Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop too slow - Google Chrome Infected [Solved]

chrome infected pop-up processes slow streaming browising

  • This topic is locked This topic is locked

#1
micalparkz

micalparkz

    Member

  • Member
  • PipPipPip
  • 128 posts

Hi,

 

I am back to geekstogo after many years, since I remember you guys helped me when I get infected with virus, probably I was in early 20s then, now in late 20s.

 

I have HP Pavillion G6 with 64 Bit operating system; Windows 7 Home Premium service pack 1.

 

Symptoms

 

- Computer generally has become really slow. It takes time to open up applications and scroll through windows.

 

- Internet browsing is extremely slow and dead at times, no issue in Internet speed though. Websites take time to load and I keep hearing loading tick sounds. Moreover once a website is open, it is extremely slow to navigate and scroll up and down through it.

 

- Main issue is streaming, websites like dailymotion/youtube take ages to load. The buffering is extremely slow and many times the windows freeze. Moreover while buffering at times I hear the sound only whereas the video remains frozen.

 

- At times during browsing or while playing dailymotion, windows moves to another popup window (ad based) and the previous screen closes. That was the time I thought there is some issue with malware/spywayre effecting my computer.

 

 

Efforts so far

 

- AVG anti virus

- Iorbit malware cleaner

- Cache Cleaner

 

 

Logs

 

This is the second time I am writing my post. Since the last time when I wrote it and while I was pasting my logs, the windows froze. I tried a several times but it didn't work. So this time I have attached my logs below (I hope you can see them and help - as I am really unable to paste the data in logs)

 

 

I am really lookign forward to your kind help. Thanks in advance.

Attached Files


  • 0

Advertisements


#2
micalparkz

micalparkz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
Ran by Muneeb Khan Lodhi at 2015-05-18 20:47:17
Running from C:\Users\Muneeb Khan Lodhi\Desktop\Malware Removal Geekstogo
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2238753014-2711977962-2677134643-500 - Administrator - Disabled)
fbwuser (S-1-5-21-2238753014-2711977962-2677134643-1007 - Limited - Disabled) => C:\Users\fbwuser
Guest (S-1-5-21-2238753014-2711977962-2677134643-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2238753014-2711977962-2677134643-1006 - Limited - Enabled)
Muneeb Khan Lodhi (S-1-5-21-2238753014-2711977962-2677134643-1001 - Administrator - Enabled) => C:\Users\Muneeb Khan Lodhi
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.2.0 - IObit)
AMD Catalyst Install Manager (HKLM\...\{ACD449FA-9DF3-779D-DA68-11D486963225}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Driver Booster 2.3 (HKLM-x32\...\Driver Booster_is1) (Version: 2.3 - IObit)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto Vice City (HKLM-x32\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
Hotspot Shield 3.25 (HKLM-x32\...\HotspotShield) (Version: 3.25 - AnchorFree Inc.)
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Documentation (HKLM-x32\...\{3D5C7E0E-AEC0-40EB-99D3-C40469738040}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{562608FE-2051-4488-BF22-8CE4C03046AC}) (Version: 1.0.12 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.1 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.135 - PandoraTV)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Pandora Service (HKLM-x32\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version:  - Pandora.TV) <==== ATTENTION
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
RadioRage Internet Explorer Toolbar (HKLM-x32\...\RadioRage_4jbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.0 - IObit)
Spotflux (HKLM-x32\...\Spotflux) (Version: 2.9.20 - Spotflux)
SteadyVideoIE (HKLM-x32\...\{40A03BEA-447B-4B3B-8AA0-6C4160C4D4DC}) (Version: 1.0.0 - AMD)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tixati (HKLM-x32\...\tixati) (Version:  - )
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
U3Launcher (HKLM-x32\...\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}) (Version: 1.0.0 - U3)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
YouTube Free Downloader (HKLM-x32\...\YouTube Free Downloader) (Version: 4.3.1 - YouTubeFreeDownloader)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
25-04-2015 05:16:24 Windows Update
02-05-2015 05:25:43 Windows Update
03-05-2015 19:26:02 Driver Booster : AMD High Definition Audio Device
15-05-2015 23:15:56 Software Removal Tool
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0091F4CA-034E-4604-B5FF-80AAC9320782} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {21E3E29C-E512-4C98-A90B-811678578D2E} - System32\Tasks\{15E9BB29-D3C9-4E7F-A4E6-E79B754ED583} => pcalua.exe -a "C:\D drive data\Games\AOE Conquerors\age2upa.exe" -d "C:\D drive data\Games\AOE Conquerors"
Task: {499370D1-4FCE-4D5F-9485-145F95A88F3D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4C6D3412-8AC7-4C38-8E31-7842B3E44FB2} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {4F19AD43-CBBA-4B1B-A89C-56D470B82439} - System32\Tasks\ASC8_SkipUac_Muneeb Khan Lodhi => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-04-09] (IObit)
Task: {51807BB2-7FBD-4A3C-9BDC-E99DC2718F7E} - System32\Tasks\launchspotflux => C:\Program Files (x86)\Spotflux\spotflux.exe [2014-01-21] ()
Task: {5E11588C-ADCC-41A9-96A6-03FE0C49F520} - System32\Tasks\{C25B728D-27ED-4FCE-BC81-F5652A1821E8} => pcalua.exe -a "C:\D drive data\Games\Age Of Empires 2 &amp; The Conquerors Expansion - Full Game\SETUPREG.EXE" -d "C:\D drive data\Games\Age Of Empires 2 &amp; The Conquerors Expansion - Full Game"
Task: {75203684-393F-4305-8E3A-777E5E849EFB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06] (Google Inc.)
Task: {8029C3F6-06F8-4FAB-A18E-CBFC5FBFFD66} - System32\Tasks\{8F7139A5-3408-45BC-A64E-672623AEA322} => pcalua.exe -a G:\aocsetup.exe -d G:\ -c /autorun
Task: {842C8930-F477-417A-AD8D-678092DCDB9D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-29] (CyberLink)
Task: {8C4417BD-F630-499D-BF04-ACAEBACCED52} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-04-07] (IObit)
Task: {A0C6FA4E-CC45-418D-91BF-EB0E5102715B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-24] (Piriform Ltd)
Task: {A890C0CF-D5AE-4980-BCA2-2BB39748616B} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {AD89180E-985B-417B-A035-6070B79BA138} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06] (Google Inc.)
Task: {B4626FA9-8A95-4462-83B0-A95ADF723175} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2015-03-30] (IObit)
Task: {B96F40CB-06C1-40C9-94D4-CE4926857532} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Muneeb Khan Lodhi\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {C00F1C2D-89BF-4AEA-9F08-F1B86CAD0C96} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-17] (Adobe Systems Incorporated)
Task: {C8C901D8-D4E6-4AA8-9FFC-13B4E6175968} - System32\Tasks\Uninstaller_SkipUac_Muneeb_Khan_Lodhi => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {D96F5CD0-8EBE-47CA-8505-C9C6EF5F643F} - System32\Tasks\Driver Booster SkipUAC (Muneeb Khan Lodhi) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-04-07] (IObit)
Task: {F6C06142-D2CD-4360-804C-00A92293AB52} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-20] (AVAST Software)
Task: {F7412D54-49AC-4273-92E0-CF202B2BE78B} - System32\Tasks\{42074EA0-2F27-44EB-BAA2-CE6DE674B649} => pcalua.exe -a "C:\D drive data\Games\Age Of Empires 2 &amp; The Conquerors Expansion - Full Game\uninstall.exe" -d "C:\D drive data\Games\Age Of Empires 2 &amp; The Conquerors Expansion - Full Game"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-09-28 23:19 - 2011-09-28 23:19 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-03-15 10:35 - 2014-03-15 10:35 - 00555304 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2011-03-17 10:07 - 2011-03-17 10:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-21 01:23 - 2010-10-21 01:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-05-03 19:22 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2015-05-18 03:33 - 2015-05-18 03:33 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15051701\algo.dll
2015-05-18 19:52 - 2015-05-18 19:52 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15051800\algo.dll
2015-05-03 18:19 - 2015-01-09 18:46 - 00517408 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\sqlite3.dll
2014-03-20 04:38 - 2014-03-20 04:38 - 00908584 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2014-03-20 07:46 - 2014-03-20 07:46 - 00381224 _____ () C:\Program Files (x86)\Hotspot Shield\bin\cmwarchplugin.dll
2014-03-20 03:48 - 2014-03-20 03:48 - 00506664 _____ () C:\Program Files (x86)\Hotspot Shield\bin\HssRep.dll
2014-03-21 01:04 - 2014-01-04 00:45 - 02927360 ____N () C:\Windows\wweb32.dll
2014-03-21 01:04 - 2013-05-21 02:32 - 00581480 ____N () C:\Program Files (x86)\WordWeb\wwextdb.dll
2011-03-17 10:11 - 2011-03-17 10:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-21 01:45 - 2010-10-21 01:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-01-26 11:29 - 2012-10-22 21:21 - 01277952 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll
2013-01-26 11:29 - 2012-07-10 03:57 - 02090496 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avcodec-53.dll
2013-01-26 11:29 - 2011-12-07 02:19 - 00133632 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avutil-51.dll
2013-01-26 11:29 - 2012-03-23 20:07 - 00224768 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\libupnp.dll
2014-05-20 15:01 - 2014-05-20 15:01 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-05-03 19:23 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-05-03 19:23 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-05-03 19:23 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-05-16 10:52 - 2015-05-05 14:06 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll
2014-10-28 07:58 - 2014-02-10 11:44 - 04592128 _____ () C:\Users\Muneeb Khan Lodhi\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-10-28 07:58 - 2014-02-10 11:44 - 00112128 _____ () C:\Users\Muneeb Khan Lodhi\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Muneeb Khan Lodhi\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 4.2.2.1 - 4.2.2.2
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Muneeb Khan Lodhi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LaunchU3.exe.lnk => C:\Windows\pss\LaunchU3.exe.lnk.Startup
MSCONFIG\startupreg: Ad Arrest => C:\Program Files (x86)\Ad Arrest IE Popup Killer\adarrest.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 6 => "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
MSCONFIG\startupreg: Advanced SystemCare 8 => "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: ConduitFloatingPlugin_giolhomkcooifelkdfpejhidfidaahlc => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3282698\plugins\TBVerifier.dll",RunConduitFloatingPlugin giolhomkcooifelkdfpejhidfidaahlc
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: RadioRage Search Scope Monitor => "C:\PROGRA~2\RADIOR~1\bar\1.bin\4jsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: VideoDownloadToolbar => "C:\Users\Muneeb Khan Lodhi\AppData\Roaming\VideoDownloadToolbar\VideoDownloadToolbar.exe" cmd=vdt_autorun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [{CD8B3301-C5E8-4319-8E9F-C73CCF354698}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AE0995DA-699D-4BE0-A7A0-E82020B5A25F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CB7CD860-C4B1-4657-8280-9CA7C4A3B131}] => (Allow) LPort=2869
FirewallRules: [{B94A7292-BCF5-4935-A648-AD9D6A09A6F5}] => (Allow) LPort=1900
FirewallRules: [{72EA8F5E-A93A-4465-878A-AC364C1794E0}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{0E65082C-A64C-4B66-9257-689BF538B64A}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{EFF791D3-8243-4912-8DD5-E4620AC6D597}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{E873CC54-F838-412E-A22F-55ED14C1C615}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{BEE06A59-437D-457C-AAAC-D4FF07193C92}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{BC4AA6AD-B763-4292-A151-D2C9D192DB9D}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{27327A2C-4A64-4216-9E8F-6133CBAF3B37}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [TCP Query User{49C882B5-5B6B-43F1-BFDE-C3C8CDA9B663}C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1.exe] => (Allow) C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1.exe
FirewallRules: [UDP Query User{625F29DD-EED7-4B97-8474-A012CCC86564}C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1.exe] => (Allow) C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1.exe
FirewallRules: [TCP Query User{39EAE9C0-6D4E-40F6-8BBA-654395712159}C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1\age2_x1.exe] => (Allow) C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{79898DF5-9520-4371-B552-BA3DACD7D267}C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1\age2_x1.exe] => (Allow) C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1\age2_x1.exe
FirewallRules: [{A577B8D2-256E-4A19-8D36-6CD2C4D8A155}] => (Allow) C:\Users\Muneeb Khan Lodhi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E3EDE0C3-CC0A-4CAC-AC61-FD662C1683FB}] => (Allow) C:\Users\Muneeb Khan Lodhi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{103D5D20-4163-49A2-833D-2BD55EF321A1}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [TCP Query User{776DFA62-4F5E-41C6-A184-E0B95A9818CE}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{4D81310F-BFB8-483F-84EB-5030233D04C9}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{CF5DF66D-65EB-4B53-812D-4E7C4BD08C15}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{9F98BDFB-F683-42DD-A90D-99BC0C538838}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{29707835-1367-4AF4-8CFB-85258DDB2EE4}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{463D4FE8-2265-447E-9273-C5F8B5791CED}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{E7BC5588-BDA4-46D6-9CA6-D88F818A5C06}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [TCP Query User{4253A92D-E492-4880-92CF-F7B3E522802F}C:\d drive data\games\aoe conquerors\age2_x1.exe] => (Allow) C:\d drive data\games\aoe conquerors\age2_x1.exe
FirewallRules: [UDP Query User{DD1635AB-5534-4285-86A8-CA3DD4557EDD}C:\d drive data\games\aoe conquerors\age2_x1.exe] => (Allow) C:\d drive data\games\aoe conquerors\age2_x1.exe
FirewallRules: [{967567C5-AE00-4CCD-9796-F17A05709AC9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{811A13AF-BB51-446E-B5CC-B0C8EC620D3C}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{3B70B559-ABB7-45C8-9779-BC41419E5EB1}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{A6C021BB-7E13-4A41-B935-72D3C2F99373}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{7C44C4C5-8BBD-454F-B2E3-49EF95F95E7B}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/18/2015 08:26:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: bcryptprimitives.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c4f0
Exception code: 0xc0000005
Fault offset: 0x0000000000007a94
Faulting process id: 0xd70
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (05/18/2015 07:50:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/18/2015 07:47:47 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (05/18/2015 07:47:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PanProcess.exe, version: 1.0.1.2, time stamp: 0x506004cc
Faulting module name: PanStreamer.dll, version: 2.0.6.37, time stamp: 0x509b1d60
Exception code: 0xc0000005
Fault offset: 0x0001dc74
Faulting process id: 0x1220
Faulting application start time: 0xPanProcess.exe0
Faulting application path: PanProcess.exe1
Faulting module path: PanProcess.exe2
Report Id: PanProcess.exe3
 
Error: (05/15/2015 11:47:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/15/2015 11:43:29 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.
 
 
Details:
This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)
 
Error: (05/15/2015 11:35:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/15/2015 11:25:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/15/2015 11:22:41 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (05/15/2015 10:52:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (05/18/2015 07:49:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (05/15/2015 11:46:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (05/15/2015 11:46:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 23:45:24 on ‎15/‎05/‎2015 was unexpected.
 
Error: (05/15/2015 11:33:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (05/15/2015 11:33:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 23:32:23 on ‎15/‎05/‎2015 was unexpected.
 
Error: (05/15/2015 11:23:39 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (05/15/2015 10:50:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (05/14/2015 09:01:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (05/13/2015 07:32:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (05/12/2015 09:09:07 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
 
Microsoft Office Sessions:
=========================
Error: (05/18/2015 08:26:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4bcryptprimitives.dll6.1.7601.175144ce7c4f0c00000050000000000007a94d7001d0914ffe21ca0eC:\Windows\Explorer.EXEC:\Windows\system32\bcryptprimitives.dll5768dd62-fd48-11e4-b93e-a0b3cc6a6f9f
 
Error: (05/18/2015 07:50:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/18/2015 07:47:47 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (05/18/2015 07:47:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PanProcess.exe1.0.1.2506004ccPanStreamer.dll2.0.6.37509b1d60c00000050001dc74122001d08f15c0a07257C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exeC:\Program Files (x86)\PANDORA.TV\PanService\PanStreamer.dll5801d74a-fcde-11e4-9aa6-a0b3cc6a6f9f
 
Error: (05/15/2015 11:47:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/15/2015 11:43:29 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: 
Details:
This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)
 
Error: (05/15/2015 11:35:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/15/2015 11:25:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/15/2015 11:22:41 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (05/15/2015 10:52:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: AMD E2-3000M APU with Radeon™ HD Graphics
Percentage of memory in use: 57%
Total physical RAM: 3561.41 MB
Available physical RAM: 1515.53 MB
Total Pagefile: 7120.99 MB
Available Pagefile: 4335.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:441.79 GB) (Free:173.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:19.81 GB) (Free:2.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BBEEB5FC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End Of Log ============================

  • 0

#3
micalparkz

micalparkz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts

Hi

 

Do the topics here go unnoticed?

 

In case I should post again?  :upset:

 

I am still. unable to post FRST file due to his huge size I guess.

 

Thanks


  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 



- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • It is also likely during our cleaning process that your internet browsing history will be removed. Your favorites will be untouched. If you don't want this to happen you need to let me know before running any steps so I can adjust my fixes accordingly.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

Sorry for the slight delay. Please do the following.

 

Step#1 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Cleaning"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#2 - JRT
1. Download Junkware Removal Tool to your desktop.
1. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
2. The tool will open and start scanning your system.
3. Please be patient as this can take a while to complete depending on your system's specifications.
4. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
5. Close the text file and reboot your machine.
6. Post the contents of JRT.txt into your next message.

 

Step#3 - Fresh Set of Logs
 
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post

1. AdwCleaner log

2. Junkware log
3. FRST and Addition logs


  • 0

#5
micalparkz

micalparkz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts

Hi Brian..

 

Many Thanks for replying.

 

The logs are as follows :

 

# AdwCleaner v4.204 - Logfile created 20/05/2015 at 22:25:16
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Muneeb Khan Lodhi - MUNEEBKHANLODHI
# Running from : C:\Users\Muneeb Khan Lodhi\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
Service Deleted : hshld
[#] Service Deleted : PanService
[#] Service Deleted : YahooAUService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\PANDORA.TV
Folder Deleted : C:\Program Files (x86)\RadioRage_4j
Folder Deleted : C:\Users\Muneeb Khan Lodhi\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Muneeb Khan Lodhi\AppData\Local\TNT2
Folder Deleted : C:\Users\Muneeb Khan Lodhi\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\Muneeb Khan Lodhi\AppData\Roaming\OpenCandy
File Deleted : C:\END
 
***** [ Scheduled tasks ] *****
 
Task Deleted : BackgroundContainer Startup Task
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\giolhomkcooifelkdfpejhidfidaahlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\giolhomkcooifelkdfpejhidfidaahlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@RadioRage_4j.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48909954-14FB-4971-A7B3-47E7AF10B38A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5731AB1-8566-4441-AEFB-9AFB2EEA63D9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44db423d-a0db-4664-9477-ccdceb7cd666}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53855564-cf81-410c-9c1c-321c7e067816}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a25aa6e2-1cde-4d0f-a5d4-4898d7fb3c86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5c9cb1c-1c0a-45a2-81cc-1dd342d0a478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a661d4dc-4bd8-48fc-964b-a24ab8157de6}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{05aceb2e-e4f4-4a9c-aa08-85b17d677af6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E1AA69FC-FAEF-4C30-8A70-229B05AC4029}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{05aceb2e-e4f4-4a9c-aa08-85b17d677af6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\TNT2
Key Deleted : HKCU\Software\RadioRage_4j
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\RadioRage_4j
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\RadioRage_4j
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RadioRage_4jbar Uninstall Internet Explorer
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:8555;hxxps=127.0.0.1:8555
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16750
 
 
-\\ Google Chrome v42.0.2311.152
 
[C:\Users\Muneeb Khan Lodhi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\Muneeb Khan Lodhi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : giolhomkcooifelkdfpejhidfidaahlc
[C:\Users\Muneeb Khan Lodhi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ffdcfjdljhbehggjdkdioajnknjcpbjb
 
*************************
 
AdwCleaner[R0].txt - [6788 bytes] - [20/05/2015 21:43:04]
AdwCleaner[R1].txt - [7527 bytes] - [20/05/2015 21:57:28]
AdwCleaner[S0].txt - [6470 bytes] - [20/05/2015 22:25:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6529  bytes] ##########
 
 
 
I will post the others in separate messages.

  • 0

#6
micalparkz

micalparkz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.5 (05.20.2015:1)
OS: Windows 7 Home Premium x64
Ran by Muneeb Khan Lodhi on 20/05/2015 at 22:35:00.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Booster Scan
Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Booster SkipUAC (Muneeb Khan Lodhi)
Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Booster Update
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5848763c-2668-44ca-adbe-2999a6ee2858}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2ACF4780-DE83-4A12-8212-F5DCC4EF7259}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1AA69FC-FAEF-4C30-8A70-229B05AC4029}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5848763c-2668-44ca-adbe-2999a6ee2858}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5848763c-2668-44ca-adbe-2999a6ee2858}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\prefetch\DRIVERBOOSTER.EXE-51D78DCC.pf
Successfully deleted: [File] C:\users\public\desktop\hotspot shield.lnk
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{0027938F-B4CA-40C9-B658-822E4DAD02BE}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{02D29DFF-A40A-4E52-8310-79BF67AC38D9}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{030F6A6D-6DFE-4D8B-B855-EC9975EA717B}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{0633EFD6-B35B-40C9-84EF-E314826A580E}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{0B2A2FFB-B97A-4C83-BAAF-6A925E6A2180}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{0D530DA1-62A9-4125-8097-53457A8A8895}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{0EA51E7D-B845-4E9C-B5FD-96CFBB4B0434}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{1088910C-6305-4ABF-9C65-25E48ECC3EDC}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{14648A22-6374-4E54-B6DC-A91ED578B578}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{1BCE67B6-ADFB-4D01-ABAA-EB43526D35D1}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{21D13503-1899-4B6B-8261-98F8EAB49C8F}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{234993F6-7154-4F14-852E-2BD3E3BC0609}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{237529EF-CA25-45FE-A2FE-89A18A6353AC}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{26662893-2892-475C-A197-A0D772F04056}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{2841C61E-E8D6-4832-98F1-B8BCD22CFDF3}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{2A14D1CF-08EB-4D51-BC96-7DD8E852EF9D}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{2D54DFB2-7504-47EC-86D4-402E99390850}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{2E0606CA-D143-43A9-9783-B2B802A90861}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{2F8F0991-F9AC-4E54-B62F-3E53FA657A88}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{35340AF5-3D7F-4372-96B7-70862CA7FAD1}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{3586C543-37A3-40DC-910F-80ECA832041F}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{36F36313-F5C7-44B5-8BD0-72FF34933F47}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{415E0E31-106E-42DF-B7CE-F609EA75B1BC}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{429DD0B6-29AC-4657-B78B-CB67369A4881}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{438C9169-9272-48DE-BFF7-8A0F7509FB66}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{45478A8C-1639-49D6-AFB4-D8F9B96340CF}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{458A7CBB-4E76-418C-9DD3-D5F279CD4552}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{4C040B2C-2A50-4FD9-AF95-4A2F02857613}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{4FCB8841-1650-4C7E-B3EB-B39652249C4A}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{507FABBF-09E2-452B-AE3C-FF638B6C9ECA}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{50DBA0DD-15C7-4202-B197-89A47A215DAB}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{523FC66E-03C2-4F58-87F0-14BA18130960}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{52C6735E-F6FF-4E32-8DDC-4AA900AFAFE3}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{54A26C44-6AD9-43E7-B6B8-8A6384CBCB36}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{57BA9522-2234-4C70-8E2F-EA0F0ABEE427}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{583E7B35-70D2-473C-A07D-C57C45CF4835}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{59E51D5B-F6D3-4BE2-9B0A-34911386106A}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{5F2F194A-36F5-46B6-8DA2-48E3A0D50A5F}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{653BDF98-EAB5-4146-B840-3C7FD8141D78}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{658C032D-A9BF-4350-B266-8CCFD2BF25C7}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{6C622E58-08C5-48C4-AF09-5E14F2D7DFFA}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{6D6E461D-382A-409F-BCB4-1A88EDA1D97E}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{7675F4CB-3F48-4D2C-8FC9-E5FD1E4CBB74}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{80376F4A-C58E-4150-AADD-7773CB0B02BF}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{845F8EC8-8303-4F27-98C3-ED85EFCFD5DB}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{8F976CB6-4F36-4A24-B51A-2E33D7B3D921}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{95652163-1320-4C39-B8B9-2D2A7E6C956D}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{95B8BD79-91D7-4E85-BB8D-2B0266E46E83}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{9698136E-2DD4-46B8-B553-F97B2463C3E5}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{96E47175-0F28-4274-A0E9-E9E9FAB8FC05}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{9C58AE01-E09F-4AB9-8419-9B35E68751DD}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{A28AA925-7F63-4145-982F-8B6700EF5FFC}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{A8692A36-B9A9-48B5-BD62-0AABD5281238}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{ACB74499-EFA6-4DA0-B676-4E4126029B44}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{AE60E5DC-F12A-45A7-9C07-4BA7EA77BE5D}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{AE8665CD-02E4-42D7-94D4-4100D5311E08}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{B10BBD46-209A-451C-97F2-847216B58F2E}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{B621CEBB-CDCD-4FA5-A854-000ADA5DEC19}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{B7B54EDF-71A4-4B9D-AA72-D340125283D9}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{B92E3A14-8E00-4A59-8E1C-5D7F680F3871}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{BBC8A946-FD44-4FBF-B4B8-6AEE2CB03F7F}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{BC41CEB5-75E3-436D-89A3-7DD5AF682058}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{BE4F6E61-E0D6-4D89-858D-BE0A996B8706}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{C215FE6D-3A6F-4C5B-8605-F331B99E5BDC}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{C8D6B0FF-A8B4-4757-B1E5-216BD928D12C}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{CD8BE4ED-B7E9-417D-B8E3-05E1A652666D}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{CEF46565-FA06-4D5F-A88B-71E518F46A9C}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{D3A46351-02EE-4A81-9BD2-C24D6EE7093C}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{D3DCEEEC-5A38-4A2F-B25E-383E6D6AA93C}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{DCA66AC6-1075-4820-A1EA-2583CF8FC71F}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{E64535A8-D2EC-4ED7-A68D-9023E7C4645E}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{F4C564FF-748A-4753-A1FF-17DD42B56FF2}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{F6421759-4C46-4E4F-9A3E-FCA3A664FCFD}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{F69709E6-0C1C-42B5-9A54-6AD930BD8FD5}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{FE0D0404-0E79-42DD-9138-FE21377A8A2A}
Successfully deleted: [Empty Folder] C:\Users\Muneeb Khan Lodhi\appdata\local\{FEED04A3-4C6F-47FC-95A2-F355AA7EAF02}
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/05/2015 at 22:46:18.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#7
micalparkz

micalparkz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by Muneeb Khan Lodhi at 2015-05-20 23:00:59
Running from C:\Users\Muneeb Khan Lodhi\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2238753014-2711977962-2677134643-500 - Administrator - Disabled)
fbwuser (S-1-5-21-2238753014-2711977962-2677134643-1007 - Limited - Disabled) => C:\Users\fbwuser
Guest (S-1-5-21-2238753014-2711977962-2677134643-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2238753014-2711977962-2677134643-1006 - Limited - Enabled)
Muneeb Khan Lodhi (S-1-5-21-2238753014-2711977962-2677134643-1001 - Administrator - Enabled) => C:\Users\Muneeb Khan Lodhi
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.2.0 - IObit)
AMD Catalyst Install Manager (HKLM\...\{ACD449FA-9DF3-779D-DA68-11D486963225}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Driver Booster 2.3 (HKLM-x32\...\Driver Booster_is1) (Version: 2.3 - IObit)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto Vice City (HKLM-x32\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
Hotspot Shield 3.25 (HKLM-x32\...\HotspotShield) (Version: 3.25 - AnchorFree Inc.)
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Documentation (HKLM-x32\...\{3D5C7E0E-AEC0-40EB-99D3-C40469738040}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{562608FE-2051-4488-BF22-8CE4C03046AC}) (Version: 1.0.12 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.1 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.135 - PandoraTV)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Pandora Service (HKLM-x32\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version:  - Pandora.TV) <==== ATTENTION
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.0 - IObit)
Spotflux (HKLM-x32\...\Spotflux) (Version: 2.9.20 - Spotflux)
SteadyVideoIE (HKLM-x32\...\{40A03BEA-447B-4B3B-8AA0-6C4160C4D4DC}) (Version: 1.0.0 - AMD)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tixati (HKLM-x32\...\tixati) (Version:  - )
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
U3Launcher (HKLM-x32\...\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}) (Version: 1.0.0 - U3)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
YouTube Free Downloader (HKLM-x32\...\YouTube Free Downloader) (Version: 4.3.1 - YouTubeFreeDownloader)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
25-04-2015 05:16:24 Windows Update
02-05-2015 05:25:43 Windows Update
03-05-2015 19:26:02 Driver Booster : AMD High Definition Audio Device
15-05-2015 23:15:56 Software Removal Tool
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0091F4CA-034E-4604-B5FF-80AAC9320782} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {21E3E29C-E512-4C98-A90B-811678578D2E} - System32\Tasks\{15E9BB29-D3C9-4E7F-A4E6-E79B754ED583} => pcalua.exe -a "C:\D drive data\Games\AOE Conquerors\age2upa.exe" -d "C:\D drive data\Games\AOE Conquerors"
Task: {499370D1-4FCE-4D5F-9485-145F95A88F3D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4C6D3412-8AC7-4C38-8E31-7842B3E44FB2} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {4F19AD43-CBBA-4B1B-A89C-56D470B82439} - System32\Tasks\ASC8_SkipUac_Muneeb Khan Lodhi => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-04-09] (IObit)
Task: {51807BB2-7FBD-4A3C-9BDC-E99DC2718F7E} - System32\Tasks\launchspotflux => C:\Program Files (x86)\Spotflux\spotflux.exe [2014-01-21] ()
Task: {5E11588C-ADCC-41A9-96A6-03FE0C49F520} - System32\Tasks\{C25B728D-27ED-4FCE-BC81-F5652A1821E8} => pcalua.exe -a "C:\D drive data\Games\Age Of Empires 2 &amp; The Conquerors Expansion - Full Game\SETUPREG.EXE" -d "C:\D drive data\Games\Age Of Empires 2 &amp; The Conquerors Expansion - Full Game"
Task: {75203684-393F-4305-8E3A-777E5E849EFB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06] (Google Inc.)
Task: {8029C3F6-06F8-4FAB-A18E-CBFC5FBFFD66} - System32\Tasks\{8F7139A5-3408-45BC-A64E-672623AEA322} => pcalua.exe -a G:\aocsetup.exe -d G:\ -c /autorun
Task: {842C8930-F477-417A-AD8D-678092DCDB9D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-29] (CyberLink)
Task: {8C4417BD-F630-499D-BF04-ACAEBACCED52} - \Driver Booster Scan No Task File <==== ATTENTION
Task: {A0C6FA4E-CC45-418D-91BF-EB0E5102715B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-24] (Piriform Ltd)
Task: {A890C0CF-D5AE-4980-BCA2-2BB39748616B} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {AD89180E-985B-417B-A035-6070B79BA138} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06] (Google Inc.)
Task: {B4626FA9-8A95-4462-83B0-A95ADF723175} - \Driver Booster Update No Task File <==== ATTENTION
Task: {C00F1C2D-89BF-4AEA-9F08-F1B86CAD0C96} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-17] (Adobe Systems Incorporated)
Task: {C8C901D8-D4E6-4AA8-9FFC-13B4E6175968} - System32\Tasks\Uninstaller_SkipUac_Muneeb_Khan_Lodhi => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {D96F5CD0-8EBE-47CA-8505-C9C6EF5F643F} - \Driver Booster SkipUAC (Muneeb Khan Lodhi) No Task File <==== ATTENTION
Task: {F6C06142-D2CD-4360-804C-00A92293AB52} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-20] (AVAST Software)
Task: {F7412D54-49AC-4273-92E0-CF202B2BE78B} - System32\Tasks\{42074EA0-2F27-44EB-BAA2-CE6DE674B649} => pcalua.exe -a "C:\D drive data\Games\Age Of Empires 2 &amp; The Conquerors Expansion - Full Game\uninstall.exe" -d "C:\D drive data\Games\Age Of Empires 2 &amp; The Conquerors Expansion - Full Game"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-09-28 23:19 - 2011-09-28 23:19 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-03-15 10:35 - 2014-03-15 10:35 - 00555304 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2011-03-17 10:07 - 2011-03-17 10:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-21 01:23 - 2010-10-21 01:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-05-03 19:22 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2015-05-20 21:17 - 2015-05-20 21:17 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15051901\algo.dll
2015-05-03 18:19 - 2015-01-09 18:46 - 00517408 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\sqlite3.dll
2014-03-20 04:38 - 2014-03-20 04:38 - 00908584 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2014-03-21 01:04 - 2014-01-04 00:45 - 02927360 ____N () C:\Windows\wweb32.dll
2014-05-20 15:01 - 2014-05-20 15:01 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-05-03 19:23 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-05-03 19:23 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-05-03 19:23 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Muneeb Khan Lodhi\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 4.2.2.1 - 4.2.2.2
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Muneeb Khan Lodhi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LaunchU3.exe.lnk => C:\Windows\pss\LaunchU3.exe.lnk.Startup
MSCONFIG\startupreg: Ad Arrest => C:\Program Files (x86)\Ad Arrest IE Popup Killer\adarrest.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 6 => "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
MSCONFIG\startupreg: Advanced SystemCare 8 => "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: ConduitFloatingPlugin_giolhomkcooifelkdfpejhidfidaahlc => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3282698\plugins\TBVerifier.dll",RunConduitFloatingPlugin giolhomkcooifelkdfpejhidfidaahlc
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: RadioRage Search Scope Monitor => "C:\PROGRA~2\RADIOR~1\bar\1.bin\4jsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: VideoDownloadToolbar => "C:\Users\Muneeb Khan Lodhi\AppData\Roaming\VideoDownloadToolbar\VideoDownloadToolbar.exe" cmd=vdt_autorun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [{CD8B3301-C5E8-4319-8E9F-C73CCF354698}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AE0995DA-699D-4BE0-A7A0-E82020B5A25F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CB7CD860-C4B1-4657-8280-9CA7C4A3B131}] => (Allow) LPort=2869
FirewallRules: [{B94A7292-BCF5-4935-A648-AD9D6A09A6F5}] => (Allow) LPort=1900
FirewallRules: [{72EA8F5E-A93A-4465-878A-AC364C1794E0}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{0E65082C-A64C-4B66-9257-689BF538B64A}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{EFF791D3-8243-4912-8DD5-E4620AC6D597}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{E873CC54-F838-412E-A22F-55ED14C1C615}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{BEE06A59-437D-457C-AAAC-D4FF07193C92}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{BC4AA6AD-B763-4292-A151-D2C9D192DB9D}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{27327A2C-4A64-4216-9E8F-6133CBAF3B37}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [TCP Query User{49C882B5-5B6B-43F1-BFDE-C3C8CDA9B663}C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1.exe] => (Allow) C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1.exe
FirewallRules: [UDP Query User{625F29DD-EED7-4B97-8474-A012CCC86564}C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1.exe] => (Allow) C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1.exe
FirewallRules: [TCP Query User{39EAE9C0-6D4E-40F6-8BBA-654395712159}C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1\age2_x1.exe] => (Allow) C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{79898DF5-9520-4371-B552-BA3DACD7D267}C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1\age2_x1.exe] => (Allow) C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1\age2_x1.exe
FirewallRules: [{A577B8D2-256E-4A19-8D36-6CD2C4D8A155}] => (Allow) C:\Users\Muneeb Khan Lodhi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E3EDE0C3-CC0A-4CAC-AC61-FD662C1683FB}] => (Allow) C:\Users\Muneeb Khan Lodhi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{103D5D20-4163-49A2-833D-2BD55EF321A1}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [TCP Query User{776DFA62-4F5E-41C6-A184-E0B95A9818CE}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{4D81310F-BFB8-483F-84EB-5030233D04C9}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{E7BC5588-BDA4-46D6-9CA6-D88F818A5C06}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [TCP Query User{4253A92D-E492-4880-92CF-F7B3E522802F}C:\d drive data\games\aoe conquerors\age2_x1.exe] => (Allow) C:\d drive data\games\aoe conquerors\age2_x1.exe
FirewallRules: [UDP Query User{DD1635AB-5534-4285-86A8-CA3DD4557EDD}C:\d drive data\games\aoe conquerors\age2_x1.exe] => (Allow) C:\d drive data\games\aoe conquerors\age2_x1.exe
FirewallRules: [{967567C5-AE00-4CCD-9796-F17A05709AC9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CF5DF66D-65EB-4B53-812D-4E7C4BD08C15}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{9F98BDFB-F683-42DD-A90D-99BC0C538838}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{29707835-1367-4AF4-8CFB-85258DDB2EE4}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{463D4FE8-2265-447E-9273-C5F8B5791CED}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{811A13AF-BB51-446E-B5CC-B0C8EC620D3C}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{3B70B559-ABB7-45C8-9779-BC41419E5EB1}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{A6C021BB-7E13-4A41-B935-72D3C2F99373}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{7C44C4C5-8BBD-454F-B2E3-49EF95F95E7B}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/20/2015 10:50:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2015 10:28:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2015 09:57:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 4.2.0.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1504
 
Start Time: 01d092f215c053a9
 
Termination Time: 23
 
Application Path: C:\Users\Muneeb Khan Lodhi\Desktop\AdwCleaner.exe
 
Report Id:
 
Error: (05/20/2015 09:18:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2015 07:51:56 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (05/19/2015 08:11:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/19/2015 07:56:20 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (05/19/2015 07:56:20 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (05/18/2015 08:26:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: bcryptprimitives.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c4f0
Exception code: 0xc0000005
Fault offset: 0x0000000000007a94
Faulting process id: 0xd70
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (05/18/2015 07:50:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (05/20/2015 10:49:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (05/20/2015 10:36:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/20/2015 10:36:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/20/2015 10:36:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Spotflux Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/20/2015 10:36:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IconMan_R service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/20/2015 10:36:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Hotspot Shield Monitoring Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/20/2015 10:36:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HPWMISVC service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/20/2015 10:36:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Quick Synchronization Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/20/2015 10:36:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/20/2015 10:36:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (05/20/2015 10:50:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2015 10:28:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2015 09:57:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AdwCleaner.exe4.2.0.4150401d092f215c053a923C:\Users\Muneeb Khan Lodhi\Desktop\AdwCleaner.exe
 
Error: (05/20/2015 09:18:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2015 07:51:56 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (05/19/2015 08:11:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/19/2015 07:56:20 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (05/19/2015 07:56:20 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (05/18/2015 08:26:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4bcryptprimitives.dll6.1.7601.175144ce7c4f0c00000050000000000007a94d7001d0914ffe21ca0eC:\Windows\Explorer.EXEC:\Windows\system32\bcryptprimitives.dll5768dd62-fd48-11e4-b93e-a0b3cc6a6f9f
 
Error: (05/18/2015 07:50:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: AMD E2-3000M APU with Radeon™ HD Graphics
Percentage of memory in use: 35%
Total physical RAM: 3561.41 MB
Available physical RAM: 2298.11 MB
Total Pagefile: 7120.99 MB
Available Pagefile: 5606.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:441.79 GB) (Free:172.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:19.81 GB) (Free:2.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BBEEB5FC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End Of Log ============================

  • 0

#8
micalparkz

micalparkz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts

FRST is about 4mb.

 

I have attached the file as last time due to huge size I could not copy paste.

 

I will try pasting in next post if chrome lets me do it.Attached File  FRST.txt   3.96MB   337 downloads


  • 0

#9
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

If the FRST.txt file is still too big to post, please upload to a service such as SendSpace and then just provide me the link. Thanks.


  • 0

#10
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Attaching is preferred when the file is that large so thank you.


  • 0

Advertisements


#11
micalparkz

micalparkz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts

download link for FRST

https://www.sendspace.com/file/xtenho

 

Many Thanks :)


  • 0

#12
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thanks for the info. Let's continue.

 

Step#1 - Warnings
The Dangers of P2P Programs
IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.
 
Here are some information sources about the dangers of P2P programs:
FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers
 
I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.
 
It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.
 
Please uninstall the following Peer-to-Peer program(s): Tixati

 

CCleaner

I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.
http://www.bleepingc...s/#entry2853053
http://miekiemoes.bl...weaking_13.html

 

Windows Sidebar/Gadgets
I see that you use the Windows Sidebar with Gadgets. Microsoft deems these as a security vulnerability and recommends that they are disabled. Unless you have good reason not to, please download and install the Microsoft Fix-It from here. Note: Please ensure you reboot when prompted. If you don't and continue this could leave your machine in an unstable state.

 

Uninstalls

I see you have the following programs from IOBit installed. The vendor is untrustworthy and deemed a rogue within the Anti-Malware community as a whole. I also see that Advanced SystemCare 8 is causing issues from your event log. I've also had a machine that would crash because of Smart Defrag. It's up to you but I highly suggest that they be uninstalled.

 

Advanced SystemCare 8
Driver Booster 2.3
IObit Malware Fighter 3
IObit Uninstaller
Smart Defrag 4
Surfing Protection

 

Also, do you use Windows Live Essentials ? If not can you uninstall it as it is appears to be causing issues in Chrome. If you do use it then we may have to uninstall/reinstall. Let me know please.

 

 

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   3.25KB   327 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

 

Items for your next post

1. FRST Fix log

 


  • 0

#13
micalparkz

micalparkz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts

Many Thanks Brian.

 

 

Everything has been done and following is the log :

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-05-2015
Ran by Muneeb Khan Lodhi at 2015-05-21 20:57:19 Run:1
Running from C:\Users\Muneeb Khan Lodhi\Desktop
Loaded Profiles: Muneeb Khan Lodhi (Available profiles: Muneeb Khan Lodhi & fbwuser)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
Task: {8C4417BD-F630-499D-BF04-ACAEBACCED52} - \Driver Booster Scan No Task File <==== ATTENTION
Task: {B4626FA9-8A95-4462-83B0-A95ADF723175} - \Driver Booster Update No Task File <==== ATTENTION
Task: {D96F5CD0-8EBE-47CA-8505-C9C6EF5F643F} - \Driver Booster SkipUAC (Muneeb Khan Lodhi) No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\MountPoints2: {0b9dce3d-df46-11e2-876c-a0b3cc6a6f9f} - H:\TotalLock.exe
HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\MountPoints2: {3dc4fec7-55b6-11e3-a797-a0b3cc6a6f9f} - G:\aocsetup.exe /autorun
HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\MountPoints2: {47f3196b-4b00-11e3-9d96-a0b3cc6a6f9f} - H:\TotalLock.exe
HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\MountPoints2: {589452d6-6cc6-11e2-af8d-a0b3cc6a6f9f} - G:\SETUP.EXE
HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\MountPoints2: {a1fb54a9-1d21-11e3-a744-a0b3cc6a6f9f} - H:\TotalLock.exe
HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\MountPoints2: {e5550dae-58dd-11e3-940c-a0b3cc6a6f9f} - H:\Setup.exe /Auto
HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\MountPoints2: {ea3c9d21-1b96-11e3-b5c4-a0b3cc6a6f9f} - H:\LaunchU3.exe
HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\MountPoints2: {ea3c9d31-1b96-11e3-b5c4-a0b3cc6a6f9f} - H:\TotalLock.exe
CHR HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001 - (No Name) - {3c35ad63-af1d-4e21-b484-b6651a8efcf9} - No File
SearchScopes: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001 -> DefaultScope {E1AA69FC-FAEF-4C30-8A70-229B05AC4029} URL = http://search.condui...3422007152&UM=2
SearchScopes: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001 -> {E1AA69FC-FAEF-4C30-8A70-229B05AC4029} URL = http://search.condui...3422007152&UM=2
Toolbar: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin HKU\S-1-5-21-2238753014-2711977962-2677134643-1001: @tightropeinteractive.com/Plugin -> C:\Users\Muneeb Khan Lodhi\AppData\Local\TNT2\2.0.0.1627\npTNT2.dll No File
FF Plugin HKU\S-1-5-21-2238753014-2711977962-2677134643-1001: @tnt2ghost.com/Plugin -> C:\Users\Muneeb Khan Lodhi\AppData\Local\TNT2\2.0.0.1627\npTNT2ghost.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Muneeb Khan Lodhi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (npAPI Plugin) - C:\Users\Muneeb Khan Lodhi\AppData\Local\TNT2\2.0.0.1627\npTNT2.dll No File
CHR Plugin: (npAPI Ghost Plugin) - C:\Users\Muneeb Khan Lodhi\AppData\Local\TNT2\2.0.0.1627\npTNT2ghost.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
EmptyTemp:
 
 
*****************
 
Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C4417BD-F630-499D-BF04-ACAEBACCED52} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scan => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4626FA9-8A95-4462-83B0-A95ADF723175} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D96F5CD0-8EBE-47CA-8505-C9C6EF5F643F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D96F5CD0-8EBE-47CA-8505-C9C6EF5F643F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Muneeb Khan Lodhi)" => Key deleted successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value deleted successfully.
"HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b9dce3d-df46-11e2-876c-a0b3cc6a6f9f}" => Key deleted successfully.
HKCR\CLSID\{0b9dce3d-df46-11e2-876c-a0b3cc6a6f9f} => Key not found. 
"HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dc4fec7-55b6-11e3-a797-a0b3cc6a6f9f}" => Key deleted successfully.
HKCR\CLSID\{3dc4fec7-55b6-11e3-a797-a0b3cc6a6f9f} => Key not found. 
"HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47f3196b-4b00-11e3-9d96-a0b3cc6a6f9f}" => Key deleted successfully.
HKCR\CLSID\{47f3196b-4b00-11e3-9d96-a0b3cc6a6f9f} => Key not found. 
"HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{589452d6-6cc6-11e2-af8d-a0b3cc6a6f9f}" => Key deleted successfully.
HKCR\CLSID\{589452d6-6cc6-11e2-af8d-a0b3cc6a6f9f} => Key not found. 
"HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1fb54a9-1d21-11e3-a744-a0b3cc6a6f9f}" => Key deleted successfully.
HKCR\CLSID\{a1fb54a9-1d21-11e3-a744-a0b3cc6a6f9f} => Key not found. 
"HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5550dae-58dd-11e3-940c-a0b3cc6a6f9f}" => Key deleted successfully.
HKCR\CLSID\{e5550dae-58dd-11e3-940c-a0b3cc6a6f9f} => Key not found. 
"HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea3c9d21-1b96-11e3-b5c4-a0b3cc6a6f9f}" => Key deleted successfully.
HKCR\CLSID\{ea3c9d21-1b96-11e3-b5c4-a0b3cc6a6f9f} => Key not found. 
"HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea3c9d31-1b96-11e3-b5c4-a0b3cc6a6f9f}" => Key deleted successfully.
HKCR\CLSID\{ea3c9d31-1b96-11e3-b5c4-a0b3cc6a6f9f} => Key not found. 
"HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{3c35ad63-af1d-4e21-b484-b6651a8efcf9} => value deleted successfully.
HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1AA69FC-FAEF-4C30-8A70-229B05AC4029}" => Key deleted successfully.
HKCR\CLSID\{E1AA69FC-FAEF-4C30-8A70-229B05AC4029} => Key not found. 
HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
"HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\Software\MozillaPlugins\@tightropeinteractive.com/Plugin" => Key deleted successfully.
C:\Users\Muneeb Khan Lodhi\AppData\Local\TNT2\2.0.0.1627\npTNT2.dll not found.
"HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\Software\MozillaPlugins\@tnt2ghost.com/Plugin" => Key deleted successfully.
C:\Users\Muneeb Khan Lodhi\AppData\Local\TNT2\2.0.0.1627\npTNT2ghost.dll not found.
C:\Users\Muneeb Khan Lodhi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll not found.
C:\Users\Muneeb Khan Lodhi\AppData\Local\TNT2\2.0.0.1627\npTNT2.dll not found.
C:\Users\Muneeb Khan Lodhi\AppData\Local\TNT2\2.0.0.1627\npTNT2ghost.dll not found.
C:\Windows\SysWOW64\npDeployJava1.dll not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
EmptyTemp: => Removed 573.4 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 20:58:37 ====

  • 0

#14
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Excellent, thank you. Please do the following.

 

Step#1 - Malwarebytes Scan


  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator. Answer Yes when asked to Allow.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • ScanForRootkits.JPG
     
  • Click the Scan button at the top of the form and then click Start Scan button and let complete.
  • If malware was detected you can now click the Remove Selected Button. If no malware was detected you can skip the rest of these bullet items and go to the next step which is to retrieve the Malwarebytes log.
  • RemoveSelected.JPG
  • Once the malware is removed you may get a prompt asking you to reboot. Note: Please answer Yes.
  • Restart.JPG.

 
Step#2 - Retrieve Malwarebytes Log
1. Open up the Malwarebytes program again if it's not already. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Click on the most recent Scan Log as shown in the picture below.
ApplicationLog.JPG
 
5. The Scanning History Log screen will open. Click the Export button in the lower left and choose Copy to Clipboard. Paste the info into your next post (Right-click your mouse in the post and select Paste).
ScanningHistory.JPG

 

 

Step#3 - Security Check
 
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

 

Step#4 - Fresh Set of Logs
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post

1. Malwarebytes log

2. Security Check Log
3. FRST and Addition logs


  • 0

#15
micalparkz

micalparkz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts

Malwarebytes log

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 21/05/2015
Scan Time: 23:07:54
Logfile: 
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.21.02
Rootkit Database: v2015.05.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Muneeb Khan Lodhi
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 394408
Time Elapsed: 50 min, 21 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 4
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\DRAGDROP\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}, Quarantined, [3b0b118503874cea5760b732cd36758b], 
PUP.Optional.TNT.A, HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}, Quarantined, [84c2c8ce3258cc6a8685786245be30d0], 
PUP.Optional.TNT.A, HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8142C61B-F3D1-4394-A704-7F990826454D}, Quarantined, [f5513c5af793ce682fddd1093dc69967], 
PUP.Optional.Mindspark.A, HKU\S-1-5-21-2238753014-2711977962-2677134643-1007\SOFTWARE\APPDATALOW\SOFTWARE\RadioRage_4j, Quarantined, [e165781e2f5b72c4c09a27ea887cea16], 
 
Registry Values: 2
PUP.Optional.TNT.A, HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}|AppName, TNT2User.exe, Quarantined, [84c2c8ce3258cc6a8685786245be30d0]
PUP.Optional.TNT.A, HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8142C61B-F3D1-4394-A704-7F990826454D}|OSDFileURL, file:///C:/Users/Muneeb Khan Lodhi/AppData/Local/TNT2/Profiles/10583/yah10583.xml, Quarantined, [f5513c5af793ce682fddd1093dc69967]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0






Similar Topics


Also tagged with one or more of these keywords: chrome, infected, pop-up, processes, slow, streaming, browising

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP