Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cannot start windows defender


  • Please log in to reply
1 reply to this topic

#1 samafi

samafi

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 18 August 2016 - 10:46 AM

i cannot start windows defender. it shows error  error 0x80070424.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-08-2016
Ran by Inspiron (administrator) on DELL (18-08-2016 18:23:07)
Running from C:\Users\Inspiron\Downloads
Loaded Profiles: Inspiron (Available Profiles: Inspiron)
Platform: Windows 8 Pro (X64) Language: English (United Kingdom)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Realtek) C:\Program Files (x86)\Realtek\Wireless LAN Utility\RtlService.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VoipDiscount) C:\Program Files (x86)\VoipDiscount.com\VoipDiscount\voipdiscount.exe
() C:\Program Files (x86)\Nimbuzz\Nimbuzz.exe
(© 2015 Microsoft Corporation) C:\Users\Inspiron\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(BitTorrent Inc.) C:\Users\Inspiron\AppData\Roaming\BitTorrent\BitTorrent.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZUpdateNotifier.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(BitTorrent Inc.) C:\Users\Inspiron\AppData\Roaming\BitTorrent\updates\7.9.8_42450\utorrentie.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(BitTorrent Inc.) C:\Users\Inspiron\AppData\Roaming\BitTorrent\updates\7.9.8_42450\utorrentie.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpUXSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [286272 2015-07-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [957976 2016-04-26] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [714992 2016-07-05] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1623263002-501616925-659852261-1001\...\Run: [VoipDiscount] => C:\Program Files (x86)\VoipDiscount.com\VoipDiscount\voipdiscount.exe [23057512 2015-02-14] (VoipDiscount)
HKU\S-1-5-21-1623263002-501616925-659852261-1001\...\Run: [Facebook Update] => C:\Users\Inspiron\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-13] (Facebook Inc.)
HKU\S-1-5-21-1623263002-501616925-659852261-1001\...\Run: [Nimbuzz] => C:\Program Files (x86)\Nimbuzz\Nimbuzz.exe [12784640 2013-04-06] ()
HKU\S-1-5-21-1623263002-501616925-659852261-1001\...\Run: [BingSvc] => C:\Users\Inspiron\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-11] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1623263002-501616925-659852261-1001\...\Run: [Google Update] => C:\Users\Inspiron\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-05-21] (Google Inc.)
HKU\S-1-5-21-1623263002-501616925-659852261-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1623263002-501616925-659852261-1001\...\Run: [BitTorrent] => C:\Users\Inspiron\AppData\Roaming\BitTorrent\BitTorrent.exe [2140680 2016-08-16] (BitTorrent Inc.)
HKU\S-1-5-21-1623263002-501616925-659852261-1001\...\CurrentVersion\Windows: [Load] C:\ProgramData\mspntovl.exe <===== ATTENTION
HKU\S-1-5-21-1623263002-501616925-659852261-1001\...\MountPoints2: {465c3ed8-c3ea-11e5-beca-c018857bbf0a} - "F:\Lenovo_Suite.exe" 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-07-02]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-07-06]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-07-02]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-07-02]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F.lnk [2016-05-27]
ShortcutTarget: F.lnk -> C:\Users\Inspiron\AppData\Roaming\iiJwS7ZGkA.exe (No File)
Startup: C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2016-06-22]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-01-11]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk [2016-08-11]
ShortcutTarget: zSpeedup.lnk -> C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{22C9235D-7634-4F9C-BC10-8C040B4E023F}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{C672C1EE-7589-494F-998C-7417FFA69DB3}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{FBA17ED3-3B0D-4DAE-9E3C-5C66A8A1217E}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130955042044742071&GUID=7F580D5E-2A8F-436D-B5B9-C59FF0D25379
HKU\S-1-5-21-1623263002-501616925-659852261-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uae.msn.com/?rd=1&ucc=QA&dcc=QA&opt=0
HKU\S-1-5-21-1623263002-501616925-659852261-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130955042044747298&GUID=7F580D5E-2A8F-436D-B5B9-C59FF0D25379
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={40287F67-BCB4-11E2-BE71-C018857BBF0A}
SearchScopes: HKU\S-1-5-21-1623263002-501616925-659852261-1001 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1623263002-501616925-659852261-1001 -> {59297D37-DC18-4CF9-940F-90C4D3036B87} URL = hxxp://www.youtube.com/results?search_query={searchTerms}
SearchScopes: HKU\S-1-5-21-1623263002-501616925-659852261-1001 -> {94978150-70BE-4604-B4AD-741799B102B8} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1779&systemid=406&v=a14976-230&apn_uid=4320678885604387&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1623263002-501616925-659852261-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1623263002-501616925-659852261-1001 -> {D881CA1E-BA44-4640-B943-DF2540200046} URL = hxxp://www.search.ask.com/web?tpid=RLTM-SP&o=APN11871&pf=V7&p2=^BZG^default1^YY^QA&gct=&itbv=12.29.0.212&apn_uid=D3B8943D-91A3-42F0-A433-3DEB8E792844&apn_ptnrs=BZG&apn_dtid=^default1^YY^QA&apn_dbr=cr_43.0.2357.130&doi=2015-07-06&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-1623263002-501616925-659852261-1001 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={40287F67-BCB4-11E2-BE71-C018857BBF0A}
BHO: Speed Test 127 -> {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} -> C:\Program Files (x86)\Speed Test 127\ScriptHost64.dll [2013-12-19] (BestOffers)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-06-17] (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_92\bin\ssv.dll [2016-06-30] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.) -> {d1dac034-9fd9-4c13-a388-d2e10e57707f} -> C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-06-30] (Oracle Corporation)
BHO-x32: Speed Test 127 -> {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} -> C:\Program Files (x86)\Speed Test 127\ScriptHost.dll [2013-12-19] (BestOffers)
BHO-x32: No Name -> {2977d8cc-8902-4340-be88-2c676bf96b8d} -> No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-06-17] (RealDownloader)
BHO-x32: No Name -> {377e5d4d-77e5-476a-8716-7e70a9272da0} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Movies Toolbar (Dist. by Bandoo Media, Inc.) -> {d1dac034-9fd9-4c13-a388-d2e10e57707f} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-29] (Oracle Corporation)
Toolbar: HKLM - Movies Toolbar (Dist. by Bandoo Media, Inc.) - {d1dac034-9fd9-4c13-a388-d2e10e57707f} - C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll No File
Toolbar: HKLM-x32 - No Name - {377e5d4d-77e5-476a-8716-7e70a9272da0} -  No File
Toolbar: HKLM-x32 - Movies Toolbar (Dist. by Bandoo Media, Inc.) - {d1dac034-9fd9-4c13-a388-d2e10e57707f} -  No File
Toolbar: HKLM-x32 - No Name - {2977d8cc-8902-4340-be88-2c676bf96b8d} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-06-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-06-30] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-16] (VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-07-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-07-06] (RealTimes)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1623263002-501616925-659852261-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Inspiron\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1623263002-501616925-659852261-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Inspiron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1623263002-501616925-659852261-1001: @talk.google.com/O1DPlugin -> C:\Users\Inspiron\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1623263002-501616925-659852261-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Inspiron\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-1623263002-501616925-659852261-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Inspiron\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Inspiron\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-03-29] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Inspiron\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Inspiron\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox => not found
FF HKU\S-1-5-21-1623263002-501616925-659852261-1001\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\Inspiron\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers
FF Extension: Free Games 111 - C:\Users\Inspiron\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers [2014-03-23] [not signed]
FF HKU\S-1-5-21-1623263002-501616925-659852261-1001\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\Inspiron\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
FF Extension: Speed Test 127 - C:\Users\Inspiron\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2014-03-23] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll => No File
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll => No File
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll => No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll => No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Inspiron\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealTimes)
CHR Profile: C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Search Manager) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi [2016-08-17]
CHR Extension: (Bing) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-12-16]
CHR Extension: (Elite Unzip) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea [2015-03-29]
CHR Extension: (Avira Browser Safety) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-08-04]
CHR Extension: (CrazyForCricket) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\iioincpjgkeodbfjcdfeadkmehpflcnk [2014-11-07]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2016-08-17]
CHR Extension: (BuyHatke) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaehkpjddfdgiiefcnhahapilbejohhj [2016-08-18]
CHR Extension: (TelevisionFanatic) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhfhkgkmljpbkafmkljgfmaokgcaiiee [2015-02-27]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-03-29]
CHR Extension: (eSpeedMusic Start) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\keemdfihodbfhnbkdncepofdplgpbobc [2016-06-23]
CHR Extension: (Skype) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-31]
CHR Extension: (BringMeSports) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\llkjooekcinmdmojmfdjhidbakfpepod [2015-02-27]
CHR Extension: (FromDocToPDF) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2016-06-24]
CHR Extension: (iLivid) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2014-09-29]
CHR Extension: (Media Tab) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngohkfkfnacodpjjdnebidjggjhaolnb [2016-07-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15]
CHR Extension: (Chrome Media Router) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
CHR Extension: (eSpeedMusic Search) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmhgccbbjcmlgoojajbkapfbbhbamkei [2016-06-23]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1623263002-501616925-659852261-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bbffdhejhaoiflnpooogkckfdcmmjppn] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jbajpeofkjjeiamcglnmldoboonfkiol] - C:\Program Files (x86)\Search Results Toolbar\Datamngr\chromeExtension.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Inspiron\AppData\Local\Torch\Plugins\TorchPlugin.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
CHR HKLM-x32\...\Chrome\Extension: [mkndcbhcgphcfkkddanakjiepeknbgle] - C:\Program Files (x86)\RelevantKnowledge\rlcm.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"93668ef3edc76521" => service could not be unlocked. <===== ATTENTION
 
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-30] (Atheros Commnucations)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-04-26] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [921112 2016-04-26] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-07-22] (Macrovision Europe Ltd.) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2015-06-17] ()
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115224 2015-07-06] (RealNetworks, Inc.)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 Visual Studio Analyzer RPC bridge; C:\Program Files (x86)\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation) [File not signed]
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
U4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1469952 2012-07-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 93668ef3edc76521; C:\Windows\System32\Drivers\93668ef3edc76521.sys [73688 2016-05-27] () <===== ATTENTION Necurs Rootkit?
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
S2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2016-04-06] (Bluestack System Inc. )
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [93936 2012-07-26] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [74752 2012-10-11] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [366080 2012-11-06] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [279552 2012-07-26] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [212992 2012-11-06] () [File not signed]
S3 MsBridge; C:\Windows\system32\DRIVERS\bridge.sys [129536 2012-07-26] () [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2012-07-26] ()
S3 msgpiowin32; C:\Windows\System32\drivers\msgpiowin32.sys [28392 2012-09-20] () [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8704 2012-07-26] () [File not signed]
S3 mshidumdf; C:\Windows\System32\drivers\mshidumdf.sys [10752 2012-07-26] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [17136 2012-07-26] () [File not signed]
S3 MSKSSRV; C:\Windows\system32\drivers\MSKSSRV.sys [11008 2012-07-26] () [File not signed]
R3 MsLldp; C:\Windows\system32\DRIVERS\mslldp.sys [68608 2012-07-26] () [File not signed]
S3 MSPCLOCK; C:\Windows\system32\drivers\MSPCLOCK.sys [7168 2012-07-26] () [File not signed]
S3 MSPQM; C:\Windows\system32\drivers\MSPQM.sys [6912 2012-07-26] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [390896 2012-07-26] ()
R1 mssmbios; C:\Windows\System32\drivers\mssmbios.sys [37616 2012-07-26] () [File not signed]
S3 MSTEE; C:\Windows\system32\drivers\MSTEE.sys [8192 2012-07-26] () [File not signed]
S3 MTConfig; C:\Windows\System32\drivers\MTConfig.sys [14848 2012-07-26] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [83696 2012-07-26] () [File not signed]
S0 mvumis; C:\Windows\System32\drivers\mvumis.sys [64240 2012-07-26] () [File not signed]
R2 NativeWifiP; C:\Windows\system32\DRIVERS\nwifi.sys [427520 2012-07-26] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [1001192 2012-10-11] () [File not signed]
S3 NdisCap; C:\Windows\system32\DRIVERS\ndiscap.sys [46592 2012-07-26] () [File not signed]
S3 NdisImPlatform; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2012-07-26] () [File not signed]
R3 NdisTapi; C:\Windows\system32\DRIVERS\ndistapi.sys [25088 2012-09-20] () [File not signed]
R3 Ndisuio; C:\Windows\system32\DRIVERS\ndisuio.sys [58880 2012-07-26] () [File not signed]
R3 NdisWan; C:\Windows\system32\DRIVERS\ndiswan.sys [174080 2012-07-26] () [File not signed]
S3 NDISWANLEGACY; C:\Windows\system32\DRIVERS\ndiswan.sys [174080 2012-07-26] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [60416 2012-09-20] ()
R2 Ndu; C:\Windows\System32\drivers\Ndu.sys [97792 2012-07-26] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [46080 2012-07-26] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [331776 2012-07-26] () [File not signed]
S0 nfrd960; C:\Windows\System32\drivers\nfrd960.sys [52464 2012-07-26] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [49152 2012-07-26] ()
R1 npsvctrig; C:\Windows\System32\drivers\npsvctrig.sys [23552 2012-07-26] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [34304 2012-07-26] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1934064 2012-07-26] ()
R1 Null; C:\Windows\System32\Drivers\Null.sys [5632 2012-07-26] () [File not signed]
S0 nvraid; C:\Windows\System32\drivers\nvraid.sys [150256 2012-07-26] () [File not signed]
S0 nvstor; C:\Windows\System32\drivers\nvstor.sys [168176 2012-07-26] () [File not signed]
S0 nv_agp; C:\Windows\System32\drivers\nv_agp.sys [125168 2012-07-26] () [File not signed]
S3 Parport; C:\Windows\System32\drivers\parport.sys [105984 2012-07-26] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [91888 2012-07-26] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [234224 2012-07-26] () [File not signed]
S0 pciide; C:\Windows\System32\drivers\pciide.sys [14064 2012-07-26] () [File not signed]
S0 pcmcia; C:\Windows\System32\drivers\pcmcia.sys [237808 2012-07-26] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [52464 2012-07-26] () [File not signed]
R0 pdc; C:\Windows\System32\drivers\pdc.sys [69864 2012-11-06] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [804864 2012-07-26] () [File not signed]
R3 PptpMiniport; C:\Windows\system32\DRIVERS\raspptp.sys [114176 2012-07-26] () [File not signed]
S3 Processor; C:\Windows\System32\drivers\processr.sys [87552 2012-11-06] () [File not signed]
R1 Psched; C:\Windows\system32\DRIVERS\pacer.sys [145408 2012-07-26] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2012-07-26] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [16384 2012-07-26] () [File not signed]
R3 RasAgileVpn; C:\Windows\system32\DRIVERS\AgileVpn.sys [68608 2012-07-26] () [File not signed]
R3 Rasl2tp; C:\Windows\system32\DRIVERS\rasl2tp.sys [124928 2012-07-26] () [File not signed]
R3 RasPppoe; C:\Windows\system32\DRIVERS\raspppoe.sys [81920 2012-07-26] () [File not signed]
R3 RasSstp; C:\Windows\system32\DRIVERS\rassstp.sys [92672 2012-07-26] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [423936 2012-07-26] () [File not signed]
R3 rdpbus; C:\Windows\System32\drivers\rdpbus.sys [22528 2012-07-26] () [File not signed]
R3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [179712 2012-07-26] () [File not signed]
R3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [27880 2012-10-12] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [208384 2012-07-26] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [217328 2012-07-26] () [File not signed]
R3 RFCOMM; C:\Windows\system32\DRIVERS\rfcomm.sys [156672 2012-07-26] () [File not signed]
R2 rspndr; C:\Windows\system32\DRIVERS\rspndr.sys [78848 2012-07-26] () [File not signed]
R3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [250984 2010-12-01] () [File not signed]
R3 RTL8168; C:\Windows\system32\DRIVERS\Rt630x64.sys [589824 2012-06-02] () [File not signed]
S3 RTL8187; C:\Windows\system32\DRIVERS\RTL8187.sys [448512 2010-01-07] () [File not signed]
S3 s3cap; C:\Windows\System32\drivers\vms3cap.sys [7168 2012-07-26] () [File not signed]
S0 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [107760 2012-07-26] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [36864 2012-07-26] () [File not signed]
S3 sdbus; C:\Windows\System32\drivers\sdbus.sys [194280 2012-11-06] () [File not signed]
S3 sdstor; C:\Windows\System32\drivers\sdstor.sys [56552 2012-10-11] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2012-07-26] ()
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] () [File not signed]
S3 SerCx; C:\Windows\System32\drivers\SerCx.sys [62976 2012-07-26] () [File not signed]
S3 Serenum; C:\Windows\System32\drivers\serenum.sys [23040 2012-07-26] () [File not signed]
S3 Serial; C:\Windows\System32\drivers\serial.sys [76800 2012-07-26] () [File not signed]
S3 sermouse; C:\Windows\System32\drivers\sermouse.sys [27136 2012-07-26] () [File not signed]
S3 sfloppy; C:\Windows\System32\drivers\sfloppy.sys [16896 2012-07-26] () [File not signed]
S0 SiSRaid2; C:\Windows\System32\drivers\SiSRaid2.sys [44784 2012-07-26] () [File not signed]
S0 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [81648 2012-07-26] () [File not signed]
R0 spaceport; C:\Windows\System32\drivers\spaceport.sys [283888 2012-07-26] () [File not signed]
S3 SpbCx; C:\Windows\System32\drivers\SpbCx.sys [59392 2012-07-26] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [416768 2012-07-26] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [618496 2012-10-12] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [248832 2012-07-26] () [File not signed]
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [214832 2015-12-08] () [File not signed]
S0 stexstor; C:\Windows\System32\drivers\stexstor.sys [30960 2012-07-26] () [File not signed]
S0 storahci; C:\Windows\System32\drivers\storahci.sys [77552 2012-07-26] () [File not signed]
S0 storflt; C:\Windows\System32\DRIVERS\vmstorfl.sys [45160 2012-07-26] () [File not signed]
S0 storvsc; C:\Windows\System32\drivers\storvsc.sys [37992 2012-07-26] () [File not signed]
S3 storvsp; C:\Windows\System32\drivers\storvsp.sys [67584 2012-07-26] () [File not signed]
R3 swenum; C:\Windows\System32\drivers\swenum.sys [13680 2012-07-26] () [File not signed]
R3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [31232 2011-12-15] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [2225896 2012-09-20] () [File not signed]
S3 TCPIP6; C:\Windows\system32\DRIVERS\tcpip.sys [2225896 2012-09-20] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45056 2012-07-26] () [File not signed]
R1 tdx; C:\Windows\system32\DRIVERS\tdx.sys [117248 2012-07-26] () [File not signed]
S3 terminpt; C:\Windows\System32\drivers\terminpt.sys [36592 2012-07-26] () [File not signed]
R3 TPM; C:\Windows\system32\drivers\tpm.sys [148712 2012-09-20] () [File not signed]
S0 uliagpkx; C:\Windows\System32\drivers\uliagpkx.sys [66800 2012-07-26] () [File not signed]
R3 umbus; C:\Windows\System32\drivers\umbus.sys [48128 2012-07-26] () [File not signed]
S3 UmPass; C:\Windows\System32\drivers\umpass.sys [11776 2012-07-26] () [File not signed]
R3 usbehci; C:\Windows\System32\drivers\usbehci.sys [79080 2012-09-20] () [File not signed]
R3 usbhub; C:\Windows\System32\drivers\usbhub.sys [496872 2012-09-20] () [File not signed]
R3 USBHUB3; C:\Windows\System32\drivers\UsbHub3.sys [445160 2012-11-06] () [File not signed]
S3 usbohci; C:\Windows\System32\drivers\usbohci.sys [27136 2012-11-20] () [File not signed]
S3 usbprint; C:\Windows\System32\drivers\usbprint.sys [25600 2012-07-26] () [File not signed]
R3 USBSTOR; C:\Windows\System32\drivers\USBSTOR.SYS [119024 2012-07-26] () [File not signed]
S3 usbuhci; C:\Windows\System32\drivers\usbuhci.sys [32256 2012-09-20] () [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [210304 2012-09-20] () [File not signed]
R3 USBXHCI; C:\Windows\System32\drivers\USBXHCI.SYS [337128 2012-09-20] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36080 2012-07-26] () [File not signed]
S3 vhdmp; C:\Windows\System32\drivers\vhdmp.sys [496368 2012-07-26] () [File not signed]
S0 viaide; C:\Windows\System32\drivers\viaide.sys [19184 2012-07-26] () [File not signed]
S3 Vid; C:\Windows\System32\drivers\Vid.sys [203776 2012-07-26] () [File not signed]
S0 vmbus; C:\Windows\System32\drivers\vmbus.sys [137832 2012-07-26] () [File not signed]
S3 VMBusHID; C:\Windows\System32\drivers\VMBusHID.sys [22144 2012-07-26] () [File not signed]
S3 vmbusr; C:\Windows\System32\drivers\vmbusr.sys [117248 2012-07-26] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [83184 2012-07-26] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [378608 2012-07-26] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [332016 2012-07-26] () [File not signed]
S3 vpci; C:\Windows\System32\drivers\vpci.sys [67824 2012-07-26] () [File not signed]
S3 vpcivsp; C:\Windows\System32\drivers\vpcivsp.sys [66048 2012-07-26] () [File not signed]
S0 vsmraid; C:\Windows\System32\drivers\vsmraid.sys [164080 2012-07-26] () [File not signed]
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S0 VSTXRAID; C:\Windows\System32\drivers\vstxraid.sys [322800 2012-07-26] () [File not signed]
R3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24064 2012-07-26] () [File not signed]
R1 vwififlt; C:\Windows\system32\DRIVERS\vwififlt.sys [64000 2012-07-26] () [File not signed]
R3 vwifimp; C:\Windows\system32\DRIVERS\vwifimp.sys [17920 2012-07-26] () [File not signed]
S3 WacomPen; C:\Windows\System32\drivers\wacompen.sys [27008 2012-07-26] () [File not signed]
S3 Wanarp; C:\Windows\system32\DRIVERS\wanarp.sys [83456 2012-09-20] () [File not signed]
R1 Wanarpv6; C:\Windows\system32\DRIVERS\wanarp.sys [83456 2012-09-20] () [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34216 2012-07-26] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [258288 2012-07-26] (Microsoft Corporation)
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [33520 2012-07-26] () [File not signed]
U5 93668ef3edc76521;  <===== ATTENTION: Locked Service
S1 F06DEFF2-5B9C-490D-910F-35D3A9119622; \??\C:\Program Files (x86)\Movies App\Datamngr\x64\setmgrc3.cfg [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-18 18:23 - 2016-08-18 18:23 - 00043060 _____ C:\Users\Inspiron\Downloads\FRST.txt
2016-08-18 18:22 - 2016-08-18 18:23 - 00000000 ____D C:\FRST
2016-08-18 18:21 - 2016-08-18 18:22 - 02394624 _____ (Farbar) C:\Users\Inspiron\Downloads\FRST64.exe
2016-08-18 18:18 - 2016-08-18 18:19 - 01744896 _____ (Farbar) C:\Users\Inspiron\Downloads\FRST.exe
2016-08-18 17:21 - 2016-08-18 17:21 - 00001365 _____ C:\Users\Inspiron\Downloads\Windefend (1).zip
2016-08-18 17:09 - 2016-08-18 17:10 - 05155328 _____ C:\Users\Inspiron\Downloads\WindowsDefender (1).msi
2016-08-18 17:03 - 2016-08-18 17:03 - 05154304 _____ C:\Users\Inspiron\Downloads\WindowsDefender.msi
2016-08-18 10:43 - 2016-07-14 20:14 - 00143611 _____ C:\Users\Inspiron\Desktop\^F16E9FB4DA6453E6B05E6B8DC39DE60F201C716824C1E743C1^pimgpsh_fullsize_distr.jpg
2016-08-16 20:09 - 2016-08-18 17:34 - 00000000 ____D C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Inpatient management
2016-08-16 20:08 - 2002-03-31 06:28 - 61373132 _____ C:\Users\Inspiron\Desktop\AVSEQ02.MP4
2016-08-11 11:52 - 2016-08-18 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2016-08-11 11:52 - 2016-08-11 11:52 - 00003438 _____ C:\Windows\System32\Tasks\Reimage Reminder
2016-08-11 11:52 - 2016-08-11 11:52 - 00001901 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2016-08-11 11:52 - 2016-08-11 11:52 - 00000000 ____D C:\Program Files\Reimage
2016-08-11 11:51 - 2016-08-18 17:36 - 00000000 ____D C:\rei
2016-08-11 11:49 - 2016-08-11 11:52 - 00000140 _____ C:\Windows\Reimage.ini
2016-08-11 11:49 - 2016-08-11 11:49 - 00603824 _____ (Reimage) C:\Users\Inspiron\Downloads\ReimageRepair.exe
2016-08-11 11:27 - 2016-08-18 17:34 - 00000000 ____D C:\Users\Inspiron\Downloads\Windefend
2016-08-11 11:26 - 2016-08-11 11:26 - 00001365 _____ C:\Users\Inspiron\Downloads\Windefend.zip
2016-08-11 10:50 - 2016-08-11 10:53 - 00000000 ____D C:\ae261a803fc06cc500dcc9ea0ef885
2016-08-11 10:43 - 2016-08-11 10:45 - 00000000 ____D C:\0e9f2daa3fe1e138e71815b72e05bc
2016-08-11 10:33 - 2016-08-18 17:43 - 00000000 ____D C:\Users\Inspiron\AppData\LocalLow\BitTorrent
2016-08-11 09:43 - 2016-08-11 09:46 - 00000000 ____D C:\bac7f5bb78bcb9fc899310
2016-08-11 09:39 - 2016-08-11 09:43 - 00000000 ____D C:\c71cc2b192ee004ad0843fa77b986786
2016-08-10 20:58 - 2016-08-10 21:46 - 200197411 _____ C:\Users\Inspiron\Downloads\[www.VDyoutube.com]-{Exquisite} Intricated Arabic Mehndi Design Step-by-Step.mp4
2016-08-10 18:04 - 2016-08-10 18:06 - 11766994 _____ C:\Users\Inspiron\Downloads\[www.VDyoutube.com]-Malayalam Speech, AMLP School Kottappuram Anniversary DHANYAM 113.mp4
2016-08-10 18:00 - 2016-08-10 18:03 - 00000000 ____D C:\dd523ea236d35f57b9a27140b053
2016-08-10 14:19 - 2016-08-10 15:32 - 416212071 _____ C:\Users\Inspiron\Downloads\[www.VDyoutube.com]-Modern Indian Dubai Arabic Mehndi Design 2016(Mehndiartistica).mp4
2016-08-10 12:38 - 2016-08-10 13:30 - 171952729 _____ C:\Users\Inspiron\Downloads\[www.VDyoutube.com]-Pakistani Indo Arabic Mehndi Design-Mehendi For Upper Side(Full Hand).mp4
2016-08-10 12:25 - 2016-08-10 13:35 - 276245440 _____ C:\Users\Inspiron\Downloads\[www.VDyoutube.com]-Indo Arabic Dubai Henna Mehndi Style(2016 Best Wedding Mehandi Design).mp4
2016-08-09 17:54 - 2016-08-09 18:17 - 00000000 ____D C:\Users\Inspiron\Desktop\New folder
2016-08-09 12:37 - 2016-08-09 12:39 - 00000000 ____D C:\1ff3ae72d3b1cbd6eb174ee6211608fe
2016-08-09 12:34 - 2016-08-09 12:37 - 00000000 ____D C:\4526086530ca405681061a325fac
2016-08-07 19:47 - 2016-08-07 19:49 - 00000000 ____D C:\17181bb5a0fbd0040cccdb83a7989bb8
2016-08-07 19:44 - 2016-08-07 19:47 - 00000000 ____D C:\5f97c497455392643bcdb1f66a57144b
2016-08-05 15:28 - 2016-08-05 15:31 - 00000000 ____D C:\02f54e4a52bd776ca09c74
2016-08-05 15:26 - 2016-08-05 15:28 - 00000000 ____D C:\d7f1a3e8a4ea6889f33364571849a8a8
2016-08-05 15:06 - 2016-08-05 15:06 - 00000000 ____D C:\Users\Inspiron\AppData\Local\Avira
2016-08-04 17:30 - 2016-08-04 17:30 - 00000000 ____D C:\Users\Inspiron\AppData\Roaming\Microsoft FxCop
2016-08-04 17:11 - 2016-08-04 17:11 - 00000000 ____D C:\Users\Inspiron\Desktop\Cavalier Transaction Management
2016-08-04 13:56 - 2016-08-04 14:01 - 00000000 ____D C:\cfd26eaca20f93a9c4e70c3aac40a3a4
2016-08-04 13:19 - 2016-08-04 13:20 - 04702544 _____ (Avira Operations GmbH & Co. KG) C:\Users\Inspiron\Downloads\avira_en_av_57a2fff981cd8__ws (1).exe
2016-08-04 11:46 - 2016-08-11 10:56 - 00000000 ____D C:\Program Files (x86)\Avira
2016-08-04 11:43 - 2016-08-04 11:45 - 04702544 _____ (Avira Operations GmbH & Co. KG) C:\Users\Inspiron\Downloads\avira_en_av_57a2fff981cd8__ws.exe
2016-08-03 21:13 - 2016-08-04 17:39 - 00000000 ____D C:\Users\Inspiron\Documents\Visual Studio 2012
2016-08-03 21:10 - 2016-08-03 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-08-03 21:08 - 2016-08-03 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK
2016-08-03 21:08 - 2016-08-03 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
2016-08-03 21:05 - 2016-08-03 21:05 - 00000000 ____D C:\ProgramData\Windows App Certification Kit
2016-08-03 21:05 - 2016-08-03 21:05 - 00000000 ____D C:\Program Files\Application Verifier
2016-08-03 21:05 - 2016-08-03 21:05 - 00000000 ____D C:\Program Files (x86)\Application Verifier
2016-08-03 21:04 - 2016-08-03 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2016-08-03 21:03 - 2016-08-03 21:03 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2016-08-03 21:03 - 2016-08-03 21:03 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-08-03 21:03 - 2016-08-03 21:03 - 00000000 ____D C:\Program Files\MSBuild
2016-08-03 21:01 - 2016-08-03 21:02 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-08-03 21:01 - 2016-08-03 21:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2016-08-03 21:00 - 2016-08-03 21:00 - 00002104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
2016-08-03 21:00 - 2016-08-03 21:00 - 00000000 ____D C:\Program Files\IIS Express
2016-08-03 21:00 - 2016-08-03 21:00 - 00000000 ____D C:\Program Files (x86)\IIS Express
2016-08-03 20:58 - 2016-08-03 20:58 - 00000000 ____D C:\Program Files (x86)\NuGet
2016-08-03 20:58 - 2016-08-03 20:58 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2016-08-03 20:57 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-08-03 20:56 - 2016-08-03 20:56 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-08-03 20:52 - 2016-08-03 20:52 - 00000000 ____D C:\Program Files (x86)\HTML Help Workshop
2016-08-03 20:51 - 2016-08-03 20:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2016-08-03 20:42 - 2016-08-03 20:55 - 00000000 ____D C:\Windows\SysWOW64\1033
2016-08-03 20:41 - 2016-08-03 21:06 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-08-03 20:41 - 2016-08-03 21:06 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-08-03 20:36 - 2016-08-03 21:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2016-08-03 20:36 - 2016-08-03 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
2016-08-03 20:36 - 2016-08-03 20:42 - 00000000 ____D C:\Windows\system32\1033
2016-08-03 20:36 - 2016-08-03 20:36 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 11.0
2016-08-03 20:34 - 2016-08-16 20:09 - 00000000 ____D C:\Users\Inspiron\AppData\Local\Deployment
2016-08-03 20:34 - 2016-08-03 20:34 - 00000000 ____D C:\Users\Inspiron\AppData\Local\Apps\2.0
2016-08-03 20:00 - 2016-08-03 20:00 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_SensorsSimulatorDriver_01_11_00.Wdf
2016-08-01 10:01 - 2016-08-01 12:17 - 00027301 _____ C:\Users\Inspiron\Desktop\districts-select-list.zip
2016-08-01 10:01 - 2016-08-01 10:01 - 00000000 ____D C:\Users\Inspiron\Desktop\districts-select-list
2016-07-26 13:19 - 2016-07-26 13:38 - 27712476 _____ C:\Users\Inspiron\Downloads\WhatsApp.apk
2016-07-22 19:37 - 2016-07-22 19:37 - 00003162 _____ C:\Windows\System32\Tasks\{712BE823-2A48-4B10-A158-456240FF8D5C}
2016-07-22 11:09 - 2016-08-18 17:36 - 00000000 ____D C:\ProgramData\FLEXnet
2016-07-22 10:56 - 2016-07-22 10:56 - 00000589 _____ C:\Users\Inspiron\Desktop\WampServer64.lnk
2016-07-22 10:56 - 2016-07-22 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WampServer
2016-07-22 10:53 - 2016-07-22 10:56 - 00000000 ____D C:\wamp
2016-07-22 09:55 - 2016-07-22 09:55 - 00001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS3.lnk
2016-07-22 09:54 - 2016-07-22 09:54 - 00001403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
2016-07-22 09:54 - 2016-07-22 09:54 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-07-22 09:53 - 2016-07-22 09:53 - 00001205 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS3.lnk
2016-07-22 09:52 - 2016-07-22 09:52 - 00001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
2016-07-22 09:51 - 2016-07-22 09:51 - 00001192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
2016-07-22 09:47 - 2016-07-22 09:47 - 00000000 ____D C:\Users\Inspiron\Documents\Downloaded Installations
2016-07-21 17:35 - 2016-07-21 17:35 - 00001170 _____ C:\Users\Public\Desktop\Free Video Cutter Joiner.lnk
2016-07-21 17:35 - 2016-07-21 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoMedia
2016-07-21 17:35 - 2016-07-21 17:35 - 00000000 ____D C:\Program Files\DVDVideoMedia
2016-07-21 17:31 - 2016-07-21 17:34 - 06427748 _____ (DVDVideoMedia, Inc. ) C:\Users\Inspiron\Downloads\freevideocutterjoiner (1).exe
2016-07-21 17:09 - 2016-07-21 17:11 - 04763176 _____ (globalpcworks.com ) C:\Users\Inspiron\Downloads\gpcwfhposcw.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-18 18:23 - 2015-12-25 10:36 - 00000000 ____D C:\Users\Inspiron\AppData\Roaming\BitTorrent
2016-08-18 18:16 - 2013-01-11 08:36 - 00000000 ____D C:\Users\Inspiron\AppData\Roaming\Skype
2016-08-18 18:14 - 2015-05-21 20:10 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1623263002-501616925-659852261-1001UA.job
2016-08-18 18:12 - 2013-01-13 21:07 - 00000950 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1623263002-501616925-659852261-1001UA.job
2016-08-18 18:01 - 2012-07-26 11:12 - 00000000 ____D C:\Windows\registration
2016-08-18 17:58 - 2013-04-13 13:06 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-18 17:48 - 2013-01-11 21:13 - 00000000 ____D C:\Users\Inspiron\AppData\Local\ElevatedDiagnostics
2016-08-18 17:42 - 2013-04-13 13:06 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-18 17:41 - 2012-07-26 10:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-18 17:40 - 2012-07-26 08:26 - 01048576 ___SH C:\Windows\system32\config\BBI
2016-08-18 17:39 - 2016-07-12 18:11 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-08-18 17:36 - 2016-05-29 21:07 - 00000000 ____D C:\ProgramData\BlueStacksGameManager
2016-08-18 17:36 - 2016-04-15 19:07 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-08-18 17:36 - 2015-07-06 19:48 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-18 17:34 - 2013-01-13 22:06 - 00000000 ____D C:\Users\Inspiron\AppData\Roaming\vlc
2016-08-18 17:33 - 2012-07-26 08:37 - 00000000 ____D C:\Windows\Inf
2016-08-18 12:08 - 2012-07-26 10:28 - 00853428 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-17 21:12 - 2013-01-13 21:07 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1623263002-501616925-659852261-1001Core.job
2016-08-16 19:04 - 2012-07-26 11:12 - 00000000 ____D C:\Windows\system32\NDF
2016-08-10 22:06 - 2016-06-17 16:02 - 00000000 ____D C:\Users\Inspiron\Documents\Youcam
2016-08-10 12:55 - 2012-12-23 03:41 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1623263002-501616925-659852261-1001
2016-08-09 17:56 - 2016-07-02 09:19 - 00000532 _____ C:\Windows\ODBC.INI
2016-08-09 13:11 - 2016-07-10 12:51 - 00003210 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1623263002-501616925-659852261-1001
2016-08-09 13:11 - 2015-10-03 16:31 - 00003338 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1623263002-501616925-659852261-1001
2016-08-09 13:07 - 2013-04-13 13:06 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-09 13:07 - 2013-04-13 13:06 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-08 11:27 - 2014-03-23 18:51 - 00000000 ____D C:\Program Files (x86)\Speed Test 127
2016-08-06 21:43 - 2016-07-15 14:53 - 00000000 ____D C:\Program Files\NetBeans 8.1
2016-08-06 21:43 - 2016-07-15 14:06 - 00000000 ____D C:\Users\Inspiron\.nbi
2016-08-06 21:42 - 2016-07-15 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans
2016-08-06 10:40 - 2016-07-12 17:46 - 00000000 ____D C:\ProgramData\AVAST Software
2016-08-05 15:03 - 2012-12-23 08:04 - 00427096 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-04 20:42 - 2016-07-03 12:30 - 00000000 ____D C:\Users\Inspiron\Desktop\Tally
2016-08-04 20:38 - 2012-07-26 11:12 - 00000000 ____D C:\Windows\rescache
2016-08-04 11:35 - 2016-07-02 13:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-08-03 21:10 - 2016-07-02 13:18 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-08-03 21:06 - 2016-07-02 13:26 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2016-08-03 21:06 - 2016-07-02 13:26 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-08-03 21:05 - 2012-07-26 11:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-03 21:00 - 2012-07-26 10:59 - 00000000 ____D C:\Windows\CbsTemp
2016-08-03 20:51 - 2012-12-24 11:40 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-08-03 20:35 - 2012-07-26 11:12 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-02 18:06 - 2013-05-14 20:09 - 00001368 _____ C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2016-07-31 21:38 - 2013-01-17 21:05 - 00000000 ____D C:\Users\Inspiron\AppData\Local\Adobe
2016-07-31 21:38 - 2012-12-23 03:36 - 00000000 ____D C:\Users\Inspiron\AppData\Roaming\Adobe
2016-07-29 10:53 - 2013-04-13 13:06 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-29 10:53 - 2013-04-13 13:06 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-29 07:14 - 2015-05-21 20:10 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1623263002-501616925-659852261-1001Core.job
2016-07-29 07:09 - 2015-05-21 20:10 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1623263002-501616925-659852261-1001UA
2016-07-29 07:09 - 2015-05-21 20:10 - 00003502 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1623263002-501616925-659852261-1001Core
2016-07-26 08:54 - 2016-05-27 07:07 - 00000000 ____D C:\Users\Inspiron\Desktop\prjct
2016-07-26 08:53 - 2016-07-15 15:20 - 00000000 ____D C:\Users\Inspiron\Desktop\db
2016-07-22 11:00 - 2016-07-13 09:31 - 00000000 ____D C:\bb154bb6a4008b87a2f6dbca
2016-07-22 11:00 - 2016-07-12 18:50 - 00000000 ____D C:\b247f85c1d9ab330bb813f
2016-07-22 09:54 - 2012-12-26 00:09 - 00000000 ____D C:\Program Files (x86)\Adobe
 
==================== Files in the root of some directories =======
 
2014-10-23 20:24 - 2014-10-23 20:24 - 6000640 _____ () C:\Program Files (x86)\GUT43AF.tmp
2014-11-15 19:46 - 2014-11-15 19:46 - 0000000 _____ () C:\Program Files (x86)\GUT8867.tmp
2014-06-18 20:02 - 2014-06-18 20:02 - 6010880 _____ () C:\Program Files (x86)\GUTFD3C.tmp
2010-09-22 02:00 - 2010-09-22 02:00 - 0002141 _____ () C:\Users\Inspiron\AppData\Roaming\CouponBoulle.b
2016-04-15 17:56 - 2016-04-15 17:56 - 0026960 _____ () C:\Users\Inspiron\AppData\Roaming\ICSW_0I0M0D1F2W1G1I1F1T1Q1P1CtJ1V0C1F1H1B1R1F1C1P.txt
1991-07-10 02:00 - 1991-07-10 02:00 - 0074841 _____ () C:\Users\Inspiron\AppData\Roaming\Midland.vhR
2012-12-26 11:11 - 2012-12-26 11:11 - 0000017 _____ () C:\Users\Inspiron\AppData\Local\resmon.resmoncfg
2012-07-26 05:06 - 2012-07-26 06:20 - 90855552 ___SH () C:\ProgramData\msjngmu.exe
2012-07-26 05:06 - 2012-07-26 06:20 - 100454016 ___SH () C:\ProgramData\mspntovl.exe
 
Files to move or delete:
====================
C:\ProgramData\msjngmu.exe
C:\ProgramData\mspntovl.exe
 
 
Some files in TEMP:
====================
C:\Users\Inspiron\AppData\Local\Temp\avgnt.exe
C:\Users\Inspiron\AppData\Local\Temp\cdo3935119952.dll
C:\Users\Inspiron\AppData\Local\Temp\ReimagePackage.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION
 
 
LastRegBack: 2016-08-04 20:21
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:59 PM

Posted 20 August 2016 - 09:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(© 2015 Microsoft Corporation) C:\Users\Inspiron\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(BitTorrent Inc.) C:\Users\Inspiron\AppData\Roaming\BitTorrent\updates\7.9.8_42450\utorrentie.exe
(BitTorrent Inc.) C:\Users\Inspiron\AppData\Roaming\BitTorrent\updates\7.9.8_42450\utorrentie.exe
HKU\S-1-5-21-1623263002-501616925-659852261-1001\...\Run: [BingSvc] => C:\Users\Inspiron\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-11] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1623263002-501616925-659852261-1001\...\CurrentVersion\Windows: [Load] C:\ProgramData\mspntovl.exe <===== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F.lnk [2016-05-27]
ShortcutTarget: F.lnk -> C:\Users\Inspiron\AppData\Roaming\iiJwS7ZGkA.exe (No File)
Startup: C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk [2016-08-11]
ShortcutTarget: zSpeedup.lnk -> C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (No File)
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={40287F67-BCB4-11E2-BE71-C018857BBF0A}
SearchScopes: HKU\S-1-5-21-1623263002-501616925-659852261-1001 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1623263002-501616925-659852261-1001 -> {94978150-70BE-4604-B4AD-741799B102B8} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1779&systemid=406&v=a14976-230&apn_uid=4320678885604387&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1623263002-501616925-659852261-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1623263002-501616925-659852261-1001 -> {D881CA1E-BA44-4640-B943-DF2540200046} URL = hxxp://www.search.ask.com/web?tpid=RLTM-SP&o=APN11871&pf=V7&p2=^BZG^default1^YY^QA&gct=&itbv=12.29.0.212&apn_uid=D3B8943D-91A3-42F0-A433-3DEB8E792844&apn_ptnrs=BZG&apn_dtid=^default1^YY^QA&apn_dbr=cr_43.0.2357.130&doi=2015-07-06&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-1623263002-501616925-659852261-1001 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={40287F67-BCB4-11E2-BE71-C018857BBF0A}
BHO: Speed Test 127 -> {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} -> C:\Program Files (x86)\Speed Test 127\ScriptHost64.dll [2013-12-19] (BestOffers)
BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.) -> {d1dac034-9fd9-4c13-a388-d2e10e57707f} -> C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll => No File
BHO-x32: Speed Test 127 -> {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} -> C:\Program Files (x86)\Speed Test 127\ScriptHost.dll [2013-12-19] (BestOffers)
BHO-x32: No Name -> {2977d8cc-8902-4340-be88-2c676bf96b8d} -> No File
BHO-x32: No Name -> {377e5d4d-77e5-476a-8716-7e70a9272da0} -> No File
BHO-x32: Movies Toolbar (Dist. by Bandoo Media, Inc.) -> {d1dac034-9fd9-4c13-a388-d2e10e57707f} -> No File
Toolbar: HKLM - Movies Toolbar (Dist. by Bandoo Media, Inc.) - {d1dac034-9fd9-4c13-a388-d2e10e57707f} - C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll No File
Toolbar: HKLM-x32 - No Name - {377e5d4d-77e5-476a-8716-7e70a9272da0} -  No File
Toolbar: HKLM-x32 - Movies Toolbar (Dist. by Bandoo Media, Inc.) - {d1dac034-9fd9-4c13-a388-d2e10e57707f} -  No File
Toolbar: HKLM-x32 - No Name - {2977d8cc-8902-4340-be88-2c676bf96b8d} -  No File
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox => not found
FF HKU\S-1-5-21-1623263002-501616925-659852261-1001\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\Inspiron\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers
FF Extension: Free Games 111 - C:\Users\Inspiron\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers [2014-03-23] [not signed]
FF HKU\S-1-5-21-1623263002-501616925-659852261-1001\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\Inspiron\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
FF Extension: Speed Test 127 - C:\Users\Inspiron\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2014-03-23] [not signed]
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll => No File
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll => No File
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll => No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll => No File
CHR Extension: (Search Manager) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi [2016-08-17]
CHR Extension: (Elite Unzip) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea [2015-03-29]
CHR Extension: (TelevisionFanatic) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhfhkgkmljpbkafmkljgfmaokgcaiiee [2015-02-27]
CHR Extension: (FromDocToPDF) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2016-06-24]
CHR Extension: (iLivid) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2014-09-29]
CHR Extension: (Media Tab) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngohkfkfnacodpjjdnebidjggjhaolnb [2016-07-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1623263002-501616925-659852261-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bbffdhejhaoiflnpooogkckfdcmmjppn] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jbajpeofkjjeiamcglnmldoboonfkiol] - C:\Program Files (x86)\Search Results Toolbar\Datamngr\chromeExtension.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Inspiron\AppData\Local\Torch\Plugins\TorchPlugin.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [mkndcbhcgphcfkkddanakjiepeknbgle] - C:\Program Files (x86)\RelevantKnowledge\rlcm.crx <not found>
"93668ef3edc76521" => service could not be unlocked. <===== ATTENTION
U5 93668ef3edc76521; C:\Windows\System32\Drivers\93668ef3edc76521.sys [73688 2016-05-27] () <===== ATTENTION Necurs Rootkit?
U5 93668ef3edc76521;  <===== ATTENTION: Locked Service
S1 F06DEFF2-5B9C-490D-910F-35D3A9119622; \??\C:\Program Files (x86)\Movies App\Datamngr\x64\setmgrc3.cfg [X]
C:\Users\Inspiron\AppData\Local\Microsoft\BingSvc
C:\ProgramData\mspntovl.exe
C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F.lnk
C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk
C:\Program Files (x86)\Speed Test 127
C:\Users\Inspiron\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers
C:\Users\Inspiron\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi 
C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea
C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhfhkgkmljpbkafmkljgfmaokgcaiiee
C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk
C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf
C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngohkfkfnacodpjjdnebidjggjhaolnb
C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\ProgramData\msjngmu.exe
C:\ProgramData\mspntovl.exe
C:\Users\Inspiron\AppData\Local\Temp\cdo3935119952.dll
C:\Users\Inspiron\AppData\Local\Temp\ReimagePackage.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs let me know what problem persists with this computer.

Include in your reply the Addition.txt file that was created by the Farbar tool.
I need to review it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users