Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015 Ran by Rajinikanth (2015-11-12 16:13:18) Run:9 Running from C:\Users\Rajinikanth\Desktop Loaded Profiles: Rajinikanth (Available Profiles: Rajinikanth & Deploy) Boot Mode: Normal ============================================== fixlist content: ***************** CMD: dir C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} CMD: reg query "HKLM\SOFTWARE\Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32" /s HKLM\...\Run: [igfxEM_64] => "C:\PROGRA~3\igfxEM_64.exe" HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.) HKU\S-1-5-21-1873260180-584723267-4080468776-1000\...\Run: [uTorrent] => C:\Users\Rajinikanth\AppData\Roaming\uTorrent\uTorrent.exe [1822048 2015-10-13] (BitTorrent Inc.) HKU\S-1-5-21-1873260180-584723267-4080468776-1000\...\Run: [DAEMON Tools Lite Automount] => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1873260180-584723267-4080468776-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll => No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.2.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [No File] FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.2.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [No File] FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [No File] FF HKLM-x32\...\Firefox\Extensions: [{B1FC07E1-E05B-4567-8891-E63FBE545BA8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found CHR Extension: (Docs) - C:\Users\Rajinikanth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-12] CHR Extension: (Google Drive) - C:\Users\Rajinikanth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-12] CHR Extension: (Gmail) - C:\Users\Rajinikanth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-12] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-08-09] () S3 Disc Soft Lite Bus Service; "C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe" [X] R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-06-20] (Disc Soft Ltd) S3 catchme; \??\C:\george2093g\catchme.sys [X] 2015-10-23 20:11 - 2015-10-23 20:12 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} C:\Users\All Users\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} Task: {131FA374-1CEC-40CA-A49E-89C0612A702A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1873260180-584723267-4080468776-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09] (RealNetworks, Inc.) Task: {4A84841C-490E-4949-BABE-B28D79525EFB} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1873260180-584723267-4080468776-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2012-08-09] (RealNetworks, Inc.) Task: {F34F305F-7A71-4235-BD3B-996F13715D26} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1873260180-584723267-4080468776-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09] (RealNetworks, Inc.) ***************** ========= dir C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} ========= Volume in drive C has no label. Volume Serial Number is 84D1-371E Directory of C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} 10/23/2015 08:12 PM 318,464 vfnws.dll 1 File(s) 318,464 bytes 0 Dir(s) 67,858,948,096 bytes free ========= End of CMD: ========= ========= reg query "HKLM\SOFTWARE\Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32" /s ========= ERROR: The system was unable to find the specified registry key or value. ========= End of CMD: ========= HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\igfxEM_64 => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AVG_UI => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AllShareAgent => value removed successfully HKU\S-1-5-21-1873260180-584723267-4080468776-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value removed successfully HKU\S-1-5-21-1873260180-584723267-4080468776-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite Automount => value removed successfully "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully "HKU\S-1-5-21-1873260180-584723267-4080468776-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}" => key removed successfully "HKCR\Wow6432Node\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}" => key removed successfully "HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}" => key removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.2.0" => key removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.2.0" => key removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@realnetworks.com/npdlplugin;version=1" => key removed successfully HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{B1FC07E1-E05B-4567-8891-E63FBE545BA8} => value removed successfully C:\Users\Rajinikanth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake => moved successfully C:\Users\Rajinikanth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf => moved successfully C:\Users\Rajinikanth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia => moved successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji" => key removed successfully AVGIDSAgent => service removed successfully avgwd => service removed successfully RealNetworks Downloader Resolver Service => Service stopped successfully. RealNetworks Downloader Resolver Service => service removed successfully Disc Soft Lite Bus Service => service removed successfully Avgdiska => Unable to stop service. Avgdiska => service removed successfully AVGIDSDriver => Unable to stop service. AVGIDSDriver => service removed successfully AVGIDSHA => Unable to stop service. AVGIDSHA => service removed successfully Avgldx64 => Unable to stop service. Avgldx64 => service removed successfully Avgloga => Unable to stop service. Avgloga => service removed successfully Avgmfx64 => Unable to stop service. Avgmfx64 => service removed successfully Avgrkx64 => Unable to stop service. Avgrkx64 => service removed successfully Avgtdia => Unable to stop service. Avgtdia => service removed successfully dtlitescsibus => Unable to stop service. dtlitescsibus => service removed successfully catchme => service removed successfully C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => moved successfully "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" => not found. "C:\Users\All Users\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" => not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{131FA374-1CEC-40CA-A49E-89C0612A702A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{131FA374-1CEC-40CA-A49E-89C0612A702A}" => key removed successfully C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1873260180-584723267-4080468776-1000 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1873260180-584723267-4080468776-1000" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A84841C-490E-4949-BABE-B28D79525EFB}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A84841C-490E-4949-BABE-B28D79525EFB}" => key removed successfully C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1873260180-584723267-4080468776-1000 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderDownloaderScheduledTaskS-1-5-21-1873260180-584723267-4080468776-1000" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F34F305F-7A71-4235-BD3B-996F13715D26}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F34F305F-7A71-4235-BD3B-996F13715D26}" => key removed successfully C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1873260180-584723267-4080468776-1000 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1873260180-584723267-4080468776-1000" => key removed successfully The system needed a reboot. ==== End of Fixlog 16:14:04 ====