15:57 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2016-06-30 16:50 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF

2016-06-30 16:49 - 2016-01-15 15:17 - 02407736 _____ C:\WINDOWS\ntbtlog.txt

2016-06-29 21:35 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps

2016-06-29 21:19 - 2015-12-26 16:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-06-29 21:03 - 2015-12-26 15:58 - 00000000 ____D C:\Users\ALLAH is UP

2016-06-29 21:03 - 2015-10-29 23:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI

2016-06-29 13:53 - 2016-02-20 21:26 - 00000882 _____ C:\Users\Public\Desktop\AVG.lnk

2016-06-29 13:53 - 2015-11-07 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen

2016-06-28 03:35 - 2015-10-29 23:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM

2016-06-25 21:45 - 2015-11-17 18:08 - 00002281 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-06-25 21:42 - 2015-11-17 16:42 - 00000288 _____ C:\WINDOWS\Tasks\UpdateTask.job

2016-06-25 21:41 - 2015-11-17 17:10 - 00000914 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job

2016-06-25 21:41 - 2015-11-07 15:51 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-06-25 21:40 - 2015-12-05 10:44 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2016-06-23 04:36 - 2016-01-05 18:35 - 00000000 ____D C:\Users\ALLAH is UP\AppData\Local\RealVNC

2016-06-21 22:15 - 2015-11-17 17:10 - 00000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job

2016-06-21 22:05 - 2015-11-07 15:51 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-06-14 22:37 - 2015-11-07 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2016-06-14 21:47 - 2015-12-26 16:54 - 00002431 _____ C:\Users\ALLAH is UP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2016-06-14 21:47 - 2015-12-26 16:54 - 00000000 ___RD C:\Users\ALLAH is UP\OneDrive

2016-06-14 21:29 - 2016-03-29 13:21 - 00000000 ____D C:\Users\ALLAH is UP\AppData\Local\Windows Live

2016-06-07 03:37 - 2015-11-17 18:20 - 00000000 ____D C:\Users\ALLAH is UP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

2016-06-07 03:17 - 2015-12-26 15:51 - 00194224 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2016-06-07 03:17 - 2015-11-20 12:17 - 327445488 _____ C:\WINDOWS\MEMORY.DMP

2016-06-06 22:18 - 2015-11-17 17:10 - 00000000 ____D C:\Program Files (x86)\Dropbox

 

==================== Files in the root of some directories =======

 

2015-11-21 03:20 - 2015-12-26 17:21 - 0031460 _____ () C:\Users\ALLAH is UP\AppData\Roaming\VoiceMeeterDefault.xml

 

Some files in TEMP:

====================

C:\Users\ALLAH is UP\AppData\Local\Temp\avguirn_081040707190.exe

C:\Users\ALLAH is UP\AppData\Local\Temp\avguirn_081193459123.exe

C:\Users\ALLAH is UP\AppData\Local\Temp\avguirn_081216923614.exe

C:\Users\ALLAH is UP\AppData\Local\Temp\avguirn_081449743922.exe

C:\Users\ALLAH is UP\AppData\Local\Temp\avguirn_081800841901.exe

C:\Users\ALLAH is UP\AppData\Local\Temp\avguirn_08872103858.exe

C:\Users\ALLAH is UP\AppData\Local\Temp\exeE981.tmp.exe

C:\Users\ALLAH is UP\AppData\Local\Temp\GLF23A9.tmp.exe

C:\Users\ALLAH is UP\AppData\Local\Temp\GLF9DA.tmp.exe

C:\Users\ALLAH is UP\AppData\Local\Temp\GLFCBFC.tmp.exe

C:\Users\ALLAH is UP\AppData\Local\Temp\GLFE1F3.tmp.exe

C:\Users\ALLAH is UP\AppData\Local\Temp\GLFE326.tmp.exe

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-06-13 22:17

 

==================== End of FRST.txt ============================

 

Now here is my addition.txt file:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016

Ran by ALLAH is UP (2016-06-30 00:00:46)
Running from C:\Users\ALLAH is UP\Downloads
Windows 10 Home Version 1511 (X64) (2015-12-26 23:26:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-436150743-3596999183-3093125189-500 - Administrator - Disabled)
ALLAH is UP (S-1-5-21-436150743-3596999183-3093125189-1000 - Administrator - Enabled) => C:\Users\ALLAH is UP
DefaultAccount (S-1-5-21-436150743-3596999183-3093125189-503 - Limited - Disabled)
Guest (S-1-5-21-436150743-3596999183-3093125189-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-436150743-3596999183-3093125189-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ableton Live 9 Suite (HKLM\...\{F6238EAB-3AD7-4B0E-B0AD-E533A93A5C32}) (Version: 9.0.0.0 - Ableton)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Antares Tube v1.0 (HKLM-x32\...\Antares Tube v1.0) (Version:  - )
Arturia CS-80V v1.2 (HKLM-x32\...\Arturia CS-80V v1.2) (Version:  - )
Arturia Minimoog V v1.0 (HKLM-x32\...\Arturia Minimoog V v1.0) (Version:  - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
AVG (HKLM\...\AvgZen) (Version: 1.72.2.24716 - AVG Technologies)
AVG (Version: 16.81.7640 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4613 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.81.7640 - AVG Technologies)
AVG Zen (Version: 1.72.1 - AVG Technologies) Hidden
Avid Mbox 2 USB Drivers (x64) (HKLM\...\{F9242D4E-09E7-45C7-A53A-83375D0FAD42}) (Version: 9.0.2 - Avid Technology, Inc.)
BassGrinder version 1.0.4 (HKLM\...\BassGrinder_is1) (Version: 1.0.4 - )
Cakewalk Rapture 1.2 (HKLM\...\Cakewalk Rapture_is1) (Version: 1.2 - Cakewalk Music Software)
CANTOR 2 (HKLM-x32\...\{0EF0223B-1EE2-4D79-8668-9E1FE7E23C50}) (Version: 2.0.0 - VirSyn Software Synthesizer)
Classic Drum Machines Volume 1.0 (HKLM-x32\...\Classic Drum Machines Expansion Pack_is1) (Version:  - Arturia)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden
CUBE 2 (HKLM-x32\...\CUBE 2) (Version: 2.2 - VirSyn Software Synthesizer)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
DUNE 1.35 (HKLM-x32\...\DUNE_is1) (Version:  - Synapse Audio Software)
DVM_IPCam2Setup version 1.0 (HKLM-x32\...\{679D432E-006C-4371-B190-884997A55280}_is1) (Version: 1.0 - ipcam)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.03.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0825.2010 - Acer Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.6.2.0 - Telerik)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
FMW 1 (Version: 1.102.4 - AVG Technologies) Hidden
FXpansion Bloom (HKU\S-1-5-21-436150743-3596999183-3093125189-1000\...\FXpansion Bloom) (Version: 1.0.0.5 - FXpansion Audio UK Ltd)
FXpansion Etch (HKU\S-1-5-21-436150743-3596999183-3093125189-1000\...\FXpansion Etch) (Version: 1.0.0.6 - FXpansion Audio UK Ltd)
FXpansion Maul (HKU\S-1-5-21-436150743-3596999183-3093125189-1000\...\FXpansion Maul) (Version: 1.0.1.2 - FXpansion Audio UK Ltd)
FXpansion Tremor (HKU\S-1-5-21-436150743-3596999183-3093125189-1000\...\FXpansion Tremor) (Version: 1.0.0.6 - FXpansion Audio UK Ltd)
Gladiator  full (HKLM-x32\...\Tone2 Gladiator full_is1) (Version:  - Tone2)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Harmor (HKLM-x32\...\IL Harmor) (Version:  - Image-Line)
IL Minihost Modular (HKLM-x32\...\IL Minihost Modular) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
IL Slicex (HKLM-x32\...\IL Slicex) (Version:  - Image-Line)
IL Vocodex (HKLM-x32\...\IL Vocodex) (Version:  - Image-Line)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{5D9EB565-39CB-4C8E-BF3B-CB8880A61404}) (Version: 12.1.258 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1968 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.0 - PACE Anti-Piracy, Inc.)
IPCMonitor_en version 1.0.1.7 (HKLM-x32\...\{8EC13308-5065-43FA-A5E8-E225F18DAB89}_is1) (Version: 1.0.1.7 - IPCMonitor, Inc.)
iSpy (64 bit) (HKLM\...\{37E90B7A-5567-4369-8281-3753B490B04C}) (Version: 6.5.0.0 - DeveloperInABox)
iSpy package installer (64 bit) (HKLM-x32\...\{193e83ec-4ab5-44dc-9d86-fe858f8521ff}) (Version: 6.5.0.0 - DeveloperInABox)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kinisis 1.0 (HKLM-x32\...\{AF68E62A-159C-4B08-97D1-101303A4857A}_is1) (Version:  - Progress Audio)
Lennar Digital Sylenth VSTi v1.2.1 (HKLM-x32\...\Lennar Digital Sylenth VSTi v1.2.1) (Version:  - )
LUXONIX Ravity(S) v1.4 (HKLM-x32\...\LUXONIX Ravity(S) v1.4) (Version:  - )
ManyCam 5.1.0 (HKLM-x32\...\ManyCam) (Version: 5.1.0 - Visicom Media Inc.)
M-Audio Drum and Bass Rig 1.0.0 (HKLM-x32\...\M-Audio Drum and Bass Rig_is1) (Version:  - M-Audio. A part of Avid.)
M-Audio Key Rig 1.0.0 (HKLM-x32\...\M-Audio Key Rig_is1) (Version:  - M-Audio. A part of Avid.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Native Instruments Absynth 4 (HKLM-x32\...\Native Instruments Absynth 4) (Version:  - )
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS (HKLM-x32\...\Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS) (Version:  - )
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Pro-53 (HKLM-x32\...\Native Instruments Pro-53) (Version:  - )
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Nero 9 Essentials (HKLM-x32\...\{cab2e8d7-08e4-42d2-a676-ddf729a26522}) (Version:  - Nero AG)
Netcam Studio - 64-bit (HKLM\...\Netcam Studio - 64-bit 1.2.8.0) (Version: 1.2.8.0 - Moonware)
Netcam Studio - 64-bit (Version: 1.2.8.0 - Moonware) Hidden
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
Nuklear VST2 1.1.2 (HKLM-x32\...\Nuklear VST2) (Version: 1.1.2 - Hamburg Audio)
Paltalk Messenger  11.7 (HKLM-x32\...\Paltalk Messenger) (Version: 11.7.630.17743 - AVM Software Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.4 - Power Software Ltd)
Proteus VX (HKLM-x32\...\Proteus VX) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5972 - Realtek Semiconductor Corp.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
Renoise 2.8.0 (HKLM-x32\...\Renoise_is1) (Version: 2.8.0 - Renoise)
Renoise 2.8.0 (x64) (HKLM\...\Renoise (x64)_is1) (Version: 2.8.0 - Renoise)
Rob Papen Punch 64 Bits 1.0.3 (HKLM-x32\...\Rob Papen Punch_is1) (Version:  - Rob Papen)
Sonic Charge Synplant VST (HKLM-x32\...\Sonic Charge Synplant VST) (Version: 1.0 - NuEdge Development)
Sound-Record Waspy LE VSTi 1.3 (HKLM-x32\...\{F70701D1-C08C-4FFD-9324-870DD65BB829}_is1) (Version:  - Sound-record LP)
Sugar Bytes Turnado 1.0.1 (HKLM\...\Turnado_is1) (Version: 1.0.1 - Sugar Bytes)
SynthMaster 2.6 VST/VSTi/RTAS/AAX Software Synthesizer version 2.6.21 (HKLM-x32\...\{724D6BD0-88D0-4354-A124-6EE4D36E9EF2}_is1) (Version: 2.6.21 - KV331 Audio)
TrancerOne Vers. 1.0 (HKLM-x32\...\TrancerOne_is1) (Version:  - sonic at work)
US800 Audio Driver (HKLM-x32\...\US800 Audio Driver Setup) (Version:  - )
VB:VST-Chorus Pack (HKLM-x32\...\VB:VST-Chorus Pack) (Version:  - )
VirSyn BARK VST RTAS v1.1.0 (HKLM-x32\...\VirSyn BARK VST RTAS_is1) (Version:  - )
VirSyn FDELAY VST RTAS v1.0.1 (HKLM-x32\...\VirSyn FDELAY VST RTAS_is1) (Version:  - )
VirSyn KLON VST RTAS v1.0.2 (HKLM-x32\...\VirSyn KLON VST RTAS_is1) (Version:  - )
VirSyn MATRIX VST RTAS v1.2.1 (HKLM-x32\...\VirSyn MATRIX VST RTAS_is1) (Version:  - )
VirSyn PRISM VST RTAS v1.1.0 (HKLM-x32\...\VirSyn PRISM VST RTAS_is1) (Version:  - )
Virsyn REFLECT VST RTAS v2.0 (HKLM-x32\...\Virsyn REFLECT VST RTAS_is1) (Version:  - )
VirSyn TDESIGN VST RTAS v1.0.1 (HKLM-x32\...\VirSyn TDESIGN VST RTAS_is1) (Version:  - )
Virsyn Tera VSTi RTAS v3.2.1 (HKLM-x32\...\Virsyn Tera VSTi RTAS_is1) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VNC Server 5.3.0 (HKLM\...\{9FC6D0C1-137D-4A03-9345-ACB9403BFF69}) (Version: 5.3.0.15303 - RealVNC Ltd)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
Waves Mercury Bundle (HKLM-x32\...\Waves Mercury Bundle) (Version: 5.0 - Team AiR)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.30 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.6 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-436150743-3596999183-3093125189-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ALLAH is UP\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00BAB6D9-A0A6-465A-BD4C-7B1EC4BF379A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {032DD79D-00A2-47E0-AB99-A38964AB69D1} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {13EF6CAE-E265-4AC9-ACAD-26EFBC5E2F2D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1627A9A6-4C16-4B12-B16C-2A1973FD59B8} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {182E8B15-4510-41F8-A276-9D9599B1211B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {36DF9638-DB98-4A32-9ED4-A9AE508657F3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {37BC2206-1C22-4606-9C9A-284A30310CC0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {3E20E961-4179-43D5-B714-C2C48CE28561} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {40452E42-A835-4799-963D-DB6424B6DC50} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {41F978BC-C37E-4A7B-8C40-C3FA4BD17399} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {53237B23-D28D-4B8C-924E-CA0B311760B8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5E2187CA-9592-489F-84E1-CD350D24A7DC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5EE36781-6DCC-4124-BCE1-90A6B6AFDA73} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {60083070-0A6F-4686-87EB-9C4B6683E825} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {65118348-E7BF-4E88-9EEE-345FFF211258} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {668C29BA-D8A6-4C0C-BB82-8A846B27EC91} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {68A88857-F640-429A-9C37-5FAE8FE97CF7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {705F8C4B-EC21-4583-97B9-E6E8B1F18C93} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {72088B4C-BBAF-4864-AA18-D79547098113} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {7F42C90B-C60E-4D14-928F-61A371AA7F03} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {8029F1C5-42F0-4517-94D0-4295D82A01A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {83D52F0A-96DD-491F-8E11-EA82944FD331} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8D23957D-4101-48AC-9EEC-39C8A8EF6BFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {8F0B319B-A8D6-43A2-8B22-7DD90B0D1832} - System32\Tasks\UpdateTask => C:\Users\ALLAHI~1\AppData\Local\{E7AED~1\UNINST~1.EXE
Task: {96270EF1-40A2-4CEC-8893-95FC6FFFBCD9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9C28E0CF-CE14-40AA-98FC-696A79020483} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {A11794F4-2AB1-4AC7-B3AA-85C43188C2BA} - System32\Tasks\{0CEB6DD2-248A-417C-91F9-86341DB79200} => pcalua.exe -a "C:\Program Files (x86)\EA Games\Command &amp; Conquer Generals Zero Hour\generals.exe"
Task: {A1685AA1-1B80-404B-A64D-EF9D58C0FF93} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {B1770283-B4AE-4522-9313-306CA929BD71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B8B04FD5-FDC7-45C6-81D6-426906A5B546} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {BC13C75D-5921-4A93-B057-FC90CD12FC5E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-16] (Microsoft Corporation)
Task: {BCC56878-F97A-45D0-A7D0-8850F5540190} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-31] (Adobe Systems Incorporated)
Task: {BCCD5116-D114-477C-B8A3-FF45DEB36CBD} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-17] (Dropbox, Inc.)
Task: {C141AF1E-C25A-4DA4-BC58-1D3700300340} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C56695FB-0A89-4161-8CFC-01DF8E0A8302} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C7B182A5-5AA5-4217-A5DE-D5989A8131EF} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {CC5B583C-4F75-49F6-A761-8E7AFAF613A6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DAF71117-E345-4907-87F6-FBC506D7D401} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-17] (Dropbox, Inc.)
Task: {EEC6334F-6E8C-47FC-A59E-E7ABF61F34EE} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {F9D27511-78F7-4B62-8AC7-FE4239A60466} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AVG-SSU_0616avz.job => C:\ProgramData\Avg_Update_0616avz\AVG-Secure-Search-Update_0616avz.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\UpdateTask.job => C:\Users\ALLAHI~1\AppData\Local\{E7AED~1\UNINST~1.EXE
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\ALLAH is UP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Upgrade to Paltalk Extreme.lnk -> hxxp://www.paltalk.com/en/buy.shtml (No File)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-11-07 15:42 - 2011-07-28 18:06 - 00297440 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
2016-04-29 17:39 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-11-07 15:42 - 2011-07-28 18:06 - 08247264 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
2010-08-04 05:40 - 2010-08-04 05:40 - 00611872 _____ () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
2015-12-26 15:46 - 2015-12-26 15:46 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-12 19:16 - 2016-04-22 21:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-14 21:47 - 2016-06-14 21:47 - 00959168 _____ () C:\Users\ALLAH is UP\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-11-07 15:42 - 2011-07-27 12:53 - 00360448 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
2015-11-07 15:42 - 2009-08-28 17:50 - 00282624 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll
2010-08-04 02:47 - 2010-08-04 02:47 - 00144896 _____ () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll
2015-11-07 16:41 - 2016-04-09 18:12 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-06-25 21:45 - 2016-06-15 02:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-25 21:45 - 2016-06-15 02:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-436150743-3596999183-3093125189-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: Nero BackItUp Scheduler 4.0 => 3
MSCONFIG\Services: Updater Service => 2
MSCONFIG\Services: vncserver => 3
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "jswtrayutil"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKU\S-1-5-21-436150743-3596999183-3093125189-1000\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-436150743-3596999183-3093125189-1000\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{A619B1A5-A60C-4665-AE70-876ED719E989}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [TCP Query User{52EF8013-FA6E-4726-9AA6-7C7D86723481}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{B6FF4486-8D56-4460-8C48-15E1E57BC8DD}C:\program files (x86)\image-line\minihost\minihostmodular.exe] => (Allow) C:\program files (x86)\image-line\minihost\minihostmodular.exe
FirewallRules: [TCP Query User{721A12D3-2953-4CA3-8B25-CE3F93242221}C:\program files (x86)\image-line\minihost\minihostmodular.exe] => (Allow) C:\program files (x86)\image-line\minihost\minihostmodular.exe
FirewallRules: [UDP Query User{0D3B9296-4EFF-44EA-A425-122B50F498CD}C:\program files (x86)\vb\voicemeeter\voicemeeter.exe] => (Allow) C:\program files (x86)\vb\voicemeeter\voicemeeter.exe
FirewallRules: [TCP Query User{5113E71B-0CC9-400B-8223-1459F81C5945}C:\program files (x86)\vb\voicemeeter\voicemeeter.exe] => (Allow) C:\program files (x86)\vb\voicemeeter\voicemeeter.exe
FirewallRules: [UDP Query User{197DF1DE-9F04-4F42-98CC-74230AA4A7EE}C:\program files (x86)\image-line\minihost\minihostmodular_x64.exe] => (Allow) C:\program files (x86)\image-line\minihost\minihostmodular_x64.exe
FirewallRules: [TCP Query User{2B2E1E0B-4AAA-465F-B329-E2AEC486E8C1}C:\program files (x86)\image-line\minihost\minihostmodular_x64.exe] => (Allow) C:\program files (x86)\image-line\minihost\minihostmodular_x64.exe
FirewallRules: [UDP Query User{542C93DF-3ECD-4576-90AA-932A87280F3B}C:\program files (x86)\image-line\fl studio 12\system\tools\bridge\32bit\ilbridge.exe] => (Allow) C:\program files (x86)\image-line\fl studio 12\system\tools\bridge\32bit\ilbridge.exe
FirewallRules: [TCP Query User{A0CED2DA-FD83-4969-9514-3F613649F3B9}C:\program files (x86)\image-line\fl studio 12\system\tools\bridge\32bit\ilbridge.exe] => (Allow) C:\program files (x86)\image-line\fl studio 12\system\tools\bridge\32bit\ilbridge.exe
FirewallRules: [{AA75ED7A-9EA1-4663-AB88-617C8BD91061}] => (Allow) C:\Users\ALLAH is UP\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [UDP Query User{D45F929C-AE82-49F9-8D96-D01379D9C778}C:\program files (x86)\ea games\command & conquer generals zero hour\game.dat] => (Allow) C:\program files (x86)\ea games\command & conquer generals zero hour\game.dat
FirewallRules: [TCP Query User{66E23A53-2F2A-4879-9D70-EE59D953A10D}C:\program files (x86)\ea games\command & conquer generals zero hour\game.dat] => (Allow) C:\program files (x86)\ea games\command & conquer generals zero hour\game.dat
FirewallRules: [{D6BC31A1-2F40-47A4-BDF2-399AB349AD74}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{9B4FA300-A6A8-451B-99A4-31FE24DC6A3F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{E21626DD-B54B-41D2-AD72-62020D36F75F}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{888096E0-4E13-4EB8-8911-1AB9001B6707}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E335A964-D45C-4881-988A-0B2230E9B392}] => (Allow) LPort=1900
FirewallRules: [{F6FD8472-D00E-498B-A807-A1C427D88395}] => (Allow) LPort=2869
FirewallRules: [{BF74D15D-4FFE-42CE-8324-8325A9C5A2BE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A6389C21-A9F4-4F3F-A73F-E9132448BFE8}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{25251CBC-53F2-424E-9241-761DD34B76EA}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [TCP Query User{B0BBE7D0-8018-47F5-9240-DBA0762B25ED}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [UDP Query User{C5061046-C0DA-4C37-89F2-53531A1C4954}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [{2271153B-757F-46F0-85EF-9FC00A3C9F6F}] => (Allow) C:\Program Files\Netcam Studio - 64-bit\NetcamStudio.Service.exe
FirewallRules: [{674048E0-F7B9-4F1A-9300-D71F7C3932D9}] => (Allow) LPort=8100
FirewallRules: [{1DD68E7D-CB0A-4BC3-A7C0-8241E559305C}] => (Allow) LPort=8124
FirewallRules: [{A9407BB6-5771-4288-8743-B3A57CF48E22}] => (Allow) C:\Program Files\Netcam Studio - 64-bit\NetcamStudioX.exe
FirewallRules: [TCP Query User{438BA469-68A5-4154-934E-B63CCE11C652}C:\program files\ispy\ispy.exe] => (Block) C:\program files\ispy\ispy.exe
FirewallRules: [UDP Query User{E441CEB6-B97B-4920-BA0F-A7C2933E6A9E}C:\program files\ispy\ispy.exe] => (Block) C:\program files\ispy\ispy.exe
FirewallRules: [TCP Query User{61719147-7A2F-436D-8119-17B18076186B}D:\bsearch_en.exe] => (Allow) D:\bsearch_en.exe
FirewallRules: [UDP Query User{6457032E-3C2A-4779-B3E9-19E70527A82A}D:\bsearch_en.exe] => (Allow) D:\bsearch_en.exe
FirewallRules: [{45566F61-67EC-4589-93CD-F1F9569E98B1}] => (Allow) C:\Program Files (x86)\IPCMonitor_en\IPCMonitor.exe
FirewallRules: [{48478AE8-D1E2-4EE6-9992-A75BB2DC82EF}] => (Allow) C:\Program Files (x86)\IPCMonitor_en\IPCMonitor.exe
FirewallRules: [{EECB82CB-D691-4DEC-BAD5-EA0C953A0895}] => (Allow) C:\Program Files (x86)\IPCMonitor_en\IPCMonitor.exe
FirewallRules: [{5D7ADA48-73A1-451E-99A7-C12F0192AB02}] => (Allow) C:\Program Files (x86)\IPCMonitor_en\IPCMonitor.exe
FirewallRules: [TCP Query User{FAF4B238-7BCA-4DC4-A168-659DF53ABEB8}C:\program files (x86)\ipcmonitor_en\nvrplay.exe] => (Allow) C:\program files (x86)\ipcmonitor_en\nvrplay.exe
FirewallRules: [UDP Query User{6965B0C2-D1B8-42B6-8379-531073AF302C}C:\program files (x86)\ipcmonitor_en\nvrplay.exe] => (Allow) C:\program files (x86)\ipcmonitor_en\nvrplay.exe
FirewallRules: [TCP Query User{6B3FA95E-68F5-4AC7-A7B4-0080C2C9FBD9}C:\users\allah is up\desktop\bsearch_en.exe] => (Allow) C:\users\allah is up\desktop\bsearch_en.exe
FirewallRules: [UDP Query User{10F2E3A4-DEE0-43F2-A80F-639DFBC7456F}C:\users\allah is up\desktop\bsearch_en.exe] => (Allow) C:\users\allah is up\desktop\bsearch_en.exe
FirewallRules: [TCP Query User{9C84A8F9-6CEA-41A9-A2AD-C414E6A36CF9}C:\users\allah is up\desktop\bsearch_en.exe] => (Block) C:\users\allah is up\desktop\bsearch_en.exe
FirewallRules: [UDP Query User{7AD9DE2C-CA54-4397-9B26-3BE7B37DE3AC}C:\users\allah is up\desktop\bsearch_en.exe] => (Block) C:\users\allah is up\desktop\bsearch_en.exe
FirewallRules: [TCP Query User{43B75871-5126-4785-B5CD-C575F1D4C33C}D:\bsearch_en.exe] => (Block) D:\bsearch_en.exe
FirewallRules: [UDP Query User{F0847478-DE83-45E3-B82B-204A9BF46243}D:\bsearch_en.exe] => (Block) D:\bsearch_en.exe
FirewallRules: [{87193180-D153-4E1E-B5CE-98564DFD6FB5}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe
FirewallRules: [TCP Query User{A610EE6D-6AE8-4BB0-BBF0-8402B788BC69}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{2A914FE8-783F-49A2-9A2E-8EC32305EDAC}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{5A7C9E70-D5FA-4F59-B5C7-685DC457C541}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{DBD383A5-1B1E-403A-83DA-DCEE1FCBE54C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{FEECB766-3202-4A3A-900B-98530EF28104}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{E89A2BFB-D765-462C-A7FB-20C25D53B522}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{F9694ED3-3CA8-4F9F-9598-586F10C0051B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{A178A614-EE57-447B-ADBE-FAEB62506CC9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{70D2E06D-91BA-4494-A8BE-4CE51AB740FD}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{93A2AF5E-FDB8-4E71-A727-48A028D94E39}C:\program files\realvnc\vnc server\vncserver.exe] => (Allow) C:\program files\realvnc\vnc server\vncserver.exe
FirewallRules: [UDP Query User{8FD247FF-8012-4E99-A51E-07869E5538B8}C:\program files\realvnc\vnc server\vncserver.exe] => (Allow) C:\program files\realvnc\vnc server\vncserver.exe
FirewallRules: [{2E8205F7-A4C6-44B0-9825-2BA1568367FF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{19966D90-3A99-48ED-81EA-6EFA5F9ED2B1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{DBBE1BE6-58B5-4F50-AC76-F8FE9F280DAE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{9CBF694F-7046-48AF-8C88-9E8F29BED51A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{87EFE3FC-4445-4751-B655-625FABBAFBE3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{6C810C98-E397-49F7-99CB-41F0344BFB28}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{16B2C784-CD4A-4DCE-91E4-A295857EDA50}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
24-05-2016 12:42:18 Scheduled Checkpoint
06-06-2016 21:48:35 Scheduled Checkpoint
13-06-2016 23:43:50 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/29/2016 11:57:59 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2116-06-06T06:57:58Z. Error Code: 0x80040154.
 
Error: (06/29/2016 11:16:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLAHisUP-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/29/2016 11:14:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000409
Fault offset: 0x000000000002144b
Faulting process id: 0x8d8
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3
Faulting package full name: svchost.exe_wuauserv4
Faulting package-relative application ID: svchost.exe_wuauserv5
 
Error: (06/29/2016 11:14:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mmc.exe, version: 10.0.10586.0, time stamp: 0x5632d42c
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000374
Fault offset: 0x00000000000ee6fc
Faulting process id: 0x37a0
Faulting application start time: 0xmmc.exe0
Faulting application path: mmc.exe1
Faulting module path: mmc.exe2
Report Id: mmc.exe3
Faulting package full name: mmc.exe4
Faulting package-relative application ID: mmc.exe5
 
Error: (06/29/2016 11:14:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLAHisUP-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/29/2016 11:10:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLAHisUP-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/29/2016 11:10:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLAHisUP-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/29/2016 11:10:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLAHisUP-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/29/2016 11:10:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLAHisUP-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/29/2016 11:10:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLAHisUP-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (06/29/2016 11:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (06/29/2016 11:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (06/29/2016 11:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The User Manager service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (06/29/2016 11:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (06/29/2016 11:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Event Notification Service service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (06/29/2016 11:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The User Profile Service service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (06/29/2016 11:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Server service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (06/29/2016 11:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IP Helper service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (06/29/2016 11:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Device Setup Manager service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/29/2016 11:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Computer Browser service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-05-21 16:42:19.599
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-16 18:19:28.135
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-06 20:19:53.525
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-03 16:23:17.050
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-31 01:43:15.023
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-16 20:47:29.785
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-09 21:50:01.292
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-02 12:06:42.334
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-17 14:07:39.208
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-12 11:56:48.831
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz
Percentage of memory in use: 82%
Total physical RAM: 2013.24 MB
Available physical RAM: 350.75 MB
Total Virtual: 4061.24 MB
Available Virtual: 2115.8 MB
 
==================== Drives ================================
 
Drive c: (eMachines) (Fixed) (Total:283.49 GB) (Free:187.71 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 76CA7A7E)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP

I don't really see  any malware.  Expect that something like manycam or netcamstudio both of which run as services and are thus always running detected the cameras and are stupidly looking for them.  Try starting up the user interface for the programs and see if they are detecting the no-longer-there cameras.  Usually you can right click on the camera and Delete.

 

If that's not it you do have one task that I don't like:

 

Task: {8F0B319B-A8D6-43A2-8B22-7DD90B0D1832} - System32\Tasks\UpdateTask => C:\Users\ALLAHI~1\AppData\Local\{E7AED~1\UNINST~1.EXE

 

Can't see what it does.  Plus you have a lot of these running:

 

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

 

Also can't see what they are doing so come back if manycam &/or netcamstudio aren't the culprits.


  • 0

#3
Evelyn Smith

Evelyn Smith

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

I deleted the {EZAED~1) folder completely. I tried running manycam and didn't see the cameras and I can't seem to start netcam studio so I don't know what else to do. I think I'll run it again and post it. I think I do have a virus because my mouse moves around the screen all the time without me doing anything. Please take a look at the new files and if possible give a more automated solution so I can make sure I'm taking care of the problems in the cleanest and best of ways.

 

NEW FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016

Ran by ALLAH is UP (administrator) on ALLAHISUP-PC (02-07-2016 22:43:17)
Running from C:\Users\ALLAH is UP\Downloads
Loaded Profiles: ALLAH is UP (Available Profiles: ALLAH is UP & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
() C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\Temp\239E2FF8-85A4-452B-BAF3-720FA12BD082\DismHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-11-02] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6570256 2016-06-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23972712 2016-05-31] (Dropbox, Inc.)
HKU\S-1-5-21-436150743-3596999183-3093125189-1000\...\RunOnce: [Uninstall C:\Users\ALLAH is UP\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ALLAH is UP\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk [2015-11-07]
ShortcutTarget: NETGEAR WNA1100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
Startup: C:\Users\ALLAH is UP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch ShareMouse.lnk [2015-12-31]
ShortcutTarget: Launch ShareMouse.lnk ->  (No File)
Startup: C:\Users\ALLAH is UP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk [2015-12-05]
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{198b4aa9-9dc7-4069-a127-c7186133f369}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{bf9f04bb-c5eb-494c-9375-71bc1da463d8}: [DhcpNameServer] 209.18.47.62 209.18.47.61
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-436150743-3596999183-3093125189-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://emachines.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_47&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAtDyEyCzy0AtC0F0FyCtBtCyDtAyB0AtN0D0Tzu0StCyEtCyCtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyC0AtC0ByEtByDyCtGtAtBzzyBtGtByDzztAtGyEtCtB0AtGzy0C0D0FtByD0BzzzytDyCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCzztA0F0EyC0FtGyEyBtDzytGyEtAtAtAtGzzzy0BzztGtD0CyEtCyBtA0F0CtCtB0A0D2QtN0A0LzuyE%26cr%3D1644942901%26a%3Dwncy_pwrisofs_15_47%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_47&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAtDyEyCzy0AtC0F0FyCtBtCyDtAyB0AtN0D0Tzu0StCyEtCyCtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyC0AtC0ByEtByDyCtGtAtBzzyBtGtByDzztAtGyEtCtB0AtGzy0C0D0FtByD0BzzzytDyCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCzztA0F0EyC0FtGyEyBtDzytGyEtAtAtAtGzzzy0BzztGtD0CyEtCyBtA0F0CtCtB0A0D2QtN0A0LzuyE%26cr%3D1644942901%26a%3Dwncy_pwrisofs_15_47%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-436150743-3596999183-3093125189-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_47&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAtDyEyCzy0AtC0F0FyCtBtCyDtAyB0AtN0D0Tzu0StCyEtCyCtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyC0AtC0ByEtByDyCtGtAtBzzyBtGtByDzztAtGyEtCtB0AtGzy0C0D0FtByD0BzzzytDyCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCzztA0F0EyC0FtGyEyBtDzytGyEtAtAtAtGzzzy0BzztGtD0CyEtCyBtA0F0CtCtB0A0D2QtN0A0LzuyE%26cr%3D1644942901%26a%3Dwncy_pwrisofs_15_47%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-31] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-31] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-17]
CHR Extension: (Google Docs) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-17]
CHR Extension: (Google Drive) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-17]
CHR Extension: (YouTube) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-17]
CHR Extension: (Adblock Plus) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-07-02]
CHR Extension: (Google Search) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-17]
CHR Extension: (Google Sheets) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-17]
CHR Extension: (Google Docs Offline) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31]
CHR Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\heajfgnegopeedndeahkdjedjkjcmnpb [2016-06-07]
CHR Extension: (Online For Disconnect) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbbibfnbfeolainmnliccbfipijonao [2015-11-17]
CHR Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2016-06-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-09]
CHR Extension: (Gmail) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-17]
CHR Extension: (Ad.Block Plus) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppokofpeodofmocjcgjamemiiddhjpbe [2015-11-17]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [636312 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5165824 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [705528 2016-06-09] (AVG Technologies CZ, s.r.o.)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-17] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-17] (Dropbox, Inc.)
S3 NetcamStudioSvc64; C:\Program Files\Netcam Studio - 64-bit\NetcamStudio.Service.exe [4051264 2016-01-06] (Moonware Studios)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]
S4 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
S4 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [5653736 2015-12-07] (RealVNC Ltd)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-05-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [247040 2016-05-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-05] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
S3 DGUSBAP; C:\Windows\system32\DRIVERS\dgmbx2.sys [194864 2011-02-13] (Avid Technology, Inc.)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.)
S3 MBX2DFU; C:\Windows\SYSTEM32\DRIVERS\dgmbx2fu.sys [32944 2011-02-13] (Avid Technology, Inc.)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [12400 2016-01-28] (Macrovision Europe Ltd) [File not signed]
R3 VBAudioVMAUXVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmauxvaio64_win7.sys [41192 2015-11-21] (Windows ® Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-11-21] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 swmidi; no ImagePath
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-02 22:42 - 2016-07-02 22:42 - 00000000 ____D C:\Users\ALLAH is UP\Downloads\FRST-OlderVersion
2016-07-01 00:02 - 2016-07-01 00:02 - 00102200 _____ C:\Users\ALLAH is UP\Downloads\Shortcut.txt
2016-06-30 00:00 - 2016-06-30 00:01 - 00045425 _____ C:\Users\ALLAH is UP\Downloads\Addition.txt
2016-06-29 23:58 - 2016-07-02 22:43 - 00019614 _____ C:\Users\ALLAH is UP\Downloads\FRST.txt
2016-06-29 23:58 - 2016-07-02 22:43 - 00000000 ____D C:\FRST
2016-06-29 23:57 - 2016-07-02 22:42 - 02390016 _____ (Farbar) C:\Users\ALLAH is UP\Downloads\FRST64.exe
2016-06-29 23:10 - 2016-07-01 22:37 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-06-19 16:40 - 2016-06-19 16:40 - 00373965 _____ C:\Users\ALLAH is UP\Downloads\012714.pdf
2016-06-09 04:45 - 2016-06-09 04:45 - 00000382 _____ C:\WINDOWS\Tasks\AVG-SSU_0616avz.job
2016-06-09 04:45 - 2016-06-09 04:45 - 00000000 ____D C:\ProgramData\Avg_Update_0616avz
2016-06-07 03:17 - 2016-06-07 03:18 - 00281404 _____ C:\WINDOWS\Minidump\060716-52046-01.dmp
2016-06-07 03:17 - 2016-06-07 03:17 - 00000000 ____D C:\WINDOWS\Minidump
2016-06-07 03:14 - 2016-07-02 13:51 - 00174284 _____ C:\WINDOWS\system32\DICoInst64.bak
2016-06-07 03:13 - 2010-10-09 13:53 - 00170584 _____ (EGOSYS, Inc.) C:\WINDOWS\system32\DICoInst64.dll
2016-06-07 03:12 - 2016-06-07 03:12 - 00000000 ____D C:\Program Files (x86)\TASCAM
2016-06-07 03:12 - 2011-01-08 06:44 - 00103512 _____ C:\WINDOWS\SysWOW64\US800Asio32.dll
2016-06-07 03:11 - 2016-06-07 03:11 - 02722289 _____ C:\Users\ALLAH is UP\Downloads\us800_win_v1_0_8_20110107.zip
2016-06-06 22:18 - 2016-06-06 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-02 22:42 - 2015-12-26 15:57 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-02 22:42 - 2015-11-17 16:42 - 00000288 _____ C:\WINDOWS\Tasks\UpdateTask.job
2016-07-02 22:42 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-02 22:42 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-07-02 22:41 - 2015-12-26 16:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-02 22:41 - 2015-11-17 17:10 - 00000914 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-07-02 22:41 - 2015-11-07 15:51 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-02 22:39 - 2015-12-05 10:44 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-07-02 22:37 - 2016-01-15 15:17 - 02426780 _____ C:\WINDOWS\ntbtlog.txt
2016-07-02 22:36 - 2015-11-07 16:42 - 00000000 ____D C:\ProgramData\MFAData
2016-07-02 22:35 - 2015-10-29 23:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-07-02 22:29 - 2015-11-07 16:01 - 00000000 ____D C:\Users\ALLAH is UP\AppData\Roaming\ManyCam
2016-06-29 21:35 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-29 21:03 - 2015-12-26 15:58 - 00000000 ____D C:\Users\ALLAH is UP
2016-06-29 13:53 - 2016-02-20 21:26 - 00000882 _____ C:\Users\Public\Desktop\AVG.lnk
2016-06-29 13:53 - 2015-11-07 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-06-28 03:35 - 2015-10-29 23:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-25 21:45 - 2015-11-17 18:08 - 00002281 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-23 04:36 - 2016-01-05 18:35 - 00000000 ____D C:\Users\ALLAH is UP\AppData\Local\RealVNC
2016-06-21 22:15 - 2015-11-17 17:10 - 00000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-21 22:05 - 2015-11-07 15:51 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-14 22:37 - 2015-11-07 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-06-14 21:47 - 2015-12-26 16:54 - 00002431 _____ C:\Users\ALLAH is UP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-14 21:47 - 2015-12-26 16:54 - 00000000 ___RD C:\Users\ALLAH is UP\OneDrive
2016-06-14 21:29 - 2016-03-29 13:21 - 00000000 ____D C:\Users\ALLAH is UP\AppData\Local\Windows Live
2016-06-07 03:37 - 2015-11-17 18:20 - 00000000 ____D C:\Users\ALLAH is UP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-06-07 03:17 - 2015-12-26 15:51 - 00194224 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-07 03:17 - 2015-11-20 12:17 - 327445488 _____ C:\WINDOWS\MEMORY.DMP
2016-06-06 22:18 - 2015-11-17 17:10 - 00000000 ____D C:\Program Files (x86)\Dropbox
 
==================== Files in the root of some directories =======
 
2015-11-21 03:20 - 2015-12-26 17:21 - 0031460 _____ () C:\Users\ALLAH is UP\AppData\Roaming\VoiceMeeterDefault.xml
 
Some files in TEMP:
====================
C:\Users\ALLAH is UP\AppData\Local\Temp\avguirn_081040707190.exe
C:\Users\ALLAH is UP\AppData\Local\Temp\avguirn_081193459123.exe
C:\Users\ALLAH is UP\AppData\Local\Temp\avguirn_081216923614.exe
C:\Users\ALLAH is UP\AppData\Local\Temp\avguirn_081449743922.exe
C:\Users\ALLAH is UP\AppData\Local\Temp\avguirn_081800841901.exe
C:\Users\ALLAH is UP\AppData\Local\Temp\avguirn_08872103858.exe
C:\Users\ALLAH is UP\AppData\Local\Temp\exeE981.tmp.exe
C:\Users\ALLAH is UP\AppData\Local\Temp\GLF23A9.tmp.exe
C:\Users\ALLAH is UP\AppData\Local\Temp\GLF9DA.tmp.exe
C:\Users\ALLAH is UP\AppData\Local\Temp\GLFCBFC.tmp.exe
C:\Users\ALLAH is UP\AppData\Local\Temp\GLFE1F3.tmp.exe
C:\Users\ALLAH is UP\AppData\Local\Temp\GLFE326.tmp.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-13 22:17
 
==================== End of FRST.txt ============================
 
NEW Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016
Ran by ALLAH is UP (2016-06-30 00:00:46)
Running from C:\Users\ALLAH is UP\Downloads
Windows 10 Home Version 1511 (X64) (2015-12-26 23:26:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-436150743-3596999183-3093125189-500 - Administrator - Disabled)
ALLAH is UP (S-1-5-21-436150743-3596999183-3093125189-1000 - Administrator - Enabled) => C:\Users\ALLAH is UP
DefaultAccount (S-1-5-21-436150743-3596999183-3093125189-503 - Limited - Disabled)
Guest (S-1-5-21-436150743-3596999183-3093125189-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-436150743-3596999183-3093125189-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ableton Live 9 Suite (HKLM\...\{F6238EAB-3AD7-4B0E-B0AD-E533A93A5C32}) (Version: 9.0.0.0 - Ableton)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Antares Tube v1.0 (HKLM-x32\...\Antares Tube v1.0) (Version:  - )
Arturia CS-80V v1.2 (HKLM-x32\...\Arturia CS-80V v1.2) (Version:  - )
Arturia Minimoog V v1.0 (HKLM-x32\...\Arturia Minimoog V v1.0) (Version:  - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
AVG (HKLM\...\AvgZen) (Version: 1.72.2.24716 - AVG Technologies)
AVG (Version: 16.81.7640 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4613 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.81.7640 - AVG Technologies)
AVG Zen (Version: 1.72.1 - AVG Technologies) Hidden
Avid Mbox 2 USB Drivers (x64) (HKLM\...\{F9242D4E-09E7-45C7-A53A-83375D0FAD42}) (Version: 9.0.2 - Avid Technology, Inc.)
BassGrinder version 1.0.4 (HKLM\...\BassGrinder_is1) (Version: 1.0.4 - )
Cakewalk Rapture 1.2 (HKLM\...\Cakewalk Rapture_is1) (Version: 1.2 - Cakewalk Music Software)
CANTOR 2 (HKLM-x32\...\{0EF0223B-1EE2-4D79-8668-9E1FE7E23C50}) (Version: 2.0.0 - VirSyn Software Synthesizer)
Classic Drum Machines Volume 1.0 (HKLM-x32\...\Classic Drum Machines Expansion Pack_is1) (Version:  - Arturia)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden
CUBE 2 (HKLM-x32\...\CUBE 2) (Version: 2.2 - VirSyn Software Synthesizer)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
DUNE 1.35 (HKLM-x32\...\DUNE_is1) (Version:  - Synapse Audio Software)
DVM_IPCam2Setup version 1.0 (HKLM-x32\...\{679D432E-006C-4371-B190-884997A55280}_is1) (Version: 1.0 - ipcam)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.03.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0825.2010 - Acer Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.6.2.0 - Telerik)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
FMW 1 (Version: 1.102.4 - AVG Technologies) Hidden
FXpansion Bloom (HKU\S-1-5-21-436150743-3596999183-3093125189-1000\...\FXpansion Bloom) (Version: 1.0.0.5 - FXpansion Audio UK Ltd)
FXpansion Etch (HKU\S-1-5-21-436150743-3596999183-3093125189-1000\...\FXpansion Etch) (Version: 1.0.0.6 - FXpansion Audio UK Ltd)
FXpansion Maul (HKU\S-1-5-21-436150743-3596999183-3093125189-1000\...\FXpansion Maul) (Version: 1.0.1.2 - FXpansion Audio UK Ltd)
FXpansion Tremor (HKU\S-1-5-21-436150743-3596999183-3093125189-1000\...\FXpansion Tremor) (Version: 1.0.0.6 - FXpansion Audio UK Ltd)
Gladiator  full (HKLM-x32\...\Tone2 Gladiator full_is1) (Version:  - Tone2)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Harmor (HKLM-x32\...\IL Harmor) (Version:  - Image-Line)
IL Minihost Modular (HKLM-x32\...\IL Minihost Modular) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
IL Slicex (HKLM-x32\...\IL Slicex) (Version:  - Image-Line)
IL Vocodex (HKLM-x32\...\IL Vocodex) (Version:  - Image-Line)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{5D9EB565-39CB-4C8E-BF3B-CB8880A61404}) (Version: 12.1.258 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1968 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.0 - PACE Anti-Piracy, Inc.)
IPCMonitor_en version 1.0.1.7 (HKLM-x32\...\{8EC13308-5065-43FA-A5E8-E225F18DAB89}_is1) (Version: 1.0.1.7 - IPCMonitor, Inc.)
iSpy (64 bit) (HKLM\...\{37E90B7A-5567-4369-8281-3753B490B04C}) (Version: 6.5.0.0 - DeveloperInABox)
iSpy package installer (64 bit) (HKLM-x32\...\{193e83ec-4ab5-44dc-9d86-fe858f8521ff}) (Version: 6.5.0.0 - DeveloperInABox)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kinisis 1.0 (HKLM-x32\...\{AF68E62A-159C-4B08-97D1-101303A4857A}_is1) (Version:  - Progress Audio)
Lennar Digital Sylenth VSTi v1.2.1 (HKLM-x32\...\Lennar Digital Sylenth VSTi v1.2.1) (Version:  - )
LUXONIX Ravity(S) v1.4 (HKLM-x32\...\LUXONIX Ravity(S) v1.4) (Version:  - )
ManyCam 5.1.0 (HKLM-x32\...\ManyCam) (Version: 5.1.0 - Visicom Media Inc.)
M-Audio Drum and Bass Rig 1.0.0 (HKLM-x32\...\M-Audio Drum and Bass Rig_is1) (Version:  - M-Audio. A part of Avid.)
M-Audio Key Rig 1.0.0 (HKLM-x32\...\M-Audio Key Rig_is1) (Version:  - M-Audio. A part of Avid.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Native Instruments Absynth 4 (HKLM-x32\...\Native Instruments Absynth 4) (Version:  - )
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS (HKLM-x32\...\Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS) (Version:  - )
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Pro-53 (HKLM-x32\...\Native Instruments Pro-53) (Version:  - )
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Nero 9 Essentials (HKLM-x32\...\{cab2e8d7-08e4-42d2-a676-ddf729a26522}) (Version:  - Nero AG)
Netcam Studio - 64-bit (HKLM\...\Netcam Studio - 64-bit 1.2.8.0) (Version: 1.2.8.0 - Moonware)
Netcam Studio - 64-bit (Version: 1.2.8.0 - Moonware) Hidden
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
Nuklear VST2 1.1.2 (HKLM-x32\...\Nuklear VST2) (Version: 1.1.2 - Hamburg Audio)
Paltalk Messenger  11.7 (HKLM-x32\...\Paltalk Messenger) (Version: 11.7.630.17743 - AVM Software Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.4 - Power Software Ltd)
Proteus VX (HKLM-x32\...\Proteus VX) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5972 - Realtek Semiconductor Corp.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
Renoise 2.8.0 (HKLM-x32\...\Renoise_is1) (Version: 2.8.0 - Renoise)
Renoise 2.8.0 (x64) (HKLM\...\Renoise (x64)_is1) (Version: 2.8.0 - Renoise)
Rob Papen Punch 64 Bits 1.0.3 (HKLM-x32\...\Rob Papen Punch_is1) (Version:  - Rob Papen)
Sonic Charge Synplant VST (HKLM-x32\...\Sonic Charge Synplant VST) (Version: 1.0 - NuEdge Development)
Sound-Record Waspy LE VSTi 1.3 (HKLM-x32\...\{F70701D1-C08C-4FFD-9324-870DD65BB829}_is1) (Version:  - Sound-record LP)
Sugar Bytes Turnado 1.0.1 (HKLM\...\Turnado_is1) (Version: 1.0.1 - Sugar Bytes)
SynthMaster 2.6 VST/VSTi/RTAS/AAX Software Synthesizer version 2.6.21 (HKLM-x32\...\{724D6BD0-88D0-4354-A124-6EE4D36E9EF2}_is1) (Version: 2.6.21 - KV331 Audio)
TrancerOne Vers. 1.0 (HKLM-x32\...\TrancerOne_is1) (Version:  - sonic at work)
US800 Audio Driver (HKLM-x32\...\US800 Audio Driver Setup) (Version:  - )
VB:VST-Chorus Pack (HKLM-x32\...\VB:VST-Chorus Pack) (Version:  - )
VirSyn BARK VST RTAS v1.1.0 (HKLM-x32\...\VirSyn BARK VST RTAS_is1) (Version:  - )
VirSyn FDELAY VST RTAS v1.0.1 (HKLM-x32\...\VirSyn FDELAY VST RTAS_is1) (Version:  - )
VirSyn KLON VST RTAS v1.0.2 (HKLM-x32\...\VirSyn KLON VST RTAS_is1) (Version:  - )
VirSyn MATRIX VST RTAS v1.2.1 (HKLM-x32\...\VirSyn MATRIX VST RTAS_is1) (Version:  - )
VirSyn PRISM VST RTAS v1.1.0 (HKLM-x32\...\VirSyn PRISM VST RTAS_is1) (Version:  - )
Virsyn REFLECT VST RTAS v2.0 (HKLM-x32\...\Virsyn REFLECT VST RTAS_is1) (Version:  - )
VirSyn TDESIGN VST RTAS v1.0.1 (HKLM-x32\...\VirSyn TDESIGN VST RTAS_is1) (Version:  - )
Virsyn Tera VSTi RTAS v3.2.1 (HKLM-x32\...\Virsyn Tera VSTi RTAS_is1) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VNC Server 5.3.0 (HKLM\...\{9FC6D0C1-137D-4A03-9345-ACB9403BFF69}) (Version: 5.3.0.15303 - RealVNC Ltd)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
Waves Mercury Bundle (HKLM-x32\...\Waves Mercury Bundle) (Version: 5.0 - Team AiR)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.30 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.6 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-436150743-3596999183-3093125189-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ALLAH is UP\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00BAB6D9-A0A6-465A-BD4C-7B1EC4BF379A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {032DD79D-00A2-47E0-AB99-A38964AB69D1} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {13EF6CAE-E265-4AC9-ACAD-26EFBC5E2F2D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1627A9A6-4C16-4B12-B16C-2A1973FD59B8} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {182E8B15-4510-41F8-A276-9D9599B1211B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {36DF9638-DB98-4A32-9ED4-A9AE508657F3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {37BC2206-1C22-4606-9C9A-284A30310CC0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {3E20E961-4179-43D5-B714-C2C48CE28561} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {40452E42-A835-4799-963D-DB6424B6DC50} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {41F978BC-C37E-4A7B-8C40-C3FA4BD17399} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {53237B23-D28D-4B8C-924E-CA0B311760B8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5E2187CA-9592-489F-84E1-CD350D24A7DC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5EE36781-6DCC-4124-BCE1-90A6B6AFDA73} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {60083070-0A6F-4686-87EB-9C4B6683E825} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {65118348-E7BF-4E88-9EEE-345FFF211258} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {668C29BA-D8A6-4C0C-BB82-8A846B27EC91} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {68A88857-F640-429A-9C37-5FAE8FE97CF7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {705F8C4B-EC21-4583-97B9-E6E8B1F18C93} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {72088B4C-BBAF-4864-AA18-D79547098113} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {7F42C90B-C60E-4D14-928F-61A371AA7F03} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {8029F1C5-42F0-4517-94D0-4295D82A01A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {83D52F0A-96DD-491F-8E11-EA82944FD331} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8D23957D-4101-48AC-9EEC-39C8A8EF6BFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {8F0B319B-A8D6-43A2-8B22-7DD90B0D1832} - System32\Tasks\UpdateTask => C:\Users\ALLAHI~1\AppData\Local\{E7AED~1\UNINST~1.EXE
Task: {96270EF1-40A2-4CEC-8893-95FC6FFFBCD9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9C28E0CF-CE14-40AA-98FC-696A79020483} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {A11794F4-2AB1-4AC7-B3AA-85C43188C2BA} - System32\Tasks\{0CEB6DD2-248A-417C-91F9-86341DB79200} => pcalua.exe -a "C:\Program Files (x86)\EA Games\Command &amp; Conquer Generals Zero Hour\generals.exe"
Task: {A1685AA1-1B80-404B-A64D-EF9D58C0FF93} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {B1770283-B4AE-4522-9313-306CA929BD71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B8B04FD5-FDC7-45C6-81D6-426906A5B546} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {BC13C75D-5921-4A93-B057-FC90CD12FC5E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-16] (Microsoft Corporation)
Task: {BCC56878-F97A-45D0-A7D0-8850F5540190} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-31] (Adobe Systems Incorporated)
Task: {BCCD5116-D114-477C-B8A3-FF45DEB36CBD} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-17] (Dropbox, Inc.)
Task: {C141AF1E-C25A-4DA4-BC58-1D3700300340} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C56695FB-0A89-4161-8CFC-01DF8E0A8302} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C7B182A5-5AA5-4217-A5DE-D5989A8131EF} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {CC5B583C-4F75-49F6-A761-8E7AFAF613A6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DAF71117-E345-4907-87F6-FBC506D7D401} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-17] (Dropbox, Inc.)
Task: {EEC6334F-6E8C-47FC-A59E-E7ABF61F34EE} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {F9D27511-78F7-4B62-8AC7-FE4239A60466} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AVG-SSU_0616avz.job => C:\ProgramData\Avg_Update_0616avz\AVG-Secure-Search-Update_0616avz.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\UpdateTask.job => C:\Users\ALLAHI~1\AppData\Local\{E7AED~1\UNINST~1.EXE
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\ALLAH is UP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Upgrade to Paltalk Extreme.lnk -> hxxp://www.paltalk.com/en/buy.shtml (No File)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-11-07 15:42 - 2011-07-28 18:06 - 00297440 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
2016-04-29 17:39 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-11-07 15:42 - 2011-07-28 18:06 - 08247264 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
2010-08-04 05:40 - 2010-08-04 05:40 - 00611872 _____ () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
2015-12-26 15:46 - 2015-12-26 15:46 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-12 19:16 - 2016-04-22 21:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-14 21:47 - 2016-06-14 21:47 - 00959168 _____ () C:\Users\ALLAH is UP\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-11-07 15:42 - 2011-07-27 12:53 - 00360448 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
2015-11-07 15:42 - 2009-08-28 17:50 - 00282624 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll
2010-08-04 02:47 - 2010-08-04 02:47 - 00144896 _____ () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll
2015-11-07 16:41 - 2016-04-09 18:12 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-06-25 21:45 - 2016-06-15 02:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-25 21:45 - 2016-06-15 02:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-436150743-3596999183-3093125189-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: Nero BackItUp Scheduler 4.0 => 3
MSCONFIG\Services: Updater Service => 2
MSCONFIG\Services: vncserver => 3
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "jswtrayutil"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKU\S-1-5-21-436150743-3596999183-3093125189-1000\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-436150743-3596999183-3093125189-1000\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{A619B1A5-A60C-4665-AE70-876ED719E989}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [TCP Query User{52EF8013-FA6E-4726-9AA6-7C7D86723481}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{B6FF4486-8D56-4460-8C48-15E1E57BC8DD}C:\program files (x86)\image-line\minihost\minihostmodular.exe] => (Allow) C:\program files (x86)\image-line\minihost\minihostmodular.exe
FirewallRules: [TCP Query User{721A12D3-2953-4CA3-8B25-CE3F93242221}C:\program files (x86)\image-line\minihost\minihostmodular.exe] => (Allow) C:\program files (x86)\image-line\minihost\minihostmodular.exe
FirewallRules: [UDP Query User{0D3B9296-4EFF-44EA-A425-122B50F498CD}C:\program files (x86)\vb\voicemeeter\voicemeeter.exe] => (Allow) C:\program files (x86)\vb\voicemeeter\voicemeeter.exe
FirewallRules: [TCP Query User{5113E71B-0CC9-400B-8223-1459F81C5945}C:\program files (x86)\vb\voicemeeter\voicemeeter.exe] => (Allow) C:\program files (x86)\vb\voicemeeter\voicemeeter.exe
FirewallRules: [UDP Query User{197DF1DE-9F04-4F42-98CC-74230AA4A7EE}C:\program files (x86)\image-line\minihost\minihostmodular_x64.exe] => (Allow) C:\program files (x86)\image-line\minihost\minihostmodular_x64.exe
FirewallRules: [TCP Query User{2B2E1E0B-4AAA-465F-B329-E2AEC486E8C1}C:\program files (x86)\image-line\minihost\minihostmodular_x64.exe] => (Allow) C:\program files (x86)\image-line\minihost\minihostmodular_x64.exe
FirewallRules: [UDP Query User{542C93DF-3ECD-4576-90AA-932A87280F3B}C:\program files (x86)\image-line\fl studio 12\system\tools\bridge\32bit\ilbridge.exe] => (Allow) C:\program files (x86)\image-line\fl studio 12\system\tools\bridge\32bit\ilbridge.exe
FirewallRules: [TCP Query User{A0CED2DA-FD83-4969-9514-3F613649F3B9}C:\program files (x86)\image-line\fl studio 12\system\tools\bridge\32bit\ilbridge.exe] => (Allow) C:\program files (x86)\image-line\fl studio 12\system\tools\bridge\32bit\ilbridge.exe
FirewallRules: [{AA75ED7A-9EA1-4663-AB88-617C8BD91061}] => (Allow) C:\Users\ALLAH is UP\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [UDP Query User{D45F929C-AE82-49F9-8D96-D01379D9C778}C:\program files (x86)\ea games\command & conquer generals zero hour\game.dat] => (Allow) C:\program files (x86)\ea games\command & conquer generals zero hour\game.dat
FirewallRules: [TCP Query User{66E23A53-2F2A-4879-9D70-EE59D953A10D}C:\program files (x86)\ea games\command & conquer generals zero hour\game.dat] => (Allow) C:\program files (x86)\ea games\command & conquer generals zero hour\game.dat
FirewallRules: [{D6BC31A1-2F40-47A4-BDF2-399AB349AD74}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{9B4FA300-A6A8-451B-99A4-31FE24DC6A3F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{E21626DD-B54B-41D2-AD72-62020D36F75F}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{888096E0-4E13-4EB8-8911-1AB9001B6707}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E335A964-D45C-4881-988A-0B2230E9B392}] => (Allow) LPort=1900
FirewallRules: [{F6FD8472-D00E-498B-A807-A1C427D88395}] => (Allow) LPort=2869
FirewallRules: [{BF74D15D-4FFE-42CE-8324-8325A9C5A2BE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A6389C21-A9F4-4F3F-A73F-E9132448BFE8}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{25251CBC-53F2-424E-9241-761DD34B76EA}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [TCP Query User{B0BBE7D0-8018-47F5-9240-DBA0762B25ED}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [UDP Query User{C5061046-C0DA-4C37-89F2-53531A1C4954}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [{2271153B-757F-46F0-85EF-9FC00A3C9F6F}] => (Allow) C:\Program Files\Netcam Studio - 64-bit\NetcamStudio.Service.exe
FirewallRules: [{674048E0-F7B9-4F1A-9300-D71F7C3932D9}] => (Allow) LPort=8100
FirewallRules: [{1DD68E7D-CB0A-4BC3-A7C0-8241E559305C}] => (Allow) LPort=8124
FirewallRules: [{A9407BB6-5771-4288-8743-B3A57CF48E22}] => (Allow) C:\Program Files\Netcam Studio - 64-bit\NetcamStudioX.exe
FirewallRules: [TCP Query User{438BA469-68A5-4154-934E-B63CCE11C652}C:\program files\ispy\ispy.exe] => (Block) C:\program files\ispy\ispy.exe
FirewallRules: [UDP Query User{E441CEB6-B97B-4920-BA0F-A7C2933E6A9E}C:\program files\ispy\ispy.exe] => (Block) C:\program files\ispy\ispy.exe
FirewallRules: [TCP Query User{61719147-7A2F-436D-8119-17B18076186B}D:\bsearch_en.exe] => (Allow) D:\bsearch_en.exe
FirewallRules: [UDP Query User{6457032E-3C2A-4779-B3E9-19E70527A82A}D:\bsearch_en.exe] => (Allow) D:\bsearch_en.exe
FirewallRules: [{45566F61-67EC-4589-93CD-F1F9569E98B1}] => (Allow) C:\Program Files (x86)\IPCMonitor_en\IPCMonitor.exe
FirewallRules: [{48478AE8-D1E2-4EE6-9992-A75BB2DC82EF}] => (Allow) C:\Program Files (x86)\IPCMonitor_en\IPCMonitor.exe
FirewallRules: [{EECB82CB-D691-4DEC-BAD5-EA0C953A0895}] => (Allow) C:\Program Files (x86)\IPCMonitor_en\IPCMonitor.exe
FirewallRules: [{5D7ADA48-73A1-451E-99A7-C12F0192AB02}] => (Allow) C:\Program Files (x86)\IPCMonitor_en\IPCMonitor.exe
FirewallRules: [TCP Query User{FAF4B238-7BCA-4DC4-A168-659DF53ABEB8}C:\program files (x86)\ipcmonitor_en\nvrplay.exe] => (Allow) C:\program files (x86)\ipcmonitor_en\nvrplay.exe
FirewallRules: [UDP Query User{6965B0C2-D1B8-42B6-8379-531073AF302C}C:\program files (x86)\ipcmonitor_en\nvrplay.exe] => (Allow) C:\program files (x86)\ipcmonitor_en\nvrplay.exe
FirewallRules: [TCP Query User{6B3FA95E-68F5-4AC7-A7B4-0080C2C9FBD9}C:\users\allah is up\desktop\bsearch_en.exe] => (Allow) C:\users\allah is up\desktop\bsearch_en.exe
FirewallRules: [UDP Query User{10F2E3A4-DEE0-43F2-A80F-639DFBC7456F}C:\users\allah is up\desktop\bsearch_en.exe] => (Allow) C:\users\allah is up\desktop\bsearch_en.exe
FirewallRules: [TCP Query User{9C84A8F9-6CEA-41A9-A2AD-C414E6A36CF9}C:\users\allah is up\desktop\bsearch_en.exe] => (Block) C:\users\allah is up\desktop\bsearch_en.exe
FirewallRules: [UDP Query User{7AD9DE2C-CA54-4397-9B26-3BE7B37DE3AC}C:\users\allah is up\desktop\bsearch_en.exe] => (Block) C:\users\allah is up\desktop\bsearch_en.exe
FirewallRules: [TCP Query User{43B75871-5126-4785-B5CD-C575F1D4C33C}D:\bsearch_en.exe] => (Block) D:\bsearch_en.exe
FirewallRules: [UDP Query User{F0847478-DE83-45E3-B82B-204A9BF46243}D:\bsearch_en.exe] => (Block) D:\bsearch_en.exe
FirewallRules: [{87193180-D153-4E1E-B5CE-98564DFD6FB5}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe
FirewallRules: [TCP Query User{A610EE6D-6AE8-4BB0-BBF0-8402B788BC69}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{2A914FE8-783F-49A2-9A2E-8EC32305EDAC}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{5A7C9E70-D5FA-4F59-B5C7-685DC457C541}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{DBD383A5-1B1E-403A-83DA-DCEE1FCBE54C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{FEECB766-3202-4A3A-900B-98530EF28104}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{E89A2BFB-D765-462C-A7FB-20C25D53B522}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{F9694ED3-3CA8-4F9F-9598-586F10C0051B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{A178A614-EE57-447B-ADBE-FAEB62506CC9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{70D2E06D-91BA-4494-A8BE-4CE51AB740FD}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{93A2AF5E-FDB8-4E71-A727-48A028D94E39}C:\program files\realvnc\vnc server\vncserver.exe] => (Allow) C:\program files\realvnc\vnc server\vncserver.exe
FirewallRules: [UDP Query User{8FD247FF-8012-4E99-A51E-07869E5538B8}C:\program files\realvnc\vnc server\vncserver.exe] => (Allow) C:\program files\realvnc\vnc server\vncserver.exe
FirewallRules: [{2E8205F7-A4C6-44B0-9825-2BA1568367FF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{19966D90-3A99-48ED-81EA-6EFA5F9ED2B1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{DBBE1BE6-58B5-4F50-AC76-F8FE9F280DAE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{9CBF694F-7046-48AF-8C88-9E8F29BED51A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{87EFE3FC-4445-4751-B655-625FABBAFBE3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{6C810C98-E397-49F7-99CB-41F0344BFB28}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{16B2C784-CD4A-4DCE-91E4-A295857EDA50}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
24-05-2016 12:42:18 Scheduled Checkpoint
06-06-2016 21:48:35 Scheduled Checkpoint
13-06-2016 23:43:50 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/29/2016 11:57:59 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2116-06-06T06:57:58Z. Error Code: 0x80040154.
 
Error: (06/29/2016 11:16:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLAHisUP-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/29/2016 11:14:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000409
Fault offset: 0x000000000002144b
Faulting process id: 0x8d8
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3
Faulting package full name: svchost.exe_wuauserv4
Faulting package-relative application ID: svchost.exe_wuauserv5
 
Error: (06/29/2016 11:14:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mmc.exe, version: 10.0.10586.0, time stamp: 0x5632d42c
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000374
Fault offset: 0x00000000000ee6fc
Faulting process id: 0x37a0
Faulting application start time: 0xmmc.exe0
Faulting application path: mmc.exe1
Faulting module path: mmc.exe2
Report Id: mmc.exe3
Faulting package full name: mmc.exe4
Faulting package-relative application ID: mmc.exe5
 
Error: (06/29/2016 11:14:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLAHisUP-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/29/2016 11:10:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLAHisUP-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/29/2016 11:10:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLAHisUP-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/29/2016 11:10:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLAHisUP-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/29/2016 11:10:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLAHisUP-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/29/2016 11:10:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLAHisUP-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (06/29/2016 11:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (06/29/2016 11:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (06/29/2016 11:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The User Manager service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (06/29/2016 11:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (06/29/2016 11:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Event Notification Service service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (06/29/2016 11:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The User Profile Service service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (06/29/2016 11:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Server service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (06/29/2016 11:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IP Helper service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (06/29/2016 11:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Device Setup Manager service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/29/2016 11:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Computer Browser service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-05-21 16:42:19.599
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-16 18:19:28.135
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-06 20:19:53.525
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-03 16:23:17.050
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-31 01:43:15.023
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-16 20:47:29.785
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-09 21:50:01.292
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-02 12:06:42.334
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-17 14:07:39.208
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-12 11:56:48.831
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz
Percentage of memory in use: 82%
Total physical RAM: 2013.24 MB
Available physical RAM: 350.75 MB
Total Virtual: 4061.24 MB
Available Virtual: 2115.8 MB
 
==================== Drives ================================
 
Drive c: (eMachines) (Fixed) (Total:283.49 GB) (Free:187.71 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 76CA7A7E)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP

OK.  This looks suspicious:

 

Failed to access process -> svchost.exe

 

Let's run some scans:

 

Download aswMBR.exe  to your desktop.
Right click on aswMBR.exe and Run As ADmin
uncheck trace disk IO calls
Change the Quickscan to C:\
 (Allow the Avast engine download if asked) Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply
 

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  
 
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.
 
 
Let's also try the bitdefender quickscan.
 
 
When it finishes there is a View Report option at the bottom.  Click on it and copy and paste the report (even if it says nothing found).
 
 
 
Kaspersky also has a scan.  http://www.kaspersky...free-virus-scan Don't have instructions for it but it should be easy to figure out.
 

  • 0

#5
Evelyn Smith

Evelyn Smith

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

So things are getting worse. I got a blue screen of death with a watchdog error and when I restarted I the desktop won't start up. The background is there with no icons. 

 

my aswMBR.txt file:

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software

Run date: 2016-07-04 21:44:50
-----------------------------
21:44:50.189    OS Version: Windows x64 6.2.9200 
21:44:50.204    Number of processors: 2 586 0x170A
21:44:50.204    ComputerName: ALLAHISUP-PC  UserName: ALLAH is UP
21:44:51.814    Initialize success
21:44:51.877    VM: initialized successfully
21:44:51.877    VM: Intel CPU supported 
21:45:02.041    VM: disk I/O atapi.sys
21:45:34.764    AVAST engine defs: 16070401
21:45:46.928    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
21:45:46.928    Disk 0 Vendor: WDC_WD3200AAJS-22L7A0 01.03E01 Size: 305245MB BusType: 3
21:45:47.053    Disk 0 MBR read successfully
21:45:47.053    Disk 0 MBR scan
21:45:47.084    Disk 0 Windows 7 default MBR code
21:45:47.100    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        14848 MB offset 2048
21:45:47.131    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 30410752
21:45:47.146    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       290295 MB offset 30615552
21:45:47.162    Disk 0 scanning C:\WINDOWS\system32\drivers
21:45:59.368    Service scanning
21:46:25.124    Modules scanning
21:46:25.749    AVAST engine scan C:\
23:42:20.362    Disk 0 statistics 22768799/0/0 @ 2.01 MB/s
23:42:20.378    Scan finished successfully
23:44:58.936    Disk 0 MBR has been saved successfully to "C:\Users\ALLAH is UP\Downloads\MBR.dat"
23:44:58.952    The log file has been saved successfully to "C:\Users\ALLAH is UP\Downloads\aswMBR.txt"
 
it had the FixMBR button enabled.
 
eSet ran with no results and therefore there was no log file
 
Bitdefender Didn't even work  or install
I didn't find a kaspersky log file

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP

Copy the next line:

DISM /Online /Cleanup-Image /RestoreHealth

Open an Elevated Command Prompt (See: http://www.eightforu...indows-8-a.html )

 

Right click and Paste (or Edit then Paste) and the copied line should appear.  Hit Enter.

 

When it finishes (takes about 15 minutes).

 

 Reboot.  

 

Open an Elevated Command Prompt again and type

sfc /scannow

and Hit Enter.  This takes about 10 minutes for the prompt to return.

 

Copy the next lne:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \junk.txt 

Hit Enter.  Now Type:

notepad \junk.txt

Hit Enter.  Notepad should open.  Copy the text and paste it into a reply.

 

Going to be away from the PC today.  Back this evening.


  • 0

#7
Evelyn Smith

Evelyn Smith

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

I ran eset and got this from the log report: 

C:\Program Files (x86)\Paltalk Messenger\ApnOC.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting

 

Here is my log report from the most recent steps that were mentioned junk.txt:

2016-07-06 18:53:01, Info                  CSI    0000000a [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:53:01, Info                  CSI    0000000b [SR] Beginning Verify and Repair transaction
2016-07-06 18:53:09, Info                  CSI    00000070 [SR] Verify complete
2016-07-06 18:53:09, Info                  CSI    00000071 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:53:09, Info                  CSI    00000072 [SR] Beginning Verify and Repair transaction
2016-07-06 18:53:17, Info                  CSI    000000d7 [SR] Verify complete
2016-07-06 18:53:17, Info                  CSI    000000d8 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:53:17, Info                  CSI    000000d9 [SR] Beginning Verify and Repair transaction
2016-07-06 18:53:25, Info                  CSI    0000013e [SR] Verify complete
2016-07-06 18:53:25, Info                  CSI    0000013f [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:53:25, Info                  CSI    00000140 [SR] Beginning Verify and Repair transaction
2016-07-06 18:53:32, Info                  CSI    000001a5 [SR] Verify complete
2016-07-06 18:53:32, Info                  CSI    000001a6 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:53:32, Info                  CSI    000001a7 [SR] Beginning Verify and Repair transaction
2016-07-06 18:53:40, Info                  CSI    0000020c [SR] Verify complete
2016-07-06 18:53:40, Info                  CSI    0000020d [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:53:40, Info                  CSI    0000020e [SR] Beginning Verify and Repair transaction
2016-07-06 18:53:47, Info                  CSI    00000273 [SR] Verify complete
2016-07-06 18:53:48, Info                  CSI    00000274 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:53:48, Info                  CSI    00000275 [SR] Beginning Verify and Repair transaction
2016-07-06 18:53:55, Info                  CSI    000002da [SR] Verify complete
2016-07-06 18:53:55, Info                  CSI    000002db [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:53:55, Info                  CSI    000002dc [SR] Beginning Verify and Repair transaction
2016-07-06 18:54:02, Info                  CSI    00000341 [SR] Verify complete
2016-07-06 18:54:02, Info                  CSI    00000342 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:54:02, Info                  CSI    00000343 [SR] Beginning Verify and Repair transaction
2016-07-06 18:54:09, Info                  CSI    000003a8 [SR] Verify complete
2016-07-06 18:54:09, Info                  CSI    000003a9 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:54:09, Info                  CSI    000003aa [SR] Beginning Verify and Repair transaction
2016-07-06 18:54:17, Info                  CSI    0000040f [SR] Verify complete
2016-07-06 18:54:17, Info                  CSI    00000410 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:54:17, Info                  CSI    00000411 [SR] Beginning Verify and Repair transaction
2016-07-06 18:54:25, Info                  CSI    00000478 [SR] Verify complete
2016-07-06 18:54:25, Info                  CSI    00000479 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:54:25, Info                  CSI    0000047a [SR] Beginning Verify and Repair transaction
2016-07-06 18:54:33, Info                  CSI    000004df [SR] Verify complete
2016-07-06 18:54:33, Info                  CSI    000004e0 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:54:33, Info                  CSI    000004e1 [SR] Beginning Verify and Repair transaction
2016-07-06 18:54:41, Info                  CSI    00000546 [SR] Verify complete
2016-07-06 18:54:41, Info                  CSI    00000547 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:54:41, Info                  CSI    00000548 [SR] Beginning Verify and Repair transaction
2016-07-06 18:54:48, Info                  CSI    000005ad [SR] Verify complete
2016-07-06 18:54:48, Info                  CSI    000005ae [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:54:48, Info                  CSI    000005af [SR] Beginning Verify and Repair transaction
2016-07-06 18:54:55, Info                  CSI    00000614 [SR] Verify complete
2016-07-06 18:54:55, Info                  CSI    00000615 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:54:55, Info                  CSI    00000616 [SR] Beginning Verify and Repair transaction
2016-07-06 18:55:01, Info                  CSI    0000067b [SR] Verify complete
2016-07-06 18:55:01, Info                  CSI    0000067c [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:55:01, Info                  CSI    0000067d [SR] Beginning Verify and Repair transaction
2016-07-06 18:55:09, Info                  CSI    000006e2 [SR] Verify complete
2016-07-06 18:55:09, Info                  CSI    000006e3 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:55:09, Info                  CSI    000006e4 [SR] Beginning Verify and Repair transaction
2016-07-06 18:55:18, Info                  CSI    00000749 [SR] Verify complete
2016-07-06 18:55:18, Info                  CSI    0000074a [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:55:18, Info                  CSI    0000074b [SR] Beginning Verify and Repair transaction
2016-07-06 18:55:26, Info                  CSI    000007b0 [SR] Verify complete
2016-07-06 18:55:26, Info                  CSI    000007b1 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:55:26, Info                  CSI    000007b2 [SR] Beginning Verify and Repair transaction
2016-07-06 18:55:33, Info                  CSI    00000817 [SR] Verify complete
2016-07-06 18:55:33, Info                  CSI    00000818 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:55:33, Info                  CSI    00000819 [SR] Beginning Verify and Repair transaction
2016-07-06 18:55:41, Info                  CSI    0000087e [SR] Verify complete
2016-07-06 18:55:41, Info                  CSI    0000087f [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:55:41, Info                  CSI    00000880 [SR] Beginning Verify and Repair transaction
2016-07-06 18:55:49, Info                  CSI    000008e5 [SR] Verify complete
2016-07-06 18:55:49, Info                  CSI    000008e6 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:55:49, Info                  CSI    000008e7 [SR] Beginning Verify and Repair transaction
2016-07-06 18:55:56, Info                  CSI    0000094c [SR] Verify complete
2016-07-06 18:55:56, Info                  CSI    0000094d [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:55:56, Info                  CSI    0000094e [SR] Beginning Verify and Repair transaction
2016-07-06 18:56:03, Info                  CSI    000009b3 [SR] Verify complete
2016-07-06 18:56:03, Info                  CSI    000009b4 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:56:03, Info                  CSI    000009b5 [SR] Beginning Verify and Repair transaction
2016-07-06 18:56:10, Info                  CSI    00000a1a [SR] Verify complete
2016-07-06 18:56:10, Info                  CSI    00000a1b [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:56:10, Info                  CSI    00000a1c [SR] Beginning Verify and Repair transaction
2016-07-06 18:56:19, Info                  CSI    00000a8b [SR] Verify complete
2016-07-06 18:56:19, Info                  CSI    00000a8c [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:56:19, Info                  CSI    00000a8d [SR] Beginning Verify and Repair transaction
2016-07-06 18:56:25, Info                  CSI    00000af2 [SR] Verify complete
2016-07-06 18:56:25, Info                  CSI    00000af3 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:56:25, Info                  CSI    00000af4 [SR] Beginning Verify and Repair transaction
2016-07-06 18:56:31, Info                  CSI    00000b59 [SR] Verify complete
2016-07-06 18:56:31, Info                  CSI    00000b5a [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:56:31, Info                  CSI    00000b5b [SR] Beginning Verify and Repair transaction
2016-07-06 18:56:38, Info                  CSI    00000bc7 [SR] Verify complete
2016-07-06 18:56:38, Info                  CSI    00000bc8 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:56:38, Info                  CSI    00000bc9 [SR] Beginning Verify and Repair transaction
2016-07-06 18:56:45, Info                  CSI    00000c31 [SR] Verify complete
2016-07-06 18:56:45, Info                  CSI    00000c32 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:56:45, Info                  CSI    00000c33 [SR] Beginning Verify and Repair transaction
2016-07-06 18:56:51, Info                  CSI    00000c98 [SR] Verify complete
2016-07-06 18:56:51, Info                  CSI    00000c99 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:56:51, Info                  CSI    00000c9a [SR] Beginning Verify and Repair transaction
2016-07-06 18:57:02, Info                  CSI    00000d1a [SR] Verify complete
2016-07-06 18:57:02, Info                  CSI    00000d1b [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:57:02, Info                  CSI    00000d1c [SR] Beginning Verify and Repair transaction
2016-07-06 18:57:15, Info                  CSI    00000d8f [SR] Verify complete
2016-07-06 18:57:15, Info                  CSI    00000d90 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:57:15, Info                  CSI    00000d91 [SR] Beginning Verify and Repair transaction
2016-07-06 18:57:26, Info                  CSI    00000dfc [SR] Verify complete
2016-07-06 18:57:26, Info                  CSI    00000dfd [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:57:26, Info                  CSI    00000dfe [SR] Beginning Verify and Repair transaction
2016-07-06 18:57:35, Info                  CSI    00000e6e [SR] Verify complete
2016-07-06 18:57:35, Info                  CSI    00000e6f [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:57:35, Info                  CSI    00000e70 [SR] Beginning Verify and Repair transaction
2016-07-06 18:57:46, Info                  CSI    00000edd [SR] Verify complete
2016-07-06 18:57:46, Info                  CSI    00000ede [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:57:46, Info                  CSI    00000edf [SR] Beginning Verify and Repair transaction
2016-07-06 18:57:57, Info                  CSI    00000f44 [SR] Verify complete
2016-07-06 18:57:58, Info                  CSI    00000f45 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:57:58, Info                  CSI    00000f46 [SR] Beginning Verify and Repair transaction
2016-07-06 18:58:07, Info                  CSI    00000fab [SR] Verify complete
2016-07-06 18:58:08, Info                  CSI    00000fac [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:58:08, Info                  CSI    00000fad [SR] Beginning Verify and Repair transaction
2016-07-06 18:58:14, Info                  CSI    00001012 [SR] Verify complete
2016-07-06 18:58:14, Info                  CSI    00001013 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:58:14, Info                  CSI    00001014 [SR] Beginning Verify and Repair transaction
2016-07-06 18:58:30, Info                  CSI    0000107e [SR] Verify complete
2016-07-06 18:58:30, Info                  CSI    0000107f [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:58:30, Info                  CSI    00001080 [SR] Beginning Verify and Repair transaction
2016-07-06 18:58:45, Info                  CSI    0000112f [SR] Verify complete
2016-07-06 18:58:45, Info                  CSI    00001130 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:58:45, Info                  CSI    00001131 [SR] Beginning Verify and Repair transaction
2016-07-06 18:58:55, Info                  CSI    000011a8 [SR] Verify complete
2016-07-06 18:58:55, Info                  CSI    000011a9 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:58:55, Info                  CSI    000011aa [SR] Beginning Verify and Repair transaction
2016-07-06 18:59:09, Info                  CSI    0000128a [SR] Verify complete
2016-07-06 18:59:09, Info                  CSI    0000128b [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:59:09, Info                  CSI    0000128c [SR] Beginning Verify and Repair transaction
2016-07-06 18:59:20, Info                  CSI    00001303 [SR] Verify complete
2016-07-06 18:59:20, Info                  CSI    00001304 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:59:20, Info                  CSI    00001305 [SR] Beginning Verify and Repair transaction
2016-07-06 18:59:30, Info                  CSI    00001377 [SR] Verify complete
2016-07-06 18:59:30, Info                  CSI    00001378 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:59:30, Info                  CSI    00001379 [SR] Beginning Verify and Repair transaction
2016-07-06 18:59:41, Info                  CSI    00001400 [SR] Verify complete
2016-07-06 18:59:41, Info                  CSI    00001401 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:59:41, Info                  CSI    00001402 [SR] Beginning Verify and Repair transaction
2016-07-06 18:59:52, Info                  CSI    0000147b [SR] Verify complete
2016-07-06 18:59:52, Info                  CSI    0000147c [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 18:59:52, Info                  CSI    0000147d [SR] Beginning Verify and Repair transaction
2016-07-06 19:00:02, Info                  CSI    000014ed [SR] Verify complete
2016-07-06 19:00:02, Info                  CSI    000014ee [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:00:02, Info                  CSI    000014ef [SR] Beginning Verify and Repair transaction
2016-07-06 19:00:12, Info                  CSI    00001555 [SR] Verify complete
2016-07-06 19:00:12, Info                  CSI    00001556 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:00:12, Info                  CSI    00001557 [SR] Beginning Verify and Repair transaction
2016-07-06 19:00:23, Info                  CSI    000015c5 [SR] Verify complete
2016-07-06 19:00:23, Info                  CSI    000015c6 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:00:23, Info                  CSI    000015c7 [SR] Beginning Verify and Repair transaction
2016-07-06 19:00:33, Info                  CSI    00001648 [SR] Verify complete
2016-07-06 19:00:33, Info                  CSI    00001649 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:00:33, Info                  CSI    0000164a [SR] Beginning Verify and Repair transaction
2016-07-06 19:00:46, Info                  CSI    000016e4 [SR] Verify complete
2016-07-06 19:00:46, Info                  CSI    000016e5 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:00:46, Info                  CSI    000016e6 [SR] Beginning Verify and Repair transaction
2016-07-06 19:01:01, Info                  CSI    00001798 [SR] Verify complete
2016-07-06 19:01:01, Info                  CSI    00001799 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:01:01, Info                  CSI    0000179a [SR] Beginning Verify and Repair transaction
2016-07-06 19:01:16, Info                  CSI    0000184e [SR] Verify complete
2016-07-06 19:01:16, Info                  CSI    0000184f [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:01:16, Info                  CSI    00001850 [SR] Beginning Verify and Repair transaction
2016-07-06 19:01:25, Info                  CSI    000018c0 [SR] Verify complete
2016-07-06 19:01:25, Info                  CSI    000018c1 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:01:25, Info                  CSI    000018c2 [SR] Beginning Verify and Repair transaction
2016-07-06 19:01:35, Info                  CSI    0000193a [SR] Verify complete
2016-07-06 19:01:35, Info                  CSI    0000193b [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:01:35, Info                  CSI    0000193c [SR] Beginning Verify and Repair transaction
2016-07-06 19:01:47, Info                  CSI    000019fc [SR] Verify complete
2016-07-06 19:01:47, Info                  CSI    000019fd [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:01:47, Info                  CSI    000019fe [SR] Beginning Verify and Repair transaction
2016-07-06 19:01:55, Info                  CSI    00001a63 [SR] Verify complete
2016-07-06 19:01:55, Info                  CSI    00001a64 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:01:55, Info                  CSI    00001a65 [SR] Beginning Verify and Repair transaction
2016-07-06 19:02:02, Info                  CSI    00001aca [SR] Verify complete
2016-07-06 19:02:02, Info                  CSI    00001acb [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:02:02, Info                  CSI    00001acc [SR] Beginning Verify and Repair transaction
2016-07-06 19:02:14, Info                  CSI    00001b43 [SR] Verify complete
2016-07-06 19:02:14, Info                  CSI    00001b44 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:02:14, Info                  CSI    00001b45 [SR] Beginning Verify and Repair transaction
2016-07-06 19:02:23, Info                  CSI    00001bad [SR] Verify complete
2016-07-06 19:02:23, Info                  CSI    00001bae [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:02:23, Info                  CSI    00001baf [SR] Beginning Verify and Repair transaction
2016-07-06 19:02:33, Info                  CSI    00001c23 [SR] Verify complete
2016-07-06 19:02:33, Info                  CSI    00001c24 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:02:33, Info                  CSI    00001c25 [SR] Beginning Verify and Repair transaction
2016-07-06 19:02:47, Info                  CSI    00001ca7 [SR] Verify complete
2016-07-06 19:02:47, Info                  CSI    00001ca8 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:02:47, Info                  CSI    00001ca9 [SR] Beginning Verify and Repair transaction
2016-07-06 19:02:57, Info                  CSI    00001d22 [SR] Verify complete
2016-07-06 19:02:57, Info                  CSI    00001d23 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:02:57, Info                  CSI    00001d24 [SR] Beginning Verify and Repair transaction
2016-07-06 19:03:09, Info                  CSI    00001dbc [SR] Verify complete
2016-07-06 19:03:09, Info                  CSI    00001dbd [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:03:09, Info                  CSI    00001dbe [SR] Beginning Verify and Repair transaction
2016-07-06 19:03:20, Info                  CSI    00001e50 [SR] Verify complete
2016-07-06 19:03:20, Info                  CSI    00001e51 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:03:20, Info                  CSI    00001e52 [SR] Beginning Verify and Repair transaction
2016-07-06 19:03:34, Info                  CSI    00001edb [SR] Verify complete
2016-07-06 19:03:34, Info                  CSI    00001edc [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:03:34, Info                  CSI    00001edd [SR] Beginning Verify and Repair transaction
2016-07-06 19:03:45, Info                  CSI    00001f51 [SR] Verify complete
2016-07-06 19:03:45, Info                  CSI    00001f52 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:03:45, Info                  CSI    00001f53 [SR] Beginning Verify and Repair transaction
2016-07-06 19:03:56, Info                  CSI    00001fc4 [SR] Verify complete
2016-07-06 19:03:56, Info                  CSI    00001fc5 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:03:56, Info                  CSI    00001fc6 [SR] Beginning Verify and Repair transaction
2016-07-06 19:04:19, Info                  CSI    00002093 [SR] Verify complete
2016-07-06 19:04:19, Info                  CSI    00002094 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:04:19, Info                  CSI    00002095 [SR] Beginning Verify and Repair transaction
2016-07-06 19:04:30, Info                  CSI    00002114 [SR] Verify complete
2016-07-06 19:04:30, Info                  CSI    00002115 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:04:30, Info                  CSI    00002116 [SR] Beginning Verify and Repair transaction
2016-07-06 19:04:40, Info                  CSI    00002185 [SR] Verify complete
2016-07-06 19:04:40, Info                  CSI    00002186 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:04:40, Info                  CSI    00002187 [SR] Beginning Verify and Repair transaction
2016-07-06 19:04:48, Info                  CSI    000021f0 [SR] Verify complete
2016-07-06 19:04:48, Info                  CSI    000021f1 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:04:48, Info                  CSI    000021f2 [SR] Beginning Verify and Repair transaction
2016-07-06 19:04:59, Info                  CSI    00002279 [SR] Verify complete
2016-07-06 19:04:59, Info                  CSI    0000227a [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:04:59, Info                  CSI    0000227b [SR] Beginning Verify and Repair transaction
2016-07-06 19:05:10, Info                  CSI    00002307 [SR] Verify complete
2016-07-06 19:05:10, Info                  CSI    00002308 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:05:10, Info                  CSI    00002309 [SR] Beginning Verify and Repair transaction
2016-07-06 19:05:19, Info                  CSI    00002375 [SR] Verify complete
2016-07-06 19:05:19, Info                  CSI    00002376 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:05:19, Info                  CSI    00002377 [SR] Beginning Verify and Repair transaction
2016-07-06 19:05:30, Info                  CSI    000023f2 [SR] Verify complete
2016-07-06 19:05:30, Info                  CSI    000023f3 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:05:30, Info                  CSI    000023f4 [SR] Beginning Verify and Repair transaction
2016-07-06 19:05:39, Info                  CSI    00002469 [SR] Verify complete
2016-07-06 19:05:39, Info                  CSI    0000246a [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:05:39, Info                  CSI    0000246b [SR] Beginning Verify and Repair transaction
2016-07-06 19:05:49, Info                  CSI    000024e4 [SR] Verify complete
2016-07-06 19:05:49, Info                  CSI    000024e5 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:05:49, Info                  CSI    000024e6 [SR] Beginning Verify and Repair transaction
2016-07-06 19:06:02, Info                  CSI    0000257b [SR] Verify complete
2016-07-06 19:06:02, Info                  CSI    0000257c [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:06:02, Info                  CSI    0000257d [SR] Beginning Verify and Repair transaction
2016-07-06 19:06:12, Info                  CSI    000025f7 [SR] Verify complete
2016-07-06 19:06:13, Info                  CSI    000025f8 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:06:13, Info                  CSI    000025f9 [SR] Beginning Verify and Repair transaction
2016-07-06 19:06:21, Info                  CSI    0000265e [SR] Verify complete
2016-07-06 19:06:22, Info                  CSI    0000265f [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:06:22, Info                  CSI    00002660 [SR] Beginning Verify and Repair transaction
2016-07-06 19:06:32, Info                  CSI    000026d5 [SR] Verify complete
2016-07-06 19:06:32, Info                  CSI    000026d6 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:06:32, Info                  CSI    000026d7 [SR] Beginning Verify and Repair transaction
2016-07-06 19:06:42, Info                  CSI    0000274d [SR] Verify complete
2016-07-06 19:06:42, Info                  CSI    0000274e [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:06:42, Info                  CSI    0000274f [SR] Beginning Verify and Repair transaction
2016-07-06 19:06:51, Info                  CSI    000027b9 [SR] Verify complete
2016-07-06 19:06:51, Info                  CSI    000027ba [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:06:51, Info                  CSI    000027bb [SR] Beginning Verify and Repair transaction
2016-07-06 19:06:59, Info                  CSI    00002828 [SR] Verify complete
2016-07-06 19:06:59, Info                  CSI    00002829 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:06:59, Info                  CSI    0000282a [SR] Beginning Verify and Repair transaction
2016-07-06 19:07:12, Info                  CSI    000028a7 [SR] Verify complete
2016-07-06 19:07:12, Info                  CSI    000028a8 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:07:12, Info                  CSI    000028a9 [SR] Beginning Verify and Repair transaction
2016-07-06 19:07:23, Info                  CSI    00002927 [SR] Verify complete
2016-07-06 19:07:23, Info                  CSI    00002928 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:07:23, Info                  CSI    00002929 [SR] Beginning Verify and Repair transaction
2016-07-06 19:07:35, Info                  CSI    0000299c [SR] Verify complete
2016-07-06 19:07:35, Info                  CSI    0000299d [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:07:35, Info                  CSI    0000299e [SR] Beginning Verify and Repair transaction
2016-07-06 19:07:50, Info                  CSI    00002a42 [SR] Verify complete
2016-07-06 19:07:50, Info                  CSI    00002a43 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:07:50, Info                  CSI    00002a44 [SR] Beginning Verify and Repair transaction
2016-07-06 19:08:10, Info                  CSI    00002ac8 [SR] Verify complete
2016-07-06 19:08:10, Info                  CSI    00002ac9 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:08:10, Info                  CSI    00002aca [SR] Beginning Verify and Repair transaction
2016-07-06 19:08:20, Info                  CSI    00002b33 [SR] Verify complete
2016-07-06 19:08:20, Info                  CSI    00002b34 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:08:20, Info                  CSI    00002b35 [SR] Beginning Verify and Repair transaction
2016-07-06 19:08:30, Info                  CSI    00002bad [SR] Verify complete
2016-07-06 19:08:30, Info                  CSI    00002bae [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:08:30, Info                  CSI    00002baf [SR] Beginning Verify and Repair transaction
2016-07-06 19:08:41, Info                  CSI    00002c1f [SR] Verify complete
2016-07-06 19:08:41, Info                  CSI    00002c20 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:08:41, Info                  CSI    00002c21 [SR] Beginning Verify and Repair transaction
2016-07-06 19:08:52, Info                  CSI    00002c8e [SR] Verify complete
2016-07-06 19:08:52, Info                  CSI    00002c8f [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:08:52, Info                  CSI    00002c90 [SR] Beginning Verify and Repair transaction
2016-07-06 19:09:02, Info                  CSI    00002cfb [SR] Verify complete
2016-07-06 19:09:02, Info                  CSI    00002cfc [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:09:02, Info                  CSI    00002cfd [SR] Beginning Verify and Repair transaction
2016-07-06 19:09:12, Info                  CSI    00002d68 [SR] Verify complete
2016-07-06 19:09:12, Info                  CSI    00002d69 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:09:12, Info                  CSI    00002d6a [SR] Beginning Verify and Repair transaction
2016-07-06 19:09:24, Info                  CSI    00002de6 [SR] Verify complete
2016-07-06 19:09:24, Info                  CSI    00002de7 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:09:24, Info                  CSI    00002de8 [SR] Beginning Verify and Repair transaction
2016-07-06 19:09:33, Info                  CSI    00002e5a [SR] Verify complete
2016-07-06 19:09:33, Info                  CSI    00002e5b [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:09:33, Info                  CSI    00002e5c [SR] Beginning Verify and Repair transaction
2016-07-06 19:09:43, Info                  CSI    00002ed4 [SR] Verify complete
2016-07-06 19:09:43, Info                  CSI    00002ed5 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:09:43, Info                  CSI    00002ed6 [SR] Beginning Verify and Repair transaction
2016-07-06 19:09:51, Info                  CSI    00002f44 [SR] Verify complete
2016-07-06 19:09:52, Info                  CSI    00002f45 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:09:52, Info                  CSI    00002f46 [SR] Beginning Verify and Repair transaction
2016-07-06 19:10:01, Info                  CSI    00002fb9 [SR] Verify complete
2016-07-06 19:10:01, Info                  CSI    00002fba [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:10:01, Info                  CSI    00002fbb [SR] Beginning Verify and Repair transaction
2016-07-06 19:10:12, Info                  CSI    00003025 [SR] Verify complete
2016-07-06 19:10:12, Info                  CSI    00003026 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:10:12, Info                  CSI    00003027 [SR] Beginning Verify and Repair transaction
2016-07-06 19:10:24, Info                  CSI    0000308c [SR] Verify complete
2016-07-06 19:10:24, Info                  CSI    0000308d [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:10:24, Info                  CSI    0000308e [SR] Beginning Verify and Repair transaction
2016-07-06 19:10:40, Info                  CSI    00003111 [SR] Verify complete
2016-07-06 19:10:40, Info                  CSI    00003112 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:10:40, Info                  CSI    00003113 [SR] Beginning Verify and Repair transaction
2016-07-06 19:10:57, Info                  CSI    00003205 [SR] Verify complete
2016-07-06 19:10:57, Info                  CSI    00003206 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:10:57, Info                  CSI    00003207 [SR] Beginning Verify and Repair transaction
2016-07-06 19:11:07, Info                  CSI    0000328e [SR] Verify complete
2016-07-06 19:11:07, Info                  CSI    0000328f [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:11:07, Info                  CSI    00003290 [SR] Beginning Verify and Repair transaction
2016-07-06 19:11:17, Info                  CSI    000032f9 [SR] Verify complete
2016-07-06 19:11:17, Info                  CSI    000032fa [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:11:17, Info                  CSI    000032fb [SR] Beginning Verify and Repair transaction
2016-07-06 19:11:26, Info                  CSI    00003360 [SR] Verify complete
2016-07-06 19:11:26, Info                  CSI    00003361 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:11:26, Info                  CSI    00003362 [SR] Beginning Verify and Repair transaction
2016-07-06 19:11:35, Info                  CSI    000033c8 [SR] Verify complete
2016-07-06 19:11:35, Info                  CSI    000033c9 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:11:35, Info                  CSI    000033ca [SR] Beginning Verify and Repair transaction
2016-07-06 19:11:45, Info                  CSI    00003430 [SR] Verify complete
2016-07-06 19:11:45, Info                  CSI    00003431 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:11:45, Info                  CSI    00003432 [SR] Beginning Verify and Repair transaction
2016-07-06 19:11:54, Info                  CSI    00003497 [SR] Verify complete
2016-07-06 19:11:54, Info                  CSI    00003498 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:11:54, Info                  CSI    00003499 [SR] Beginning Verify and Repair transaction
2016-07-06 19:12:04, Info                  CSI    000034ff [SR] Verify complete
2016-07-06 19:12:04, Info                  CSI    00003500 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:12:04, Info                  CSI    00003501 [SR] Beginning Verify and Repair transaction
2016-07-06 19:12:13, Info                  CSI    00003567 [SR] Verify complete
2016-07-06 19:12:13, Info                  CSI    00003568 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:12:13, Info                  CSI    00003569 [SR] Beginning Verify and Repair transaction
2016-07-06 19:12:20, Info                  CSI    000035ce [SR] Verify complete
2016-07-06 19:12:21, Info                  CSI    000035cf [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:12:21, Info                  CSI    000035d0 [SR] Beginning Verify and Repair transaction
2016-07-06 19:12:28, Info                  CSI    00003635 [SR] Verify complete
2016-07-06 19:12:28, Info                  CSI    00003636 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:12:28, Info                  CSI    00003637 [SR] Beginning Verify and Repair transaction
2016-07-06 19:12:36, Info                  CSI    0000369c [SR] Verify complete
2016-07-06 19:12:36, Info                  CSI    0000369d [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:12:36, Info                  CSI    0000369e [SR] Beginning Verify and Repair transaction
2016-07-06 19:12:45, Info                  CSI    00003705 [SR] Verify complete
2016-07-06 19:12:45, Info                  CSI    00003706 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:12:45, Info                  CSI    00003707 [SR] Beginning Verify and Repair transaction
2016-07-06 19:12:54, Info                  CSI    00003792 [SR] Verify complete
2016-07-06 19:12:54, Info                  CSI    00003793 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:12:54, Info                  CSI    00003794 [SR] Beginning Verify and Repair transaction
2016-07-06 19:13:02, Info                  CSI    000037f9 [SR] Verify complete
2016-07-06 19:13:02, Info                  CSI    000037fa [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:13:02, Info                  CSI    000037fb [SR] Beginning Verify and Repair transaction
2016-07-06 19:13:17, Info                  CSI    00003868 [SR] Verify complete
2016-07-06 19:13:17, Info                  CSI    00003869 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:13:17, Info                  CSI    0000386a [SR] Beginning Verify and Repair transaction
2016-07-06 19:13:31, Info                  CSI    000038cf [SR] Verify complete
2016-07-06 19:13:31, Info                  CSI    000038d0 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:13:31, Info                  CSI    000038d1 [SR] Beginning Verify and Repair transaction
2016-07-06 19:13:39, Info                  CSI    00003936 [SR] Verify complete
2016-07-06 19:13:39, Info                  CSI    00003937 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:13:39, Info                  CSI    00003938 [SR] Beginning Verify and Repair transaction
2016-07-06 19:13:48, Info                  CSI    0000399e [SR] Verify complete
2016-07-06 19:13:48, Info                  CSI    0000399f [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:13:48, Info                  CSI    000039a0 [SR] Beginning Verify and Repair transaction
2016-07-06 19:13:57, Info                  CSI    00003a05 [SR] Verify complete
2016-07-06 19:13:57, Info                  CSI    00003a06 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:13:57, Info                  CSI    00003a07 [SR] Beginning Verify and Repair transaction
2016-07-06 19:14:12, Info                  CSI    00003a72 [SR] Verify complete
2016-07-06 19:14:12, Info                  CSI    00003a73 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:14:12, Info                  CSI    00003a74 [SR] Beginning Verify and Repair transaction
2016-07-06 19:14:22, Info                  CSI    00003ae6 [SR] Verify complete
2016-07-06 19:14:22, Info                  CSI    00003ae7 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:14:22, Info                  CSI    00003ae8 [SR] Beginning Verify and Repair transaction
2016-07-06 19:14:31, Info                  CSI    00003b4d [SR] Verify complete
2016-07-06 19:14:31, Info                  CSI    00003b4e [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:14:31, Info                  CSI    00003b4f [SR] Beginning Verify and Repair transaction
2016-07-06 19:14:39, Info                  CSI    00003bb6 [SR] Verify complete
2016-07-06 19:14:39, Info                  CSI    00003bb7 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:14:39, Info                  CSI    00003bb8 [SR] Beginning Verify and Repair transaction
2016-07-06 19:14:48, Info                  CSI    00003c2c [SR] Verify complete
2016-07-06 19:14:48, Info                  CSI    00003c2d [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:14:48, Info                  CSI    00003c2e [SR] Beginning Verify and Repair transaction
2016-07-06 19:14:57, Info                  CSI    00003c9b [SR] Verify complete
2016-07-06 19:14:57, Info                  CSI    00003c9c [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:14:57, Info                  CSI    00003c9d [SR] Beginning Verify and Repair transaction
2016-07-06 19:15:05, Info                  CSI    00003d02 [SR] Verify complete
2016-07-06 19:15:05, Info                  CSI    00003d03 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:15:05, Info                  CSI    00003d04 [SR] Beginning Verify and Repair transaction
2016-07-06 19:15:13, Info                  CSI    00003d6a [SR] Verify complete
2016-07-06 19:15:13, Info                  CSI    00003d6b [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:15:13, Info                  CSI    00003d6c [SR] Beginning Verify and Repair transaction
2016-07-06 19:15:21, Info                  CSI    00003dd1 [SR] Verify complete
2016-07-06 19:15:21, Info                  CSI    00003dd2 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:15:21, Info                  CSI    00003dd3 [SR] Beginning Verify and Repair transaction
2016-07-06 19:15:29, Info                  CSI    00003e38 [SR] Verify complete
2016-07-06 19:15:29, Info                  CSI    00003e39 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:15:29, Info                  CSI    00003e3a [SR] Beginning Verify and Repair transaction
2016-07-06 19:15:42, Info                  CSI    00003eb7 [SR] Verify complete
2016-07-06 19:15:42, Info                  CSI    00003eb8 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:15:42, Info                  CSI    00003eb9 [SR] Beginning Verify and Repair transaction
2016-07-06 19:15:51, Info                  CSI    00003f24 [SR] Verify complete
2016-07-06 19:15:51, Info                  CSI    00003f25 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:15:51, Info                  CSI    00003f26 [SR] Beginning Verify and Repair transaction
2016-07-06 19:16:01, Info                  CSI    00003fb3 [SR] Verify complete
2016-07-06 19:16:01, Info                  CSI    00003fb4 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:16:01, Info                  CSI    00003fb5 [SR] Beginning Verify and Repair transaction
2016-07-06 19:16:11, Info                  CSI    0000401b [SR] Verify complete
2016-07-06 19:16:12, Info                  CSI    0000401c [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:16:12, Info                  CSI    0000401d [SR] Beginning Verify and Repair transaction
2016-07-06 19:16:22, Info                  CSI    0000409c [SR] Verify complete
2016-07-06 19:16:22, Info                  CSI    0000409d [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:16:22, Info                  CSI    0000409e [SR] Beginning Verify and Repair transaction
2016-07-06 19:16:33, Info                  CSI    00004110 [SR] Verify complete
2016-07-06 19:16:33, Info                  CSI    00004111 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:16:33, Info                  CSI    00004112 [SR] Beginning Verify and Repair transaction
2016-07-06 19:16:40, Info                  CSI    00004177 [SR] Verify complete
2016-07-06 19:16:40, Info                  CSI    00004178 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:16:40, Info                  CSI    00004179 [SR] Beginning Verify and Repair transaction
2016-07-06 19:16:48, Info                  CSI    000041de [SR] Verify complete
2016-07-06 19:16:48, Info                  CSI    000041df [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:16:48, Info                  CSI    000041e0 [SR] Beginning Verify and Repair transaction
2016-07-06 19:16:57, Info                  CSI    00004255 [SR] Verify complete
2016-07-06 19:16:57, Info                  CSI    00004256 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:16:57, Info                  CSI    00004257 [SR] Beginning Verify and Repair transaction
2016-07-06 19:17:09, Info                  CSI    000042c8 [SR] Verify complete
2016-07-06 19:17:09, Info                  CSI    000042c9 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:17:09, Info                  CSI    000042ca [SR] Beginning Verify and Repair transaction
2016-07-06 19:17:21, Info                  CSI    00004357 [SR] Verify complete
2016-07-06 19:17:21, Info                  CSI    00004358 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:17:21, Info                  CSI    00004359 [SR] Beginning Verify and Repair transaction
2016-07-06 19:17:35, Info                  CSI    000043e9 [SR] Verify complete
2016-07-06 19:17:35, Info                  CSI    000043ea [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:17:35, Info                  CSI    000043eb [SR] Beginning Verify and Repair transaction
2016-07-06 19:17:46, Info                  CSI    0000445b [SR] Verify complete
2016-07-06 19:17:47, Info                  CSI    0000445c [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:17:47, Info                  CSI    0000445d [SR] Beginning Verify and Repair transaction
2016-07-06 19:17:57, Info                  CSI    000044e9 [SR] Verify complete
2016-07-06 19:17:57, Info                  CSI    000044ea [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:17:57, Info                  CSI    000044eb [SR] Beginning Verify and Repair transaction
2016-07-06 19:18:06, Info                  CSI    0000455c [SR] Verify complete
2016-07-06 19:18:06, Info                  CSI    0000455d [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:18:06, Info                  CSI    0000455e [SR] Beginning Verify and Repair transaction
2016-07-06 19:18:16, Info                  CSI    000045d0 [SR] Verify complete
2016-07-06 19:18:16, Info                  CSI    000045d1 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:18:16, Info                  CSI    000045d2 [SR] Beginning Verify and Repair transaction
2016-07-06 19:18:29, Info                  CSI    00004653 [SR] Verify complete
2016-07-06 19:18:29, Info                  CSI    00004654 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:18:29, Info                  CSI    00004655 [SR] Beginning Verify and Repair transaction
2016-07-06 19:18:40, Info                  CSI    000046d0 [SR] Verify complete
2016-07-06 19:18:40, Info                  CSI    000046d1 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:18:40, Info                  CSI    000046d2 [SR] Beginning Verify and Repair transaction
2016-07-06 19:18:51, Info                  CSI    0000474d [SR] Verify complete
2016-07-06 19:18:51, Info                  CSI    0000474e [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:18:51, Info                  CSI    0000474f [SR] Beginning Verify and Repair transaction
2016-07-06 19:19:01, Info                  CSI    000047c1 [SR] Verify complete
2016-07-06 19:19:01, Info                  CSI    000047c2 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:19:01, Info                  CSI    000047c3 [SR] Beginning Verify and Repair transaction
2016-07-06 19:19:17, Info                  CSI    000048b3 [SR] Verify complete
2016-07-06 19:19:17, Info                  CSI    000048b4 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:19:17, Info                  CSI    000048b5 [SR] Beginning Verify and Repair transaction
2016-07-06 19:19:27, Info                  CSI    0000495c [SR] Verify complete
2016-07-06 19:19:28, Info                  CSI    0000495d [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:19:28, Info                  CSI    0000495e [SR] Beginning Verify and Repair transaction
2016-07-06 19:19:37, Info                  CSI    000049c3 [SR] Verify complete
2016-07-06 19:19:37, Info                  CSI    000049c4 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:19:37, Info                  CSI    000049c5 [SR] Beginning Verify and Repair transaction
2016-07-06 19:19:46, Info                  CSI    00004a2c [SR] Verify complete
2016-07-06 19:19:46, Info                  CSI    00004a2d [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:19:46, Info                  CSI    00004a2e [SR] Beginning Verify and Repair transaction
2016-07-06 19:19:57, Info                  CSI    00004aaf [SR] Verify complete
2016-07-06 19:19:57, Info                  CSI    00004ab0 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:19:57, Info                  CSI    00004ab1 [SR] Beginning Verify and Repair transaction
2016-07-06 19:20:07, Info                  CSI    00004b38 [SR] Verify complete
2016-07-06 19:20:07, Info                  CSI    00004b39 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:20:07, Info                  CSI    00004b3a [SR] Beginning Verify and Repair transaction
2016-07-06 19:20:17, Info                  CSI    00004ba9 [SR] Verify complete
2016-07-06 19:20:17, Info                  CSI    00004baa [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:20:17, Info                  CSI    00004bab [SR] Beginning Verify and Repair transaction
2016-07-06 19:20:27, Info                  CSI    00004c1b [SR] Verify complete
2016-07-06 19:20:27, Info                  CSI    00004c1c [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:20:27, Info                  CSI    00004c1d [SR] Beginning Verify and Repair transaction
2016-07-06 19:20:36, Info                  CSI    00004c83 [SR] Verify complete
2016-07-06 19:20:36, Info                  CSI    00004c84 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:20:36, Info                  CSI    00004c85 [SR] Beginning Verify and Repair transaction
2016-07-06 19:20:49, Info                  CSI    00004d26 [SR] Verify complete
2016-07-06 19:20:49, Info                  CSI    00004d27 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:20:49, Info                  CSI    00004d28 [SR] Beginning Verify and Repair transaction
2016-07-06 19:20:59, Info                  CSI    00004da1 [SR] Verify complete
2016-07-06 19:20:59, Info                  CSI    00004da2 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:20:59, Info                  CSI    00004da3 [SR] Beginning Verify and Repair transaction
2016-07-06 19:21:08, Info                  CSI    00004e0d [SR] Verify complete
2016-07-06 19:21:08, Info                  CSI    00004e0e [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:21:08, Info                  CSI    00004e0f [SR] Beginning Verify and Repair transaction
2016-07-06 19:21:19, Info                  CSI    00004e82 [SR] Verify complete
2016-07-06 19:21:19, Info                  CSI    00004e83 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:21:19, Info                  CSI    00004e84 [SR] Beginning Verify and Repair transaction
2016-07-06 19:21:28, Info                  CSI    00004ef5 [SR] Verify complete
2016-07-06 19:21:28, Info                  CSI    00004ef6 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:21:28, Info                  CSI    00004ef7 [SR] Beginning Verify and Repair transaction
2016-07-06 19:21:37, Info                  CSI    00004f5d [SR] Verify complete
2016-07-06 19:21:38, Info                  CSI    00004f5e [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:21:38, Info                  CSI    00004f5f [SR] Beginning Verify and Repair transaction
2016-07-06 19:21:47, Info                  CSI    00004fc8 [SR] Verify complete
2016-07-06 19:21:47, Info                  CSI    00004fc9 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:21:47, Info                  CSI    00004fca [SR] Beginning Verify and Repair transaction
2016-07-06 19:21:57, Info                  CSI    0000505f [SR] Verify complete
2016-07-06 19:21:57, Info                  CSI    00005060 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:21:57, Info                  CSI    00005061 [SR] Beginning Verify and Repair transaction
2016-07-06 19:22:06, Info                  CSI    000050c7 [SR] Verify complete
2016-07-06 19:22:06, Info                  CSI    000050c8 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:22:06, Info                  CSI    000050c9 [SR] Beginning Verify and Repair transaction
2016-07-06 19:22:15, Info                  CSI    00005131 [SR] Verify complete
2016-07-06 19:22:15, Info                  CSI    00005132 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:22:15, Info                  CSI    00005133 [SR] Beginning Verify and Repair transaction
2016-07-06 19:22:23, Info                  CSI    0000519c [SR] Verify complete
2016-07-06 19:22:23, Info                  CSI    0000519d [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:22:23, Info                  CSI    0000519e [SR] Beginning Verify and Repair transaction
2016-07-06 19:22:33, Info                  CSI    0000520b [SR] Verify complete
2016-07-06 19:22:33, Info                  CSI    0000520c [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:22:33, Info                  CSI    0000520d [SR] Beginning Verify and Repair transaction
2016-07-06 19:22:41, Info                  CSI    00005276 [SR] Verify complete
2016-07-06 19:22:42, Info                  CSI    00005277 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:22:42, Info                  CSI    00005278 [SR] Beginning Verify and Repair transaction
2016-07-06 19:22:51, Info                  CSI    000052de [SR] Verify complete
2016-07-06 19:22:51, Info                  CSI    000052df [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:22:51, Info                  CSI    000052e0 [SR] Beginning Verify and Repair transaction
2016-07-06 19:22:59, Info                  CSI    00005348 [SR] Verify complete
2016-07-06 19:22:59, Info                  CSI    00005349 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:22:59, Info                  CSI    0000534a [SR] Beginning Verify and Repair transaction
2016-07-06 19:23:09, Info                  CSI    000053b2 [SR] Verify complete
2016-07-06 19:23:09, Info                  CSI    000053b3 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:23:09, Info                  CSI    000053b4 [SR] Beginning Verify and Repair transaction
2016-07-06 19:23:19, Info                  CSI    0000542a [SR] Verify complete
2016-07-06 19:23:19, Info                  CSI    0000542b [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:23:19, Info                  CSI    0000542c [SR] Beginning Verify and Repair transaction
2016-07-06 19:23:28, Info                  CSI    00005491 [SR] Verify complete
2016-07-06 19:23:28, Info                  CSI    00005492 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:23:28, Info                  CSI    00005493 [SR] Beginning Verify and Repair transaction
2016-07-06 19:23:39, Info                  CSI    000054f9 [SR] Verify complete
2016-07-06 19:23:39, Info                  CSI    000054fa [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:23:39, Info                  CSI    000054fb [SR] Beginning Verify and Repair transaction
2016-07-06 19:23:48, Info                  CSI    00005560 [SR] Verify complete
2016-07-06 19:23:48, Info                  CSI    00005561 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:23:48, Info                  CSI    00005562 [SR] Beginning Verify and Repair transaction
2016-07-06 19:23:58, Info                  CSI    000055c7 [SR] Verify complete
2016-07-06 19:23:58, Info                  CSI    000055c8 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:23:58, Info                  CSI    000055c9 [SR] Beginning Verify and Repair transaction
2016-07-06 19:24:06, Info                  CSI    0000562f [SR] Verify complete
2016-07-06 19:24:07, Info                  CSI    00005630 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:24:07, Info                  CSI    00005631 [SR] Beginning Verify and Repair transaction
2016-07-06 19:24:14, Info                  CSI    00005696 [SR] Verify complete
2016-07-06 19:24:14, Info                  CSI    00005697 [SR] Verifying 100 (0x0000000000000064) components
2016-07-06 19:24:14, Info                  CSI    00005698 [SR] Beginning Verify and Repair transaction
2016-07-06 19:24:25, Info                  CSI    000056fe [SR] Verify complete
2016-07-06 19:24:25, Info                  CSI    000056ff [SR] Verifying 53 (0x0000000000000035) components
2016-07-06 19:24:25, Info                  CSI    00005700 [SR] Beginning Verify and Repair transaction
2016-07-06 19:24:30, Info                  CSI    00005736 [SR] Verify complete
2016-07-06 19:24:30, Info                  CSI    00005737 [SR] Repairing 0 components
2016-07-06 19:24:30, Info                  CSI    00005738 [SR] Beginning Verify and Repair transaction
2016-07-06 19:24:30, Info                  CSI    00005739 [SR] Repair complete
 

 


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP

Is it still complaining about F: & G: ?

 

Perhaps you can go into msconfig and under Services uncheck

 
ManyCam;
mcaudrv_simple; 
NetcamStudioSvc64
 
then OK and reboot.
 
Any change.

  • 0






Similar Topics


Also tagged with one or more of these keywords: external drive, pop up, explorer.exe

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP