Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop too slow - Google Chrome Infected [Solved]

chrome infected pop-up processes slow streaming browising

  • This topic is locked This topic is locked

#31
micalparkz

micalparkz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts

Thanks Brian.

 

I have reinstalled Chrome; the pop up used to appear randomly so I will see if it appears again.

 

Has the virus been removed from the system? I am only asking because when we did the Adware cleaner scan, we unchecked clean/remove threats. So I am wondering if viruses/issues have been removed?


  • 0

Advertisements


#32
micalparkz

micalparkz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts

Chrome is acting too slow, espcially while playing videos. At bottom left, it keep saying waiting for different website/cookie names maybe.

 

The streaming is too slow and not smooth.

 

I am wondering if the adware/spyware got removed or I missed anything?


  • 0

#33
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

we unchecked clean/remove threats

 

 

You unchecked items?


  • 0

#34
micalparkz

micalparkz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts

Hi Brian

 

 

I got the pop up again (attached)

 

Chrome is still slow :(

Attached Thumbnails

  • 1a.JPG

  • 0

#35
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

You didn't answer my previous question. Refer to Post#33.


  • 0

#36
micalparkz

micalparkz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts

Hi Brian,

 

I am referring to the step 7 as below :

 

"Make sure remove threats is not checked"

Attached Thumbnails

  • 1b.JPG

  • 0

#37
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK, that's the ESET scan, not the Adwcleaner scan so that makes sense. You had mentioned that you did this on the Adwcleaner scan so I was concerned.

 

I am only asking because when we did the Adware cleaner scan, we unchecked clean/remove threats.

 

 

Let's do two things. Please provide a fresh set of logs and I'm going to have you disable any extensions that you don't use in Chrome.

 

Step#1 - Fresh Set of Logs
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.

 

Step#2 - Remove Chrome Extensions
 1. You have a Chrome Extensions that you likely don't use and can be removed. Please follow the steps below to manually delete these.
2. Click the Chrome menu Settings.JPG on the browser toolbar.
3. Click Tools.
4. Select Extensions.
5. Click the trash can icon Trash.JPGby the extension you'd like to completely remove.
6. A confirmation dialog appears, click Remove.


  • 0

#38
micalparkz

micalparkz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts

I have deleted all extension on google chrome now.

 

logs as below

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-05-2015
Ran by Muneeb Khan Lodhi (administrator) on MUNEEBKHANLODHI on 25-05-2015 15:01:52
Running from C:\Users\Muneeb Khan Lodhi\Desktop
Loaded Profiles: Muneeb Khan Lodhi (Available profiles: Muneeb Khan Lodhi & fbwuser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft) C:\Program Files (x86)\Spotflux\services\SpotfluxUpdateService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM-x32\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-28] (IDT, Inc.)
HKLM-x32\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-16] (EasyBits Software AS)
HKLM-x32\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-02] (Google)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-14] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-05-02] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-09] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [77056 2013-05-17] (WordWeb Software)
HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31276160 2015-04-17] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-05-20] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quranexpl...&TajweedRules=1
HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?PC=AV01
SearchScopes: HKLM -> {6CFE476D-5A9B-4DA2-9845-BBB998B54DB2} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {6CFE476D-5A9B-4DA2-9845-BBB998B54DB2} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001 -> {6CFE476D-5A9B-4DA2-9845-BBB998B54DB2} URL = 
SearchScopes: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-05-20] (AVAST Software)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-05-20] (AVAST Software)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-10-15] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 211.29.132.12 198.142.0.51 198.142.235.14
Tcpip\..\Interfaces\{94A4D621-663F-45D3-8D5E-388172431E81}: [NameServer] 4.2.2.1,4.2.2.2,44.105.12.1
Tcpip\..\Interfaces\{C7049B33-2BB1-4367-9574-7E85289B4008}: [NameServer] 8.8.8.8
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-11-18]
FF HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2014-03-21]
 
Chrome: 
=======
CHR Profile: C:\Users\Muneeb Khan Lodhi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Muneeb Khan Lodhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-24]
CHR Extension: (Google Docs) - C:\Users\Muneeb Khan Lodhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-24]
CHR Extension: (Google Drive) - C:\Users\Muneeb Khan Lodhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-24]
CHR Extension: (YouTube) - C:\Users\Muneeb Khan Lodhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-24]
CHR Extension: (Google Search) - C:\Users\Muneeb Khan Lodhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-24]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Muneeb Khan Lodhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-05-24]
CHR Extension: (Google Sheets) - C:\Users\Muneeb Khan Lodhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-24]
CHR Extension: (Bookmark Manager) - C:\Users\Muneeb Khan Lodhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Muneeb Khan Lodhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-24]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Muneeb Khan Lodhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-05-24]
CHR Extension: (Google Wallet) - C:\Users\Muneeb Khan Lodhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-24]
CHR Extension: (Gmail) - C:\Users\Muneeb Khan Lodhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-24]
CHR HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-05-02]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-20] (AVAST Software)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-24] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-03-20] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [555304 2014-03-15] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-29] (Realsil Microelectronics Inc.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SpotfluxUpdateService; C:\Program Files (x86)\Spotflux\services\SpotfluxUpdateService.exe [28160 2014-01-21] (Microsoft) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-20] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-20] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-26] (Disc Soft Ltd)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [54984 2014-03-20] (AnchorFree Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-05-03] (REALiX™)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-03-20] (Anchorfree Inc.)
R3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2014-01-21] (Spotflux, Inc.)
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 Generalusbserialser20679; system32\DRIVERS\CT_U_USBSER.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-25 15:01 - 2015-05-25 15:06 - 00022183 _____ () C:\Users\Muneeb Khan Lodhi\Desktop\FRST.txt
2015-05-24 22:41 - 2015-05-24 22:41 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-24 22:41 - 2015-05-24 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-24 22:29 - 2015-05-24 22:29 - 00191641 _____ () C:\Users\Muneeb Khan Lodhi\Documents\bookmarks_5_24_15.html
2015-05-24 19:57 - 2015-05-24 19:57 - 00000000 __SHD () C:\Users\Muneeb Khan Lodhi\AppData\Local\EmieUserList
2015-05-24 19:57 - 2015-05-24 19:57 - 00000000 __SHD () C:\Users\Muneeb Khan Lodhi\AppData\Local\EmieSiteList
2015-05-24 19:57 - 2015-05-24 19:57 - 00000000 __SHD () C:\Users\Muneeb Khan Lodhi\AppData\Local\EmieBrowserModeList
2015-05-24 16:26 - 2015-05-24 16:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-24 15:14 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-05-24 14:41 - 2015-05-24 14:41 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-24 14:41 - 2015-05-24 14:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-24 14:41 - 2015-05-24 14:41 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-24 14:41 - 2015-05-24 14:41 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-24 14:41 - 2015-05-24 14:41 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-24 14:41 - 2015-05-24 14:41 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-24 14:41 - 2015-05-24 14:41 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-05-24 14:41 - 2015-05-24 14:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-05-24 14:41 - 2015-05-24 14:41 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-24 14:41 - 2015-05-24 14:41 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-24 14:41 - 2015-05-24 14:41 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-05-24 14:41 - 2015-05-24 14:41 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-05-24 14:41 - 2015-05-24 14:41 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-24 14:41 - 2015-05-24 14:41 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-05-24 14:41 - 2015-05-24 14:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-05-24 14:41 - 2015-05-24 14:41 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-24 14:41 - 2015-05-24 14:41 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-24 14:41 - 2015-05-24 14:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-05-24 14:41 - 2015-05-24 14:41 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-05-24 14:41 - 2015-05-24 14:41 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-05-24 14:41 - 2015-05-24 14:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-05-24 14:41 - 2015-05-24 14:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-05-24 14:41 - 2015-05-24 14:41 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-05-24 14:41 - 2015-05-24 14:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-05-24 14:41 - 2015-05-24 14:41 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-24 14:41 - 2015-05-24 14:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-05-24 14:41 - 2015-05-24 14:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-24 14:41 - 2015-05-24 14:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-05-24 14:41 - 2015-05-24 14:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-24 14:16 - 2015-05-24 15:15 - 00008138 _____ () C:\Windows\IE11_main.log
2015-05-24 14:14 - 2015-05-24 14:16 - 55915216 _____ (Microsoft Corporation) C:\Users\Muneeb Khan Lodhi\Downloads\IE11-Windows6.1-x64-en-us.exe
2015-05-23 11:32 - 2015-05-23 11:32 - 02347384 _____ (ESET) C:\Users\Muneeb Khan Lodhi\Desktop\esetsmartinstaller_enu.exe
2015-05-22 19:45 - 2015-05-22 19:46 - 00000000 ____D () C:\Users\Muneeb Khan Lodhi\Desktop\Sep 2015 Pak visit
2015-05-22 19:17 - 2015-05-22 19:18 - 00852639 _____ () C:\Users\Muneeb Khan Lodhi\Desktop\SecurityCheck.exe
2015-05-21 23:06 - 2015-05-22 19:15 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-21 23:06 - 2015-05-21 23:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-21 23:06 - 2015-05-21 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-21 23:05 - 2015-05-21 23:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-21 23:05 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-21 23:05 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-21 23:05 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-21 23:04 - 2015-05-21 23:04 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Muneeb Khan Lodhi\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-21 20:22 - 2015-05-21 20:23 - 00984576 _____ () C:\Users\Muneeb Khan Lodhi\Downloads\MicrosoftFixit50906.msi
2015-05-20 22:51 - 2015-05-22 19:27 - 02108416 _____ (Farbar) C:\Users\Muneeb Khan Lodhi\Desktop\FRST64.exe
2015-05-20 22:51 - 2015-05-22 19:27 - 00000000 ____D () C:\Users\Muneeb Khan Lodhi\Desktop\FRST-OlderVersion
2015-05-20 22:46 - 2015-05-20 22:46 - 00011017 _____ () C:\Users\Muneeb Khan Lodhi\Desktop\JRT.txt
2015-05-20 22:35 - 2015-05-20 22:35 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MUNEEBKHANLODHI-Windows-7-Home-Premium-(64-bit).dat
2015-05-20 22:35 - 2015-05-20 22:35 - 00000000 ____D () C:\RegBackup
2015-05-20 22:32 - 2015-05-20 22:34 - 02720149 _____ (Thisisu) C:\Users\Muneeb Khan Lodhi\Desktop\JRT.exe
2015-05-20 21:43 - 2015-05-20 22:25 - 00000000 ____D () C:\AdwCleaner
2015-05-20 21:40 - 2015-05-20 21:40 - 02209792 _____ () C:\Users\Muneeb Khan Lodhi\Desktop\AdwCleaner.exe
2015-05-18 20:36 - 2015-05-25 15:02 - 00000000 ____D () C:\FRST
2015-05-18 20:35 - 2015-05-20 22:51 - 00000000 ____D () C:\Users\Muneeb Khan Lodhi\Desktop\Malware Removal Geekstogo
2015-05-17 14:39 - 2015-05-17 14:40 - 00000000 ___HD () C:\Windows\AxInstSV
2015-05-14 21:41 - 2015-05-14 21:41 - 00003216 _____ () C:\Windows\System32\Tasks\{15E9BB29-D3C9-4E7F-A4E6-E79B754ED583}
2015-05-14 21:01 - 2015-05-24 15:17 - 00004684 _____ () C:\Windows\PFRO.log
2015-05-13 21:15 - 2015-05-13 22:39 - 00000000 ____D () C:\Users\Muneeb Khan Lodhi\Desktop\AOE Conqu
2015-05-13 19:32 - 2015-05-24 22:34 - 00000952 _____ () C:\Windows\setupact.log
2015-05-13 19:32 - 2015-05-13 19:32 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-12 19:28 - 2015-05-24 15:15 - 00203221 _____ () C:\Windows\WindowsUpdate.log
2015-05-09 19:02 - 2015-05-09 19:02 - 00002828 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-05-09 19:01 - 2015-05-09 19:02 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-09 19:01 - 2015-05-09 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-09 18:59 - 2015-05-09 19:00 - 06484352 _____ (Piriform Ltd) C:\Users\Muneeb Khan Lodhi\Downloads\ccsetup505.exe
2015-05-07 21:08 - 2015-05-07 21:08 - 00007605 _____ () C:\Users\Muneeb Khan Lodhi\AppData\Local\Resmon.ResmonCfg
2015-05-03 19:33 - 2015-05-03 19:33 - 00083656 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_sata.sys
2015-05-03 19:33 - 2015-05-03 19:33 - 00043720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_xata.sys
2015-05-03 19:29 - 2015-05-03 19:29 - 00110080 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2015-05-03 19:29 - 2015-05-03 19:29 - 00094720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2015-05-03 19:20 - 2015-05-03 19:20 - 00026528 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-25 15:03 - 2013-01-27 13:28 - 00000000 ____D () C:\Users\Muneeb Khan Lodhi\AppData\Roaming\Skype
2015-05-25 14:46 - 2013-07-06 23:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-25 14:10 - 2013-01-26 09:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-25 05:46 - 2013-07-06 23:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-25 04:09 - 2013-01-26 04:50 - 00004002 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{59DEE8B0-3AF2-4D7E-BEC0-A3B0537DDE08}
2015-05-24 22:42 - 2009-07-14 14:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-24 22:42 - 2009-07-14 14:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-24 22:41 - 2013-01-26 09:11 - 00000000 ____D () C:\Users\Muneeb Khan Lodhi\AppData\Local\Google
2015-05-24 22:41 - 2013-01-26 09:11 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-24 22:37 - 2014-05-23 17:44 - 00000000 ___RD () C:\Users\Muneeb Khan Lodhi\Google Drive
2015-05-24 22:35 - 2013-01-26 08:47 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-24 22:34 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-24 19:52 - 2013-01-26 11:11 - 00346624 _____ () C:\Users\Muneeb Khan Lodhi\Documents\awein.xls
2015-05-24 16:50 - 2013-01-26 08:42 - 00000000 ____D () C:\Users\Muneeb Khan Lodhi\AppData\Roaming\Adobe
2015-05-24 16:49 - 2014-08-17 22:26 - 00000000 ____D () C:\Users\Muneeb Khan Lodhi\AppData\Local\Adobe
2015-05-24 16:28 - 2014-12-24 17:30 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-24 16:25 - 2011-10-15 16:25 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-24 16:24 - 2011-10-15 16:25 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-24 16:01 - 2013-01-26 04:50 - 00001417 _____ () C:\Users\Muneeb Khan Lodhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-24 15:18 - 2007-01-02 11:25 - 00000000 ____D () C:\Windows\Panther
2015-05-24 15:15 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-24 14:57 - 2013-11-18 09:39 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-05-24 14:57 - 2013-11-18 09:39 - 00002210 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-05-24 14:57 - 2013-11-18 09:39 - 00002049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-05-24 14:45 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\servicing
2015-05-23 22:28 - 2013-01-26 19:10 - 00000000 ____D () C:\Users\Muneeb Khan Lodhi\AppData\Local\CrashDumps
2015-05-23 03:23 - 2011-10-15 16:22 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-05-23 03:22 - 2009-07-14 13:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-23 03:21 - 2011-10-15 16:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-05-21 23:05 - 2013-03-19 06:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-21 21:38 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-21 21:12 - 2011-10-15 16:21 - 00000000 ____D () C:\ProgramData\Skype
2015-05-21 20:49 - 2013-04-08 00:51 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-05-21 07:21 - 2015-03-20 23:19 - 00002942 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Muneeb_Khan_Lodhi
2015-05-18 19:50 - 2014-07-25 21:43 - 00000000 ____D () C:\ProgramData\ProductData
2015-05-17 14:42 - 2013-01-26 09:05 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-17 14:42 - 2013-01-26 09:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-17 14:42 - 2011-10-15 16:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-16 12:22 - 2013-05-21 07:18 - 00000000 ____D () C:\Users\Muneeb Khan Lodhi\Documents\Imp Data & People
2015-05-16 05:41 - 2013-07-06 23:23 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 05:41 - 2013-07-06 23:23 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-13 21:19 - 2011-10-15 16:21 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2015-05-10 19:59 - 2013-01-26 11:11 - 00000000 ____D () C:\Users\Muneeb Khan Lodhi\Documents\Books & Learning
2015-05-10 00:21 - 2013-01-26 11:28 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer
2015-05-10 00:21 - 2013-01-26 11:11 - 00001039 _____ () C:\Users\Muneeb Khan Lodhi\Desktop\KMPlayer.lnk
2015-05-09 19:04 - 2013-02-25 04:33 - 00000000 ____D () C:\Users\Muneeb Khan Lodhi\AppData\Roaming\PhotoScape
2015-05-08 20:47 - 2014-05-23 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-07 20:51 - 2009-07-14 15:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-03 19:23 - 2014-07-25 21:44 - 00000000 ____D () C:\Users\Muneeb Khan Lodhi\AppData\Roaming\ProductData
2015-05-03 19:22 - 2013-04-08 00:51 - 00000000 ____D () C:\Users\Muneeb Khan Lodhi\AppData\Roaming\IObit
2015-05-03 19:20 - 2013-04-08 00:51 - 00000000 ____D () C:\ProgramData\IObit
2015-04-26 06:05 - 2013-01-26 11:11 - 00000000 ____D () C:\Users\Muneeb Khan Lodhi\Desktop\IK latest
2015-04-26 00:29 - 2009-07-14 15:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
 
==================== Files in the root of some directories =======
 
2015-05-07 21:08 - 2015-05-07 21:08 - 0007605 _____ () C:\Users\Muneeb Khan Lodhi\AppData\Local\Resmon.ResmonCfg
2014-09-18 10:58 - 2014-09-18 10:58 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
C:\Users\Muneeb Khan Lodhi\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-04 00:29
 
==================== End of log ============================

  • 0

#39
micalparkz

micalparkz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by Muneeb Khan Lodhi at 2015-05-25 15:07:54
Running from C:\Users\Muneeb Khan Lodhi\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2238753014-2711977962-2677134643-500 - Administrator - Disabled)
fbwuser (S-1-5-21-2238753014-2711977962-2677134643-1007 - Limited - Disabled) => C:\Users\fbwuser
Guest (S-1-5-21-2238753014-2711977962-2677134643-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2238753014-2711977962-2677134643-1006 - Limited - Enabled)
Muneeb Khan Lodhi (S-1-5-21-2238753014-2711977962-2677134643-1001 - Administrator - Enabled) => C:\Users\Muneeb Khan Lodhi
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.11 - Adobe Systems)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{ACD449FA-9DF3-779D-DA68-11D486963225}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto Vice City (HKLM-x32\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
Hotspot Shield 3.25 (HKLM-x32\...\HotspotShield) (Version: 3.25 - AnchorFree Inc.)
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Documentation (HKLM-x32\...\{3D5C7E0E-AEC0-40EB-99D3-C40469738040}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{562608FE-2051-4488-BF22-8CE4C03046AC}) (Version: 1.0.12 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.135 - PandoraTV)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Pandora Service (HKLM-x32\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version:  - Pandora.TV) <==== ATTENTION
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Spotflux (HKLM-x32\...\Spotflux) (Version: 2.9.20 - Spotflux)
SteadyVideoIE (HKLM-x32\...\{40A03BEA-447B-4B3B-8AA0-6C4160C4D4DC}) (Version: 1.0.0 - AMD)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
U3Launcher (HKLM-x32\...\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}) (Version: 1.0.0 - U3)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
YouTube Free Downloader (HKLM-x32\...\YouTube Free Downloader) (Version: 4.3.1 - YouTubeFreeDownloader)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
15-05-2015 23:15:56 Software Removal Tool
21-05-2015 20:24:28 Installed Microsoft Fix it 50906
21-05-2015 20:57:24 Restore Point Created by FRST
23-05-2015 03:14:55 Windows Live Essentials
23-05-2015 03:16:39 WLSetup
24-05-2015 14:15:29 Removed Adobe Reader X (10.1.13) MUI.
24-05-2015 14:39:49 Windows Modules Installer
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0091F4CA-034E-4604-B5FF-80AAC9320782} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {21E3E29C-E512-4C98-A90B-811678578D2E} - System32\Tasks\{15E9BB29-D3C9-4E7F-A4E6-E79B754ED583} => pcalua.exe -a "C:\D drive data\Games\AOE Conquerors\age2upa.exe" -d "C:\D drive data\Games\AOE Conquerors"
Task: {4C6D3412-8AC7-4C38-8E31-7842B3E44FB2} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {51807BB2-7FBD-4A3C-9BDC-E99DC2718F7E} - System32\Tasks\launchspotflux => C:\Program Files (x86)\Spotflux\spotflux.exe [2014-01-21] ()
Task: {5A29344C-9EEC-48D5-AC7F-E82BE78D9589} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {5E11588C-ADCC-41A9-96A6-03FE0C49F520} - System32\Tasks\{C25B728D-27ED-4FCE-BC81-F5652A1821E8} => pcalua.exe -a "C:\D drive data\Games\Age Of Empires 2 &amp; The Conquerors Expansion - Full Game\SETUPREG.EXE" -d "C:\D drive data\Games\Age Of Empires 2 &amp; The Conquerors Expansion - Full Game"
Task: {75203684-393F-4305-8E3A-777E5E849EFB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06] (Google Inc.)
Task: {8029C3F6-06F8-4FAB-A18E-CBFC5FBFFD66} - System32\Tasks\{8F7139A5-3408-45BC-A64E-672623AEA322} => pcalua.exe -a G:\aocsetup.exe -d G:\ -c /autorun
Task: {842C8930-F477-417A-AD8D-678092DCDB9D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-29] (CyberLink)
Task: {849265F4-336A-413C-BBDD-284416D13FA4} - System32\Tasks\Uninstaller_SkipUac_Muneeb_Khan_Lodhi => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {A0C6FA4E-CC45-418D-91BF-EB0E5102715B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-24] (Piriform Ltd)
Task: {AD89180E-985B-417B-A035-6070B79BA138} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06] (Google Inc.)
Task: {C00F1C2D-89BF-4AEA-9F08-F1B86CAD0C96} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-17] (Adobe Systems Incorporated)
Task: {F6C06142-D2CD-4360-804C-00A92293AB52} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-20] (AVAST Software)
Task: {F7412D54-49AC-4273-92E0-CF202B2BE78B} - System32\Tasks\{42074EA0-2F27-44EB-BAA2-CE6DE674B649} => pcalua.exe -a "C:\D drive data\Games\Age Of Empires 2 &amp; The Conquerors Expansion - Full Game\uninstall.exe" -d "C:\D drive data\Games\Age Of Empires 2 &amp; The Conquerors Expansion - Full Game"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-09-28 23:19 - 2011-09-28 23:19 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-03-15 10:35 - 2014-03-15 10:35 - 00555304 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2011-03-17 10:07 - 2011-03-17 10:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-21 01:23 - 2010-10-21 01:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-05-24 02:39 - 2015-05-24 02:39 - 02931200 _____ () C:\Program Files\AVAST Software\Avast\defs\15052302\algo.dll
2015-05-24 22:35 - 2015-05-24 22:35 - 02931200 _____ () C:\Program Files\AVAST Software\Avast\defs\15052400\algo.dll
2015-05-25 06:38 - 2015-05-25 06:38 - 02931200 _____ () C:\Program Files\AVAST Software\Avast\defs\15052401\algo.dll
2014-03-20 04:38 - 2014-03-20 04:38 - 00908584 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2014-03-21 01:04 - 2014-01-04 00:45 - 02927360 ____N () C:\Windows\wweb32.dll
2014-03-21 01:04 - 2013-05-21 02:32 - 00581480 ____N () C:\Program Files (x86)\WordWeb\wwextdb.dll
2011-03-17 10:11 - 2011-03-17 10:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-21 01:45 - 2010-10-21 01:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-20 15:01 - 2014-05-20 15:01 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-05-24 22:41 - 2015-05-14 02:48 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
2015-05-24 22:41 - 2015-05-14 02:48 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll
2015-05-24 22:41 - 2015-05-14 02:48 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2238753014-2711977962-2677134643-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Muneeb Khan Lodhi\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 4.2.2.1 - 4.2.2.2
 
==================== MSCONFIG/TASK MANAGER Error getting ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Muneeb Khan Lodhi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LaunchU3.exe.lnk => C:\Windows\pss\LaunchU3.exe.lnk.Startup
MSCONFIG\startupreg: Ad Arrest => C:\Program Files (x86)\Ad Arrest IE Popup Killer\adarrest.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 6 => "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
MSCONFIG\startupreg: Advanced SystemCare 8 => "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: ConduitFloatingPlugin_giolhomkcooifelkdfpejhidfidaahlc => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3282698\plugins\TBVerifier.dll",RunConduitFloatingPlugin giolhomkcooifelkdfpejhidfidaahlc
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: RadioRage Search Scope Monitor => "C:\PROGRA~2\RADIOR~1\bar\1.bin\4jsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: VideoDownloadToolbar => "C:\Users\Muneeb Khan Lodhi\AppData\Roaming\VideoDownloadToolbar\VideoDownloadToolbar.exe" cmd=vdt_autorun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CD8B3301-C5E8-4319-8E9F-C73CCF354698}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0E65082C-A64C-4B66-9257-689BF538B64A}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{EFF791D3-8243-4912-8DD5-E4620AC6D597}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{E873CC54-F838-412E-A22F-55ED14C1C615}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{BEE06A59-437D-457C-AAAC-D4FF07193C92}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{BC4AA6AD-B763-4292-A151-D2C9D192DB9D}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{27327A2C-4A64-4216-9E8F-6133CBAF3B37}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [TCP Query User{49C882B5-5B6B-43F1-BFDE-C3C8CDA9B663}C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1.exe] => (Allow) C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1.exe
FirewallRules: [UDP Query User{625F29DD-EED7-4B97-8474-A012CCC86564}C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1.exe] => (Allow) C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1.exe
FirewallRules: [TCP Query User{39EAE9C0-6D4E-40F6-8BBA-654395712159}C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1\age2_x1.exe] => (Allow) C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{79898DF5-9520-4371-B552-BA3DACD7D267}C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1\age2_x1.exe] => (Allow) C:\d drive data\games\age of empires 2 & the conquerors expansion - full game\age2_x1\age2_x1.exe
FirewallRules: [{A577B8D2-256E-4A19-8D36-6CD2C4D8A155}] => (Allow) C:\Users\Muneeb Khan Lodhi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E3EDE0C3-CC0A-4CAC-AC61-FD662C1683FB}] => (Allow) C:\Users\Muneeb Khan Lodhi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{103D5D20-4163-49A2-833D-2BD55EF321A1}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{E7BC5588-BDA4-46D6-9CA6-D88F818A5C06}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [TCP Query User{4253A92D-E492-4880-92CF-F7B3E522802F}C:\d drive data\games\aoe conquerors\age2_x1.exe] => (Allow) C:\d drive data\games\aoe conquerors\age2_x1.exe
FirewallRules: [UDP Query User{DD1635AB-5534-4285-86A8-CA3DD4557EDD}C:\d drive data\games\aoe conquerors\age2_x1.exe] => (Allow) C:\d drive data\games\aoe conquerors\age2_x1.exe
FirewallRules: [{CF5DF66D-65EB-4B53-812D-4E7C4BD08C15}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{9F98BDFB-F683-42DD-A90D-99BC0C538838}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{29707835-1367-4AF4-8CFB-85258DDB2EE4}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{463D4FE8-2265-447E-9273-C5F8B5791CED}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{811A13AF-BB51-446E-B5CC-B0C8EC620D3C}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{3B70B559-ABB7-45C8-9779-BC41419E5EB1}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{A6C021BB-7E13-4A41-B935-72D3C2F99373}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{7C44C4C5-8BBD-454F-B2E3-49EF95F95E7B}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{ABA09CED-F0E9-4F5B-9AD3-00C0DCB18615}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/24/2015 10:36:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/24/2015 08:32:16 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (05/24/2015 08:31:38 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (05/24/2015 04:50:22 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (05/24/2015 03:19:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/23/2015 10:27:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 7.4.73.102, time stamp: 0x55310e50
Faulting module name: Skype.exe, version: 7.4.73.102, time stamp: 0x55310e50
Exception code: 0xc0000417
Fault offset: 0x00e1e194
Faulting process id: 0xdd8
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3
 
Error: (05/23/2015 11:32:47 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (05/23/2015 11:32:42 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (05/23/2015 11:32:42 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (05/23/2015 11:32:13 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (05/24/2015 10:58:50 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer THINKPAD-THINK
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{94A4D621-663F-45D3-8D5E-388172431E81}.
The master browser is stopping or an election is being forced.
 
Error: (05/24/2015 10:53:34 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.0.23.
The computer with the IP address 192.168.0.41 did not allow the name to be claimed by
this computer.
 
Error: (05/24/2015 10:34:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (05/24/2015 03:18:01 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (05/23/2015 10:33:56 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (05/22/2015 06:36:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (05/21/2015 08:59:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (05/21/2015 08:59:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 20:58:26 on ‎21/‎05/‎2015 was unexpected.
 
Error: (05/21/2015 08:57:59 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (05/21/2015 08:49:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
 
Microsoft Office:
=========================
Error: (05/24/2015 10:36:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/24/2015 08:32:16 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (05/24/2015 08:31:38 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (05/24/2015 04:50:22 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (05/24/2015 03:19:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/23/2015 10:27:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe7.4.73.10255310e50Skype.exe7.4.73.10255310e50c000041700e1e194dd801d094f03c667df1C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exe230f577f-0147-11e5-8ddd-a0b3cc6a6f9f
 
Error: (05/23/2015 11:32:47 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Muneeb Khan Lodhi\Desktop\esetsmartinstaller_enu.exe
 
Error: (05/23/2015 11:32:42 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Muneeb Khan Lodhi\Desktop\esetsmartinstaller_enu.exe
 
Error: (05/23/2015 11:32:42 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Muneeb Khan Lodhi\Desktop\esetsmartinstaller_enu.exe
 
Error: (05/23/2015 11:32:13 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Muneeb Khan Lodhi\Desktop\esetsmartinstaller_enu.exe
 
 
==================== Memory info =========================== 
 
Processor: AMD E2-3000M APU with Radeon™ HD Graphics
Percentage of memory in use: 77%
Total physical RAM: 3561.41 MB
Available physical RAM: 790.86 MB
Total Pagefile: 7120.99 MB
Available Pagefile: 2828.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:441.79 GB) (Free:176.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:19.81 GB) (Free:2.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BBEEB5FC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End of log ============================

  • 0

#40
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thank you. Please do the following and let me know if your machine has any more issues.

 

Please uninstall the following two programs only if you don't use them.

 

KMPlayer
Pandora Service

 

 

FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   1.03KB   149 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.


  • 0

Advertisements


#41
micalparkz

micalparkz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts

Hi Brian

 

I use KM Player but I have uninstalled Pandora

 

Please see below for the log

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Muneeb Khan Lodhi at 2015-05-26 21:41:13 Run:4
Running from C:\Users\Muneeb Khan Lodhi\Desktop
Loaded Profiles: Muneeb Khan Lodhi (Available Profiles: Muneeb Khan Lodhi & fbwuser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
C:\Program Files (x86)\Conduit
C:\PROGRA~2\RADIOR~1
C:\Users\Muneeb Khan Lodhi\AppData\Roaming\VideoDownloadToolbar
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
FirewallRules: [{A577B8D2-256E-4A19-8D36-6CD2C4D8A155}] => (Allow) C:\Users\Muneeb Khan Lodhi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E3EDE0C3-CC0A-4CAC-AC61-FD662C1683FB}] => (Allow) C:\Users\Muneeb Khan Lodhi\AppData\Roaming\uTorrent\uTorrent.exe
CMD: ipconfig /flushdns 
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt 
CMD: ipconfig /release
CMD: ipconfig /renew 
EmptyTemp:
 
*****************
 
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => key Removed successfully
"HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => key Removed successfully
"C:\Program Files (x86)\Conduit" => File/Folder not found.
"C:\PROGRA~2\RADIOR~1" => File/Folder not found.
"C:\Users\Muneeb Khan Lodhi\AppData\Roaming\VideoDownloadToolbar" => File/Folder not found.
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A577B8D2-256E-4A19-8D36-6CD2C4D8A155} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E3EDE0C3-CC0A-4CAC-AC61-FD662C1683FB} => value Removed successfully
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection* 12 while it has its media disconnected.
No operation can be performed on Local Area Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::962:1fb4:d35f:59c9%13
   Default Gateway . . . . . . . . . : 
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
 
Tunnel adapter isatap.{94A4D621-663F-45D3-8D5E-388172431E81}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 9:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{CDEAE409-B10F-41F0-A048-2CF6A3216EDA}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection* 12 while it has its media disconnected.
No operation can be performed on Local Area Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection* 11 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::962:1fb4:d35f:59c9%13
   IPv4 Address. . . . . . . . . . . : 192.168.0.23
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
 
Tunnel adapter isatap.{94A4D621-663F-45D3-8D5E-388172431E81}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 9:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{CDEAE409-B10F-41F0-A048-2CF6A3216EDA}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 943.3 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 21:43:21 ====

  • 0

#42
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

How's your machine doing?


  • 0

#43
micalparkz

micalparkz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts

Hi Brian,

 

I have not seen that pop up again but generally machine is slow. Streaming is slow as usual, gets stuck a lot and not smooth. Internet speed I have checked again and again and is good, 32mbps.


  • 0

#44
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Have you tried using Internet Explorer instead of Chrome to see how the streaming is?

 

Also, please do the following.

 

Internet Speed Check
Would you mind doing this speed test and let me know what is reported?

1. Go to http://www.speedtest.net
2. Wait until the BEGIN TEST button appears and click on it.
    BeginTest.JPG
 
3. When it's finished please let me know the Ping, Download Speed and Upload Speed
    Results.JPG


  • 0

#45
micalparkz

micalparkz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts

Ping 36ms

Download 9.44mbps

Upload 0.66mbps

 

but it varies a lot, download gets to 30mbps too.


  • 0






Similar Topics


Also tagged with one or more of these keywords: chrome, infected, pop-up, processes, slow, streaming, browising

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP