Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

speaker no sound, but microphone works, want to check laptop


  • This topic is locked This topic is locked
4 replies to this topic

#1 duke777

duke777

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 13 August 2017 - 09:48 AM

Hi,

 

I want to check my laptop.

 

Here is the scan for Farbar.

 

 

FRST log

==========

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2017
Ran by User (administrator) on USER-PC (13-08-2017 22:39:49)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2871464 2015-04-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [919032 2017-08-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-06-13] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-664299353-2952846175-1313134647-1000\...\MountPoints2: {2d6f35f6-530e-11e7-8b30-e4d53df78aaa} - F:\idstick.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A1DB908C-3F82-479A-A3BC-9DC52D774CB8}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-664299353-2952846175-1313134647-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-my/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-06] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m49ujg2a.default [2017-07-27]
FF Extension: (Avira Browser Safety) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m49ujg2a.default\Extensions\abs@avira.com [2016-10-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_42.dll [2016-10-13] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_42.dll [2016-10-13] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.709 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2010-03-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.709 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2010-03-15] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-06] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxp://movix.eanswers.com/search/?category=web&s=nmds&vert=movies&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nJoyMovies Search
CHR DefaultSuggestURL: Default -> hxxp://sug.eanswers.com/search/index_sg.php?q={searchTerms}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-08-13]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-14]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-14]
CHR Extension: (Friendly Print Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciiagihjnceooeicjijdnmhpdhlahmao [2017-03-25]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-10-13]
CHR Extension: (Who.int Change Club) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdpklfpiodaekcpiffibgemhnmhcgiio [2017-04-28]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-14]
CHR Extension: (nJoyMovies Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iccdclcdkgpcjmlmkolnjjmjplckbedi [2017-03-25]
CHR Extension: (Cm to inch) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngjcoieobagcphledjgjnndhcjimglbb [2017-03-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (File Url of SingleFile) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiafdhffhninaglgfehepfejiilnhfip [2017-05-27]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-14]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-10]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1128432 2017-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [490968 2017-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [490968 2017-08-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1525240 2017-08-05] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [377976 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [220840 2015-04-14] (Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-06-15] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [189256 2017-08-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [151128 2017-08-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-27] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2013-10-02] (Broadcom Corporation.)
S3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [22712 2015-02-26] (ELAN Microelectronic Corp.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)
R3 int0800; C:\Windows\System32\DRIVERS\flashud.sys [51712 2009-09-09] (Intel Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33448 2015-04-14] (Synaptics Incorporated)
S3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [551936 2013-12-05] (IDT, Inc.) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-13 22:39 - 2017-08-13 22:40 - 000012672 _____ C:\Users\User\Desktop\FRST.txt
2017-08-13 22:39 - 2017-08-13 22:39 - 000000000 ____D C:\FRST
2017-08-13 22:37 - 2017-08-13 22:38 - 002395648 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2017-08-13 21:25 - 2017-08-13 21:25 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2017-08-13 16:40 - 2017-08-13 16:40 - 541630495 _____ C:\Users\User\Desktop\(Hdvidz.in)_MOOL-MANTRA-CHANTS--IK-ONKAR-SATNAM---VERY-POWERFUL--.mp4
2017-08-13 15:10 - 2017-08-13 16:40 - 541630495 _____ C:\Users\User\Downloads\(Hdvidz.in)_MOOL-MANTRA-CHANTS--IK-ONKAR-SATNAM---VERY-POWERFUL--.mp4
2017-08-13 11:52 - 2017-08-13 12:07 - 079231782 _____ C:\Users\User\Downloads\(Hdvidz.in)_MOOL-MANTRA-CHANTS--IK-ONKAR-SATNAM---VERY-POWERFUL--.mp4.crdownload
2017-08-05 21:47 - 2017-08-05 21:57 - 022409454 _____ C:\Users\User\Downloads\Zara_Sa_-_Jannat(TinyJuke.com).mp4
2017-08-05 21:47 - 2017-08-05 21:52 - 014176516 _____ C:\Users\User\Downloads\Haan_Tu_Hain_-_Jannat(TinyJuke.com).mp4
2017-08-05 21:39 - 2017-08-05 21:47 - 011176868 _____ C:\Users\User\Downloads\Doori_Na_Rahe_Koi_-_Kartavya(TinyJuke.com).mp4
2017-08-05 20:12 - 2017-08-05 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-08-02 21:10 - 2017-08-02 21:10 - 000142441 _____ C:\Users\User\Downloads\Surup_style_book (2).pdf
2017-08-01 22:21 - 2017-08-01 22:21 - 000019538 _____ C:\Users\User\Desktop\IMG-20170801-WA0066.rar
2017-07-31 09:17 - 2017-07-31 09:34 - 018591982 _____ C:\Users\User\Downloads\Tumhain_Dekhain_Meri_Aankhein_-_Rang(TinyJuke.com).mp4
2017-07-31 09:16 - 2017-07-31 09:37 - 028733647 _____ C:\Users\User\Downloads\Kahin_Mujhe_Pyar_Hua_To_-_Rang(TinyJuke.com).mp4
2017-07-31 09:16 - 2017-07-31 09:35 - 013568117 _____ C:\Users\User\Downloads\Dil_Cheer_Ke_Dekh_-_Rang(TinyJuke.com).mp4
2017-07-31 09:16 - 2017-07-31 09:26 - 059810068 _____ C:\Users\User\Downloads\Teri Mohabbat Ne Dil Mein   Rang hd 720p  @ RAZA MOBILE QUETTA - TinyJuke.co.mp4
2017-07-30 21:28 - 2017-07-30 21:40 - 021893522 _____ C:\Users\User\Downloads\Hum_Tum_-_Rang(TinyJuke.com).mp4
2017-07-30 21:26 - 2017-07-30 21:40 - 027457173 _____ C:\Users\User\Downloads\Tujhe_Na_Dekhoon_To_-_Rang(TinyJuke.com).mp4
2017-07-30 21:02 - 2017-07-30 21:22 - 009670332 _____ C:\Users\User\Downloads\Mujhe_Mat_Roko_-_Gangster(TinyJuke.com).mp4
2017-07-30 21:02 - 2017-07-30 21:19 - 009230606 _____ C:\Users\User\Downloads\Bheegi_Bheegi_-_Gangster(TinyJuke.com).mp4
2017-07-30 21:02 - 2017-07-30 21:13 - 044717484 _____ C:\Users\User\Downloads\Ya Ali By Ambili - Reprised - Movie - Gangster - New Video Song - TinyJuke.co.mp4
2017-07-30 21:01 - 2017-07-30 21:27 - 018800648 _____ C:\Users\User\Downloads\Tu_Hi_Meri_Shab_hai_-_Gangster(TinyJuke.com).mp4
2017-07-30 21:01 - 2017-07-30 21:23 - 019396993 _____ C:\Users\User\Downloads\Lamha_Lamha_-_Gangster(TinyJuke.com).mp4
2017-07-30 21:00 - 2017-07-30 21:34 - 022544172 _____ C:\Users\User\Downloads\Ya_Ali_-_Gangster(TinyJuke.com).mp4
2017-07-24 11:04 - 2017-07-24 11:04 - 000637265 _____ C:\Users\User\Downloads\Fwd%253a (2).zip
2017-07-24 11:04 - 2017-07-24 11:04 - 000637265 _____ C:\Users\User\Desktop\Fwd%253a (2).zip
2017-07-22 18:14 - 2017-07-22 18:14 - 000637265 _____ C:\Users\User\Downloads\Fwd%253a (1).zip
2017-07-22 18:02 - 2017-07-22 18:02 - 000637265 _____ C:\Users\User\Downloads\Fwd%253a.zip
2017-07-19 14:13 - 2017-08-02 21:43 - 000000000 ____D C:\Users\User\Documents\Outlook Files
2017-07-19 13:42 - 2017-07-19 13:41 - 001792325 _____ C:\Users\User\Desktop\Surup_style_book (1).pdf
2017-07-19 13:41 - 2017-07-19 13:41 - 001792325 _____ C:\Users\User\Downloads\Surup_style_book (1).pdf
2017-07-19 00:52 - 2017-07-19 01:18 - 052463470 _____ C:\Users\User\Downloads\Beech Beech Mein (Jab Harry Met Sejal) 1080p-(Mastimusic.in) (1).mp4.crdownload
2017-07-19 00:52 - 2017-07-19 01:18 - 038723060 _____ C:\Users\User\Downloads\Beech Beech Mein (Jab Harry Met Sejal) 1080p-(Mastimusic.in) (2).mp4.crdownload
2017-07-19 00:52 - 2017-07-19 01:15 - 058262294 _____ C:\Users\User\Downloads\Beech Beech Mein (Jab Harry Met Sejal) 1080p-(Mastimusic.in).mp4
2017-07-19 00:31 - 2017-07-19 00:41 - 009666950 _____ C:\Users\User\Downloads\Rain (Jab Harry Met Sejal)-(Mastimusic.in).mp4
2017-07-19 00:29 - 2017-07-19 00:34 - 004655097 _____ C:\Users\User\Downloads\Afsana Tera Mera Chatkare Wala Beech Beech Mein-(Mastimusic.in).3gp
2017-07-19 00:27 - 2017-07-19 00:44 - 021868953 _____ C:\Users\User\Downloads\Butterfly (Jab Harry Met Sejal) Sharukh Khan n Anushka Sharma HD-(Mastimusic.in).mp4
2017-07-19 00:26 - 2017-07-19 00:49 - 039489453 _____ C:\Users\User\Downloads\SAFAR - Jab Harry Met Sejal Female Version by (Suprabha KV) 720p-(Mastimusic.in).mp4
2017-07-19 00:18 - 2017-07-19 00:25 - 007212267 _____ C:\Users\User\Downloads\Mein Bani Teri Radha (Jab Harry Met Sejal)-(Mastimusic.in).3gp
2017-07-18 23:13 - 2017-07-18 23:34 - 024196800 _____ C:\Users\User\Downloads\Billo - Mika Singh (HD 720p).mp4
2017-07-18 23:13 - 2017-07-18 23:32 - 057456733 _____ C:\Users\User\Downloads\Billo - Mika Singh Full HD(videoming).mp4
2017-07-15 10:17 - 2017-07-15 10:17 - 000000007 _____ C:\Users\User\Downloads\IMG_7393.html
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-13 22:27 - 2009-07-14 12:45 - 000028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-13 22:27 - 2009-07-14 12:45 - 000028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-13 22:24 - 2009-07-14 13:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-13 22:24 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2017-08-13 22:20 - 2016-10-13 17:18 - 000151552 _____ C:\Windows\KMSEmulator.exe
2017-08-13 22:20 - 2016-10-13 17:18 - 000002756 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2017-08-13 22:20 - 2016-10-13 17:18 - 000000218 _____ C:\Windows\Tasks\AutoKMSDaily.job
2017-08-13 22:20 - 2016-10-13 17:18 - 000000214 _____ C:\Windows\Tasks\AutoKMS.job
2017-08-13 22:19 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-13 21:48 - 2016-10-13 17:11 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2017-08-09 22:24 - 2009-07-14 13:08 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-08-08 21:30 - 2016-10-13 16:45 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-08 21:30 - 2016-10-13 16:45 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-05 22:06 - 2016-10-13 17:21 - 000000000 ____D C:\Users\User\AppData\Roaming\Avira
2017-08-05 20:10 - 2016-10-13 17:20 - 000189256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-08-05 20:10 - 2016-10-13 17:20 - 000151128 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
 
Some files in TEMP:
====================
2016-10-13 17:21 - 2016-10-13 17:22 - 000000000 ____D () C:\Users\User\AppData\Local\Temp\avgnt.exe
2013-06-25 01:19 - 2013-06-25 01:19 - 002380752 _____ (Mooii) C:\Users\User\AppData\Local\Temp\GoogleSetup.exe
2017-05-09 18:15 - 2017-05-09 18:15 - 047472744 _____ (Google Inc.) C:\Users\User\AppData\Local\Temp\{826731B7-694E-44B9-A22A-FE9E50642214}-58.0.3029.110_chrome_installer.exe
2017-05-09 18:15 - 2017-05-09 18:15 - 047472744 _____ (Google Inc.) C:\Users\User\AppData\Local\Temp\{C50ABDD4-61A7-4B7C-8F02-1E014E3BA8A4}-58.0.3029.110_chrome_installer.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-13 15:28
 
==================== End of FRST.txt ============================
 
Addition log
==========
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2017
Ran by User (13-08-2017 22:40:34)
Running from C:\Users\User\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-10-13 08:23:13)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-664299353-2952846175-1313134647-500 - Administrator - Disabled)
Guest (S-1-5-21-664299353-2952846175-1313134647-501 - Limited - Disabled)
User (S-1-5-21-664299353-2952846175-1313134647-1000 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.42 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.29.32 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{661C79C2-D156-419C-81CA-D1A2523B0841}) (Version: 1.2.91.10326 - Avira Operations GmbH & Co. KG) Hidden
Avira Connect (HKLM-x32\...\{dd9049b8-31d1-40bd-8c8c-97a7b087a78f}) (Version: 1.2.91.10326 - Avira Operations GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
K-Lite Mega Codec Pack 5.8.3 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 5.8.3 - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.48.60 - Synaptics Incorporated)
VLC media player 1.3.0-git-20120114-0011 (HKLM-x32\...\VLC media player) (Version: 1.3.0-git-20120114-0011 - VideoLAN)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2017-08-05] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] ()
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-05-27] (Intel Corporation)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2017-08-05] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03847FD9-EA37-4527-A986-34B154E5C9F2} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exe [2016-10-13] ()
Task: {2C3C3AD5-6D76-4CBC-A19F-AA1C29C463A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-23] (Piriform Ltd)
Task: {A6C24807-8590-4BDD-9F2B-9FBAAFFBB16B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-10-13] ()
Task: {A8F77F6B-C70E-4C1A-8FE0-6DD665F57EF5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-13] (Google Inc.)
Task: {B016667E-E73E-4349-ABAF-2DFF642CFF76} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-13] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-01-09 20:17 - 2010-01-09 20:17 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 008794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-10-13 16:45 - 2005-06-07 12:26 - 000043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2016-10-13 17:00 - 2015-05-27 01:50 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-08-08 21:30 - 2017-08-02 15:39 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libglesv2.dll
2017-08-08 21:30 - 2017-08-02 15:39 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2009-06-11 05:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-664299353-2952846175-1313134647-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: wuauserv => 2
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{722827DA-7667-486A-AE32-72DEBAA0F071}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{9AA08593-050A-4A13-BE66-E0CD51EF363E}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [{F8225095-E1F6-4661-A572-82B4D2C76430}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5E2CB6B0-D1F5-489E-97C6-D1C49B8647C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{56BD558B-F3A1-40ED-8B46-8CD7497326E4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
18-06-2017 19:08:01 Scheduled Checkpoint
24-07-2017 09:29:09 Scheduled Checkpoint
03-08-2017 21:36:52 Scheduled Checkpoint
13-08-2017 16:17:26 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/13/2017 10:20:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/13/2017 10:00:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/13/2017 09:45:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/13/2017 09:14:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/13/2017 06:32:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/13/2017 03:06:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/13/2017 11:44:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/13/2017 10:00:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/12/2017 09:05:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/11/2017 10:22:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (08/13/2017 10:07:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
 
Error: (08/13/2017 09:59:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
 
Error: (08/13/2017 09:44:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
 
Error: (08/13/2017 04:42:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
 
Error: (08/13/2017 12:07:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
 
Error: (08/12/2017 09:35:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
 
Error: (08/11/2017 09:48:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
 
Error: (08/10/2017 09:44:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
 
Error: (08/09/2017 11:32:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
 
Error: (08/09/2017 10:32:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 53%
Total physical RAM: 4043.86 MB
Available physical RAM: 1896.46 MB
Total Virtual: 8085.92 MB
Available Virtual: 5554.36 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:200 GB) (Free:119.41 GB) NTFS
Drive d: (DATA) (Fixed) (Total:265.66 GB) (Free:19.37 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1F9951F8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=265.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 37,034 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:23 AM

Posted 13 August 2017 - 12:38 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR DefaultSearchURL: Default -> hxxp://movix.eanswers.com/search/?category=web&s=nmds&vert=movies&q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://sug.eanswers.com/search/index_sg.php?q={searchTerms}
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-10]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
Task: {03847FD9-EA37-4527-A986-34B154E5C9F2} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exe [2016-10-13] ()
Task: {A6C24807-8590-4BDD-9F2B-9FBAAFFBB16B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-10-13] ()
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe
FirewallRules: [TCP Query User{722827DA-7667-486A-AE32-72DEBAA0F071}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{9AA08593-050A-4A13-BE66-E0CD51EF363E}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
C:\Windows\AutoKMS

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists please run this check.

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process

Post the contents of the sfcdetails.txt file for my review.

Let me know if the problem persists.
<<<>>>

#3 duke777

duke777
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 13 August 2017 - 10:02 PM

the problem still there,  I already download new sound driver, updated my windows 7.  

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 37,034 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:23 AM

Posted 14 August 2017 - 07:57 AM

Hi,

Navigate to this page.
http://www.pcgamer.com/the-most-frustrating-windows-7-audio-problem-solved/

Look at this section
You can check this by opening up Regedit and going to HkeyLocalMachine>Software>Microsoft>Windows>CurrentVersion>MMDevices>Audio>Renderer and right clicking any of the keys in this stack. In the Permissions tab of the properties dialogue, there should be a user called 'AudioEndpointBuilder' and another one called 'Audioserv'. If they aren't present, something has gone awry.

See the image shown on the topic.

DO NOT do anything else just let me know if these 2 entries are listed.

p.s.
As this is not caused by malware and not my forte feel free to start a new topic in the Windows 7 forum.
An expert with that Operating System may have a simpler solution.
https://www.bleepingcomputer.com/forums/f/167/windows-7/

Keep me posted.

#5 duke777

duke777
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 15 August 2017 - 01:35 AM

yes the 2 entries is there.  I just format and reinstall windows 7,  but the problem is still there,  already posted in win 7 forum






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users