Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Software restriction policy


  • This topic is locked This topic is locked
5 replies to this topic

#1 gpattabhi

gpattabhi

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 06 January 2016 - 08:48 AM

Folks

We have this problem. I get a message

"Windows cannot open the program because of software restriction policy." when i try to run Avast.

 

Below please find the logs in FRST.txt and Addition.txt. Request kind souls here for some help.

Thanks much for your time

ganesh

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-12-2015
Ran by Administrator (administrator) on SHIRS-HS-OFF (06-01-2016 19:03:19)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Atheros) C:\WINDOWS\system32\acs.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Tavultesoft) C:\Program Files\Tavultesoft\Keyman-thamizha\keyman.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgmfapx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [jswtrayutil] => "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguix.exe [1139112 2015-12-08] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3855272 2015-12-09] (AVG Technologies CZ, s.r.o.)
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software:  C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software:  C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software:  C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-1960408961-1364589140-1644491937-500\...\Run: [Google Update] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-1960408961-1364589140-1644491937-500\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1960408961-1364589140-1644491937-500\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-1960408961-1364589140-1644491937-500\...\Run: [keyman.exe-thamizha] => C:\Program Files\Tavultesoft\Keyman-thamizha\keyman.exe [128464 2004-01-10] (Tavultesoft)
HKU\S-1-5-21-1960408961-1364589140-1644491937-500\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1960408961-1364589140-1644491937-500\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1960408961-1364589140-1644491937-500\...\MountPoints2: {0f70e546-576a-11e5-892a-100d7f3d582f} - E:\LaunchU3.exe -a
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> (None)
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-07-28] (AVAST Software)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3520 series (Network).lnk [2015-06-04]
BootExecute: autocheck autochk * sdnclean.exeaswBoot.exe /M:32510be3 /dir:"C:\Program Files\AVAST Software\Avast"C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{37FE325D-973B-4922-B919-B874C5662740}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{37FE325D-973B-4922-B919-B874C5662740}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1960408961-1364589140-1644491937-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1960408961-1364589140-1644491937-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-1960408961-1364589140-1644491937-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
URLSearchHook: HKU\S-1-5-21-1960408961-1364589140-1644491937-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1960408961-1364589140-1644491937-500 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1960408961-1364589140-1644491937-500 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a97n7tzi.default
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1960408961-1364589140-1644491937-500: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1960408961-1364589140-1644491937-500: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-13] (Google Inc.)
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a97n7tzi.default\searchplugins\yoursites123.xml [2015-12-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-08-22] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-28]
StartMenuInternet: Google Chrome.WIBPLAS3R5GDDHLHX25GHOLW7E - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1450754148&z=7a2f1275209dfacd7a23b4cg1z7wdefm2w8z6gaw9e&from=wpm07173&uid=ST3250820AV_9QE7N0MWXXXX9QE7N0MW
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2012-01-12] (Microsoft Corporation)
R2 ACS; C:\WINDOWS\system32\acs.exe [495700 2009-02-20] (Atheros) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-28] (AVAST Software)
S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [615584 2015-12-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3857272 2015-12-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [866216 2015-12-08] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [579776 2015-12-09] (AVG Technologies CZ, s.r.o.)
S4 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-07-26] (Macrovision Europe Ltd.) [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [278528 2009-11-27] () [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1710944 2009-11-25] (Atheros Communications, Inc.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-28] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-28] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-28] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-28] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-11-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-28] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-28] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-28] ()
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [149936 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [243120 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [231344 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [193968 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [36784 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
R3 ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [1302332 2005-09-20] (Intel Corporation) [File not signed]
R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [13616 2012-01-12] (Marvell Semiconductor Inc.)
R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2012-01-12] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [13616 2012-01-12] (Marvell Semiconductor Inc.)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [16472 2011-09-02] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [11104 2011-09-02] ()
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2012-01-12] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-06 19:01 - 2016-01-06 19:03 - 00028034 _____ C:\Documents and Settings\Administrator\Desktop\Addition.txt
2016-01-06 18:54 - 2016-01-06 19:03 - 00017965 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2016-01-06 18:54 - 2016-01-06 19:03 - 00000000 ____D C:\FRST
2016-01-06 18:53 - 2016-01-06 18:53 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVG
2016-01-06 18:51 - 2016-01-06 18:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2016-01-06 18:51 - 2016-01-06 18:51 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2016-01-06 18:50 - 2016-01-06 18:51 - 00000000 ____D C:\WINDOWS\LastGood
2016-01-06 18:49 - 2016-01-06 18:49 - 00000000 ___HD C:\$AVG
2016-01-06 18:46 - 2016-01-06 18:46 - 01721856 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2016-01-06 18:33 - 2016-01-06 18:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2016-01-06 18:33 - 2016-01-06 18:33 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\MFAData
2016-01-06 18:30 - 2016-01-06 18:30 - 00000617 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
2016-01-06 18:30 - 2016-01-06 18:30 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG Zen
2016-01-06 18:18 - 2016-01-06 18:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2016-01-06 18:18 - 2016-01-06 18:46 - 00000000 ____D C:\Program Files\AVG
2016-01-06 17:09 - 2006-01-03 00:26 - 48537600 ____N (Dadar Garuda) C:\Documents and Settings\Administrator\trz2.tmp
2016-01-06 17:02 - 2016-01-06 17:05 - 00000000 ____D C:\AdwCleaner
2016-01-06 17:00 - 2016-01-06 17:00 - 00006096 __RSH C:\Documents and Settings\All Users\ntuser.pol
2016-01-06 16:58 - 2016-01-06 16:58 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-01-06 15:58 - 2016-01-06 15:58 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-01-06 15:23 - 2016-01-06 15:23 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-06 15:23 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Documents and Settings\All Users\Desktop\Post Win10 Spybot-install.exe
2016-01-06 15:11 - 2016-01-06 17:08 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2016-01-06 15:11 - 2016-01-06 15:11 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2016-01-06 15:11 - 2016-01-06 15:11 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2016-01-06 15:10 - 2016-01-06 16:33 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2016-01-06 15:10 - 2016-01-06 16:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2016-01-06 15:10 - 2016-01-06 15:23 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-01-06 15:10 - 2016-01-06 15:10 - 00001852 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-01-06 15:10 - 2016-01-06 15:10 - 00001846 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2016-01-06 15:10 - 2016-01-06 15:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2016-01-06 15:10 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2016-01-06 14:20 - 2016-01-06 14:58 - 00019185 _____ C:\Documents and Settings\Administrator\Desktop\lc.xlsx
2015-12-28 20:14 - 2006-01-04 20:09 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\ASL Sept  2015 recordings
2015-12-22 13:37 - 2015-12-22 13:37 - 00000000 ____H C:\Documents and Settings\Administrator\Desktop\~WRL0003.tmp
2015-12-22 09:57 - 2015-12-22 09:57 - 00012012 _____ C:\Documents and Settings\Administrator\My Documents\Baba Social.xlsx
2015-12-22 08:46 - 2015-12-22 08:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\nWdMn
2015-12-21 09:41 - 2006-01-03 22:12 - 43917312 ____H (Fileni) C:\Documents and Settings\Administrator\trz73.tmp
2015-12-18 10:44 - 2015-12-18 10:44 - 00000165 ____H C:\Documents and Settings\Administrator\Desktop\~$CHRISTIANS AND MUSLIM STUDENTS LIST.xlsx
2015-12-18 10:19 - 2015-12-18 10:19 - 00000165 ____H C:\Documents and Settings\Administrator\Desktop\~$VIII RC FRM SAIGEETHA MAM.xlsx
2015-12-18 10:05 - 2015-12-19 14:43 - 00000904 ____H C:\Documents and Settings\All Users\Application Data\@system.temp
2015-12-18 10:02 - 2015-12-21 09:42 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\BrowserMe
2015-12-18 10:02 - 2015-12-19 14:43 - 00000640 ____H C:\Documents and Settings\All Users\Application Data\@system3.att
2015-12-18 10:02 - 2015-12-18 10:02 - 00000480 ____H C:\Documents and Settings\Administrator\Application Data\½Ó
2015-12-18 10:02 - 2015-12-18 10:02 - 00000008 ____H C:\Documents and Settings\All Users\Application Data\@000001.dat
2015-12-16 10:39 - 2015-12-16 10:39 - 00002633 _____ C:\attendancepri.csv
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-06 19:09 - 2014-07-26 13:49 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-01-06 19:01 - 2014-07-26 18:46 - 00000000 ____D C:\WINDOWS
2016-01-06 18:55 - 2006-01-04 23:04 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg
2016-01-06 18:53 - 2014-07-26 13:59 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\TeraCopy
2016-01-06 18:51 - 2014-07-26 18:46 - 00000000 ___HD C:\WINDOWS\inf
2016-01-06 18:42 - 2014-08-02 14:44 - 00001010 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1364589140-1644491937-500UA.job
2016-01-06 18:30 - 2006-01-04 23:04 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\AvgSetupLog
2016-01-06 18:21 - 2014-07-26 18:44 - 00000685 _____ C:\WINDOWS\win.ini
2016-01-06 18:21 - 2014-07-26 18:44 - 00000203 ___SH C:\boot.ini
2016-01-06 18:21 - 2014-07-26 18:43 - 00000227 _____ C:\WINDOWS\system.ini
2016-01-06 17:09 - 2014-07-28 14:59 - 00000378 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-01-06 17:09 - 2014-07-26 13:49 - 00000000 ____D C:\Documents and Settings\Administrator
2016-01-06 17:08 - 2014-07-26 13:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-06 17:06 - 2014-07-26 13:49 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-01-06 17:06 - 2014-07-26 13:48 - 00032514 _____ C:\WINDOWS\SchedLgU.Txt
2016-01-06 17:05 - 2014-07-26 13:49 - 00000771 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2016-01-06 17:00 - 2014-07-26 19:05 - 00000000 ____D C:\Documents and Settings\All Users
2016-01-06 16:37 - 2006-01-04 22:23 - 00000001 _____ C:\WINDOWS\system32\us.html
2016-01-06 16:35 - 2014-07-26 13:48 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2016-01-06 16:33 - 2014-07-28 14:27 - 00524288 _____ C:\WINDOWS\system32\config\ACS.evt
2016-01-06 16:05 - 2014-07-26 13:43 - 00000000 ____D C:\WINDOWS\Registration
2016-01-06 15:59 - 2014-07-26 13:57 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\DRPSu
2016-01-06 15:55 - 2014-07-26 13:59 - 00000740 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-06 15:55 - 2014-07-26 13:59 - 00000734 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2016-01-06 15:22 - 2014-07-26 13:48 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-01-06 15:08 - 2014-07-26 19:09 - 00004425 _____ C:\WINDOWS\imsins.BAK
2016-01-06 15:08 - 2014-07-26 18:46 - 00000000 ____D C:\WINDOWS\Media
2016-01-06 10:11 - 2015-03-11 09:54 - 00000456 _____ C:\WINDOWS\Tasks\At1.job
2016-01-06 09:55 - 2015-03-11 09:55 - 00000456 _____ C:\WINDOWS\Tasks\At3.job
2016-01-06 08:20 - 2014-07-26 18:44 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-01-05 14:49 - 2014-07-26 13:49 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2016-01-05 14:01 - 2015-03-11 09:55 - 00000456 _____ C:\WINDOWS\Tasks\At4.job
2016-01-05 13:42 - 2014-08-02 14:44 - 00000958 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1364589140-1644491937-500Core.job
2015-12-31 13:07 - 2006-01-03 19:56 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\dESKTOP fILES
2015-12-31 09:04 - 2015-08-18 13:50 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\VII TO VIII ENTRANCE PAPER
2015-12-22 20:41 - 2015-03-11 09:55 - 00000456 _____ C:\WINDOWS\Tasks\At2.job
 
==================== Files in the root of some directories =======
 
2015-12-18 10:02 - 2015-12-18 10:02 - 0000480 ____H () C:\Documents and Settings\Administrator\Application Data\½Ó
2015-12-18 10:02 - 2015-12-18 10:02 - 0000008 ____H () C:\Documents and Settings\All Users\Application Data\@000001.dat
2015-12-18 10:05 - 2015-12-19 14:43 - 0000904 ____H () C:\Documents and Settings\All Users\Application Data\@system.temp
2015-12-18 10:02 - 2015-12-19 14:43 - 0000640 ____H () C:\Documents and Settings\All Users\Application Data\@system3.att
2015-03-11 09:54 - 2015-03-11 09:54 - 0000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini
 
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
 
 
Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\UninstallModule.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-12-2015
Ran by Administrator (2016-01-06 19:11:19)
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2014-07-26 08:18:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1960408961-1364589140-1644491937-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-1960408961-1364589140-1644491937-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1960408961-1364589140-1644491937-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1960408961-1364589140-1644491937-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Add or Remove Adobe Creative Suite 3 Master Collection (HKLM\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Flash Player 9 Plugin (HKLM\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies)
AVG (Version: 16.12.7303 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4489 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.12.7303 - AVG Technologies)
AVG Zen (Version: 1.31.9 - AVG Technologies) Hidden
Azhagi - Multilingual - BN1 (HKLM\...\{2E04530B-9BAB-4A06-8A87-0AF97A8F769C}) (Version: 1.0.3.40 - B.Viswanathan)
Azhagi - Multilingual - GU1 (HKLM\...\{7434AB51-3A13-4E02-A94F-687BEF01A233}) (Version: 1.0.3.40 - B.Viswanathan)
Azhagi - Multilingual - HI1 (HKLM\...\{11B0F0F7-5893-436E-A0E4-8ACEEC848678}) (Version: 1.0.3.40 - B.Viswanathan)
Azhagi - Multilingual - KN1 (HKLM\...\{D66A9676-EBA7-457A-8FF4-A1756445BAC0}) (Version: 1.0.3.40 - B.Viswanathan)
Azhagi - Multilingual - ML1 (HKLM\...\{49A0AF76-73BE-4CCB-BA0E-075DD13E17F7}) (Version: 1.0.3.40 - B.Viswanathan)
Azhagi - Multilingual - OR1 (HKLM\...\{3EA2EA6C-517B-46F5-B1DE-179724325B31}) (Version: 1.0.3.40 - B.Viswanathan)
Azhagi - Multilingual - PA1 (HKLM\...\{062F7893-FAAE-4309-A430-D752604BFD78}) (Version: 1.0.3.40 - B.Viswanathan)
Azhagi - Multilingual - TA1 (HKLM\...\{5F55EAFC-AFEA-459B-A2D9-96B1CAAD6B4B}) (Version: 1.0.3.40 - B.Viswanathan)
Azhagi - Multilingual - TE1 (HKLM\...\{F35674C5-C9E8-4D1E-A43F-CAE783F425A5}) (Version: 1.0.3.40 - B.Viswanathan)
Azhagi+ 10.23 (HKLM\...\Azhagi+_is1) (Version: 10.23 - B.Viswanathan)
Canon CanoScan Toolbox 4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version:  - )
CBSE-CCE2015 (HKLM\...\ST6UNST #1) (Version:  - )
FMW 1 (Version: 1.42.1 - AVG Technologies) Hidden
Google Chrome (HKU\S-1-5-21-1960408961-1364589140-1644491937-500\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
HP Deskjet 3520 series Basic Device Software (HKLM\...\{5C2ECF15-B7FF-4E0E-9D00-2000354BD9C2}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Help (HKLM\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Product Improvement Study (HKLM\...\{64A90D6D-E741-4BCD-935C-BB09F3AEBF98}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Itranslator 2003 Beta (HKLM\...\Itranslator 2003 Beta_is1) (Version:  - Omkarananda Ashram Himalayas)
Keyman Package - eKalappai20b (HKLM\...\Keyman Package eKalappai20) (Version:  - )
K-Lite Codec Pack 10.0.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.0.5 - )
Kural Tamil Software 5.0 (HKLM\...\Kural5.0) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B0-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Management Studio Express (HKLM\...\{A4512736-8D63-4298-9271-5329931FA46B}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 7.0 (HKLM\...\{DE59B901-18EA-4CB9-ADE4-291BF5C1E12E}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 43.0 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0 (x86 en-US)) (Version: 43.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.0.5820 - Mozilla)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
NETGEAR WNA1100 wireless USB 2.0 adapter (HKLM\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF Snipping Tool 3.3 (HKLM\...\PDF Snipping Tool_is1) (Version: 3.3 - Authorsoft)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Tavultesoft Keyman for ThamiZha! 6.0 (HKLM\...\Tavultesoft Keyman 6.0-thamizha) (Version:  - )
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
TeraCopy 2.12 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinRAR 4.01 beta 1 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.1 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1960408961-1364589140-1644491937-500_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1960408961-1364589140-1644491937-500_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.135\psu (the data entry has 18 more characters).
CustomCLSID: HKU\S-1-5-21-1960408961-1364589140-1644491937-500_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.25.5\psuse (the data entry has 16 more characters).
CustomCLSID: HKU\S-1-5-21-1960408961-1364589140-1644491937-500_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.27.5\psuse (the data entry has 16 more characters).
CustomCLSID: HKU\S-1-5-21-1960408961-1364589140-1644491937-500_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1960408961-1364589140-1644491937-500_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1960408961-1364589140-1644491937-500_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1960408961-1364589140-1644491937-500_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\47.0.2526.106\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1960408961-1364589140-1644491937-500_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.28.1\psuse (the data entry has 16 more characters).
CustomCLSID: HKU\S-1-5-21-1960408961-1364589140-1644491937-500_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.28.13\psus (the data entry has 17 more characters).
CustomCLSID: HKU\S-1-5-21-1960408961-1364589140-1644491937-500_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.24.15\psus (the data entry has 17 more characters).
CustomCLSID: HKU\S-1-5-21-1960408961-1364589140-1644491937-500_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1960408961-1364589140-1644491937-500_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.26.9\psuse (the data entry has 16 more characters).
CustomCLSID: HKU\S-1-5-21-1960408961-1364589140-1644491937-500_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1960408961-1364589140-1644491937-500_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1960408961-1364589140-1644491937-500_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.25.11\psus (the data entry has 17 more characters).
CustomCLSID: HKU\S-1-5-21-1960408961-1364589140-1644491937-500_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.28.15\psus (the data entry has 17 more characters).
CustomCLSID: HKU\S-1-5-21-1960408961-1364589140-1644491937-500_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1960408961-1364589140-1644491937-500_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1364589140-1644491937-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1364589140-1644491937-500UA.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-07-28 14:59 - 2014-07-28 14:59 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2016-01-06 16:38 - 2016-01-06 16:38 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\16010600\algo.dll
2014-07-26 14:37 - 2012-09-18 15:26 - 00169472 _____ () C:\WINDOWS\system32\zlhp1020.dll
2014-07-26 14:37 - 2012-09-18 15:26 - 00059904 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\pphp1020.dll
2016-01-06 15:10 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-01-06 15:10 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-01-06 15:10 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-01-06 15:10 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-01-06 15:10 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-07-26 18:43 - 2012-01-12 19:34 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2014-07-28 14:26 - 2009-11-27 12:04 - 00278528 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
2014-07-28 14:26 - 2009-11-20 14:22 - 00212992 _____ () C:\Program Files\NETGEAR\WNA1100\WifiLib.dll
2014-07-26 13:59 - 2009-06-21 23:26 - 00305664 _____ () C:\Program Files\TeraCopy\TeraCopyExt.dll
2014-07-26 13:58 - 2011-05-23 18:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2014-07-26 13:59 - 2009-07-13 20:50 - 00325120 _____ () C:\Program Files\TeraCopy\TeraCopy.dll
2014-07-26 18:43 - 2008-04-14 16:30 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2016-01-06 18:18 - 2016-01-06 17:28 - 40500224 _____ () C:\Program Files\AVG\UiDll\2171\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\Administrator\Local Settings:init
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-07-26 18:43 - 2008-04-14 16:30 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1960408961-1364589140-1644491937-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Bliss.bmp
DNS Servers: 8.8.8.8 - 8.8.4.4
sharedaccess => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WNA1100 Smart Wizard.lnk => C:\WINDOWS\pss\NETGEAR WNA1100 Smart Wizard.lnkCommon Startup
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
DomainProfile\AuthorizedApplications: [C:\PROGRA~1\eScan\ESCANPRO.EXE] => Enabled:eScan Administration Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour
StandardProfile\AuthorizedApplications: [C:\PROGRA~1\eScan\ESCANPRO.EXE] => Enabled:eScan Administration Service
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\Version9\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP Deskjet 3520 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe] => :LocalSubNet:Enabled:HP Network Communicator (HP Deskjet 3520 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe] => :LocalSubNet:Enabled:HP Network Communicator COM (HP Deskjet 3520 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\Max Driver Updater\maxdu.exe] => Enabled:MaxDriverUpdater
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
==================== Restore Points =========================
 
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/06/2016 06:56:02 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (01/06/2016 06:55:58 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (01/06/2016 06:39:12 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (01/06/2016 06:39:12 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (01/06/2016 05:15:11 PM) (Source: Ci) (EventID: 4126) (User: )
Description: Cleaning up corrupt content index metadata on d:\system volume information\catalog.wci. Index will
 be automatically restored by refiltering all documents.
 
Error: (01/06/2016 05:15:11 PM) (Source: Ci) (EventID: 4124) (User: )
Description: Content index on d:\system volume information\catalog.wci is corrupt. Please shutdown and restart
the Indexing Service (cisvc).
 
Error: (01/06/2016 05:08:41 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (01/06/2016 05:08:41 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (01/06/2016 05:08:07 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (01/06/2016 05:08:07 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
 
System errors:
=============
Error: (01/06/2016 06:33:21 PM) (Source: DCOM) (EventID: 10005) (User: SHIRS-HS-OFF)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (01/06/2016 06:32:58 PM) (Source: DCOM) (EventID: 10005) (User: SHIRS-HS-OFF)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (01/06/2016 06:21:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (01/06/2016 05:09:22 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (01/06/2016 05:09:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Restore Service service terminated with the following error: 
%%2
 
Error: (01/06/2016 05:09:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Restore Filter Driver service failed to start due to the following error: 
%%3
 
Error: (01/06/2016 05:09:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
sr
 
Error: (01/06/2016 05:09:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: 
%%1053
 
Error: (01/06/2016 05:09:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
 
Error: (01/06/2016 05:08:57 PM) (Source: SRService) (EventID: 104) (User: )
Description: The System Restore initialization process failed.
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® 4 CPU 2.80GHz
Percentage of memory in use: 58%
Total physical RAM: 2045.98 MB
Available physical RAM: 847.35 MB
Total Virtual: 3942.41 MB
Available Virtual: 2671.05 MB
 
==================== Drives ================================
 
Drive c: (Windows XP) (Fixed) (Total:60.55 GB) (Free:34.78 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (SushilHari) (Fixed) (Total:61.86 GB) (Free:59.55 GB) NTFS
Drive e: (CBSE ) (Fixed) (Total:60.28 GB) (Free:60.14 GB) NTFS
Drive f: (General Office) (Fixed) (Total:50.2 GB) (Free:50.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 3D483D47)
Partition 1: (Active) - (Size=60.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=172.3 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================

Edited by Queen-Evie, 06 January 2016 - 10:23 AM.
moved from Windows XP to Malware Removal Logs. FRST logs are allowed only in MRL forum.


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 22,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 06 January 2016 - 09:48 AM

I believe your computer may be infected but open the Group Policy Editor and remove the Software Restrictions. It looks like IE is also restricted. Are you running two AV's? Because AVG still looks to be active on the computer.

 

cc510322.fig2_L(en-us).gif



#3 gpattabhi

gpattabhi
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 06 January 2016 - 11:55 AM

Thanks John. Will check it out and update.
Avast though exists, does not run because of the issue. Hence decided to install AVG.

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:09 AM

Posted 08 January 2016 - 03:26 PM

Hello 

gpattabhi

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   3.18KB   4 downloads

 

 

 

 

Let me know how the machine is running after this fix. You will need to get rid of either AVG or AVAST.


Edited by fireman4it, 08 January 2016 - 04:44 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:09 AM

Posted 10 January 2016 - 05:06 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:09 AM

Posted 13 January 2016 - 02:26 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users